From pauli at openssl.org Mon Jul 1 00:19:39 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 01 Jul 2019 00:19:39 +0000 Subject: [openssl] master update Message-ID: <1561940379.403645.29080.nullmailer@dev.openssl.org> The branch master has been updated via e955edcda6a567369e55ac5e33fb90a2d4ad39b0 (commit) from da93b5cc2bc931b998f33ee432bc1ae2b38fccca (commit) - Log ----------------------------------------------------------------- commit e955edcda6a567369e55ac5e33fb90a2d4ad39b0 Author: Pauli Date: Thu Jun 27 18:45:26 2019 +1000 Add a note in the contributing file about trivial commits. A better explanation of where the "CLA: trivial" line goes and how to add it post hoc. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9265) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 250bbdb..b65463c 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -19,8 +19,16 @@ guidelines: 1. Anything other than a trivial contribution requires a Contributor License Agreement (CLA), giving us permission to use your code. See https://www.openssl.org/policies/cla.html for details. If your - contribution is too small to require a CLA, put "CLA: trivial" on a - line by itself in your commit message body. + contribution is too small to require a CLA (e.g. fixing a spelling + mistake), place the text "CLA: trivial" on a line by itself separated by + an empty line from the rest of the commit message. It is not sufficient to + only place the text in the GitHub pull request description. + + To amend a missing "CLA: trivial" line after submission, do the following: + + git commit --amend + [add the line, save and quit the editor] + git push -f 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the From builds at travis-ci.org Mon Jul 1 00:40:39 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jul 2019 00:40:39 +0000 Subject: Still Failing: openssl/openssl#26157 (master - e955edc) In-Reply-To: Message-ID: <5d195686b013e_43fa0f527ed10333011@33f55925-8c91-4d70-a999-92b388ab3cba.mail> Build Update for openssl/openssl ------------------------------------- Build: #26157 Status: Still Failing Duration: 20 mins and 14 secs Commit: e955edc (master) Author: Pauli Message: Add a note in the contributing file about trivial commits. A better explanation of where the "CLA: trivial" line goes and how to add it post hoc. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9265) View the changeset: https://github.com/openssl/openssl/compare/da93b5cc2bc9...e955edcda6a5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/552542683?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 1 03:02:01 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jul 2019 03:02:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1561950121.430091.17107.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: da93b5cc2b s390x assembly pack: update OPENSSL_s390xcap(3) e382f507fb s390x assembly pack: add support for pcc and kma instructions bc42bd6298 Support SM2 certificate signing 53a11c6da0 Change the DRBG HMAC implementation to lookup allowed digest names 671aaecd36 Change the DRBG HASH implementation to lookup all allowed algorithm names 4cecf7a127 Add a nid 2 algorithm name mapping capability 45c54042d0 Call RAND_DRBG_bytes from inside the FIPS provider f2d20f0bb8 Fix NULL pointer dereference in the ex_data code 57ca171a13 Make the RAND code available from inside the FIPS module 0da1d43a94 Document EVP_CIPHER_up_ref() 70c35fd1f6 Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref 42738cdeaa Add documentation for EVP_CIPHER_fetch Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 293 wallclock secs ( 2.90 usr 0.44 sys + 269.21 cusr 24.62 csys = 297.17 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 1 07:29:47 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jul 2019 07:29:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1561966187.487671.4954.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: da93b5cc2b s390x assembly pack: update OPENSSL_s390xcap(3) e382f507fb s390x assembly pack: add support for pcc and kma instructions bc42bd6298 Support SM2 certificate signing 53a11c6da0 Change the DRBG HMAC implementation to lookup allowed digest names 671aaecd36 Change the DRBG HASH implementation to lookup all allowed algorithm names 4cecf7a127 Add a nid 2 algorithm name mapping capability 45c54042d0 Call RAND_DRBG_bytes from inside the FIPS provider f2d20f0bb8 Fix NULL pointer dereference in the ex_data code 57ca171a13 Make the RAND code available from inside the FIPS module 0da1d43a94 Document EVP_CIPHER_up_ref() 70c35fd1f6 Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref 42738cdeaa Add documentation for EVP_CIPHER_fetch Build log ended with (last 100 lines): providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_absorb': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:156: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:156: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:173: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:199: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:197: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:282: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:275: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:286: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:292: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:295: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:298: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:345: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:350: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:350: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:70: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:362: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:365: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:374: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:378: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:399: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:399: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:404: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:404: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:412: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:413: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:133: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:133: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:138: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:143: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:145: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:146: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:149: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:240: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7081: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Mon Jul 1 07:42:27 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 01 Jul 2019 07:42:27 +0000 Subject: [openssl] master update Message-ID: <1561966947.400170.23190.nullmailer@dev.openssl.org> The branch master has been updated via 3f1679b26101561ae6974e450b0c8876ece152c6 (commit) from e955edcda6a567369e55ac5e33fb90a2d4ad39b0 (commit) - Log ----------------------------------------------------------------- commit 3f1679b26101561ae6974e450b0c8876ece152c6 Author: Pauli Date: Fri Jun 28 00:02:00 2019 +1000 Add OIDs for kmac128, kmac256 and blake2. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9277) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.h | 24 ++++++++++++++++-------- crypto/objects/objects.txt | 16 ++++++++-------- fuzz/oids.txt | 4 ++++ include/openssl/obj_mac.h | 40 ++++++++++++++++++++++------------------ 4 files changed, 50 insertions(+), 34 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 876bab2..5c47d6b 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7775] = { +static const unsigned char so[7813] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1077,7 +1077,11 @@ static const unsigned char so[7775] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C, /* [ 7745] OBJ_hmacWithSHA512_224 */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ 0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7766] OBJ_SM2_with_SM3 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x13, /* [ 7766] OBJ_kmac128 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x14, /* [ 7775] OBJ_kmac256 */ + 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01, /* [ 7784] OBJ_blake2bmac */ + 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02, /* [ 7794] OBJ_blake2smac */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7804] OBJ_SM2_with_SM3 */ }; #define NUM_NID 1207 @@ -2278,15 +2282,15 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, {"GMAC", "gmac", NID_gmac, 5, &so[7761]}, - {"KMAC128", "kmac128", NID_kmac128}, - {"KMAC256", "kmac256", NID_kmac256}, + {"KMAC128", "kmac128", NID_kmac128, 9, &so[7766]}, + {"KMAC256", "kmac256", NID_kmac256, 9, &so[7775]}, {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv}, {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv}, {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv}, - {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac}, - {"BLAKE2SMAC", "blake2smac", NID_blake2smac}, + {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac, 10, &so[7784]}, + {"BLAKE2SMAC", "blake2smac", NID_blake2smac, 10, &so[7794]}, {"SSHKDF", "sshkdf", NID_sshkdf}, - {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7766]}, + {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7804]}, {"SSKDF", "sskdf", NID_sskdf}, {"X963KDF", "x963kdf", NID_x963kdf}, }; @@ -4695,7 +4699,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1073 +#define NUM_OBJ 1077 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5547,6 +5551,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1103, /* OBJ_hmac_sha3_256 2 16 840 1 101 3 4 2 14 */ 1104, /* OBJ_hmac_sha3_384 2 16 840 1 101 3 4 2 15 */ 1105, /* OBJ_hmac_sha3_512 2 16 840 1 101 3 4 2 16 */ + 1196, /* OBJ_kmac128 2 16 840 1 101 3 4 2 19 */ + 1197, /* OBJ_kmac256 2 16 840 1 101 3 4 2 20 */ 802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ 803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ 1106, /* OBJ_dsa_with_SHA384 2 16 840 1 101 3 4 3 3 */ @@ -5664,6 +5670,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ + 1201, /* OBJ_blake2bmac 1 3 6 1 4 1 1722 12 2 1 */ + 1202, /* OBJ_blake2smac 1 3 6 1 4 1 1722 12 2 2 */ 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 5664389..dcdfa90 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -14,12 +14,6 @@ iso 3 : identified-organization # GMAC OID iso 0 9797 3 4 : GMAC : gmac -# There are no OIDs for these yet... - : KMAC128 : kmac128 - : KMAC256 : kmac256 - : BLAKE2BMAC : blake2bmac - : BLAKE2SMAC : blake2smac - # HMAC OIDs identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5 identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1 @@ -709,8 +703,10 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA 1 3 36 3 2 1 : RIPEMD160 : ripemd160 1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA -1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512 : blake2b512 -1 3 6 1 4 1 1722 12 2 2 8 : BLAKE2s256 : blake2s256 +1 3 6 1 4 1 1722 12 2 1 : BLAKE2BMAC : blake2bmac +1 3 6 1 4 1 1722 12 2 2 : BLAKE2SMAC : blake2smac +blake2bmac 16 : BLAKE2b512 : blake2b512 +blake2smac 8 : BLAKE2s256 : blake2s256 !Cname sxnet 1 3 101 1 4 1 : SXNetID : Strong Extranet ID @@ -987,6 +983,10 @@ nist_hashalgs 16 : id-hmacWithSHA3-512 : hmac-sha3-512 # how to handle them... # nist_hashalgs 17 : id-shake128-len : shake128-len # nist_hashalgs 18 : id-shake256-len : shake256-len +nist_hashalgs 19 : KMAC128 : kmac128 +nist_hashalgs 20 : KMAC256 : kmac256 +# nist_hashalgs 21 : KMAC128-XOF : kmac128-xof +# nist_hashalgs 22 : KMAC256-XOF : kmac256-xof # OIDs for dsa-with-sha224 and dsa-with-sha256 !Alias dsa_with_sha2 nistAlgorithms 3 diff --git a/fuzz/oids.txt b/fuzz/oids.txt index bd38a04..f0ff677 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1064,4 +1064,8 @@ OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C" OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D" OBJ_gmac="\x28\xCC\x45\x03\x04" +OBJ_kmac128="\x60\x86\x48\x01\x65\x03\x04\x02\x13" +OBJ_kmac256="\x60\x86\x48\x01\x65\x03\x04\x02\x14" +OBJ_blake2bmac="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x01" +OBJ_blake2smac="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x02" OBJ_SM2_with_SM3="\x2A\x81\x1C\xCF\x55\x01\x83\x75" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 147bad1..3657f43 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -49,22 +49,6 @@ #define NID_gmac 1195 #define OBJ_gmac OBJ_iso,0L,9797L,3L,4L -#define SN_kmac128 "KMAC128" -#define LN_kmac128 "kmac128" -#define NID_kmac128 1196 - -#define SN_kmac256 "KMAC256" -#define LN_kmac256 "kmac256" -#define NID_kmac256 1197 - -#define SN_blake2bmac "BLAKE2BMAC" -#define LN_blake2bmac "blake2bmac" -#define NID_blake2bmac 1201 - -#define SN_blake2smac "BLAKE2SMAC" -#define LN_blake2smac "blake2smac" -#define NID_blake2smac 1202 - #define SN_hmac_md5 "HMAC-MD5" #define LN_hmac_md5 "hmac-md5" #define NID_hmac_md5 780 @@ -2139,15 +2123,25 @@ #define NID_ripemd160WithRSA 119 #define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L +#define SN_blake2bmac "BLAKE2BMAC" +#define LN_blake2bmac "blake2bmac" +#define NID_blake2bmac 1201 +#define OBJ_blake2bmac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L + +#define SN_blake2smac "BLAKE2SMAC" +#define LN_blake2smac "blake2smac" +#define NID_blake2smac 1202 +#define OBJ_blake2smac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L + #define SN_blake2b512 "BLAKE2b512" #define LN_blake2b512 "blake2b512" #define NID_blake2b512 1056 -#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L +#define OBJ_blake2b512 OBJ_blake2bmac,16L #define SN_blake2s256 "BLAKE2s256" #define LN_blake2s256 "blake2s256" #define NID_blake2s256 1057 -#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L +#define OBJ_blake2s256 OBJ_blake2smac,8L #define SN_sxnet "SXNetID" #define LN_sxnet "Strong Extranet ID" @@ -2997,6 +2991,16 @@ #define NID_hmac_sha3_512 1105 #define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L +#define SN_kmac128 "KMAC128" +#define LN_kmac128 "kmac128" +#define NID_kmac128 1196 +#define OBJ_kmac128 OBJ_nist_hashalgs,19L + +#define SN_kmac256 "KMAC256" +#define LN_kmac256 "kmac256" +#define NID_kmac256 1197 +#define OBJ_kmac256 OBJ_nist_hashalgs,20L + #define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L #define SN_dsa_with_SHA224 "dsa_with_SHA224" From builds at travis-ci.org Mon Jul 1 08:01:37 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jul 2019 08:01:37 +0000 Subject: Still Failing: openssl/openssl#26161 (master - 3f1679b) In-Reply-To: Message-ID: <5d19bde179355_43f842a0173c087292@53521f70-845b-4c57-b1ac-7bd42e8acc5b.mail> Build Update for openssl/openssl ------------------------------------- Build: #26161 Status: Still Failing Duration: 18 mins and 28 secs Commit: 3f1679b (master) Author: Pauli Message: Add OIDs for kmac128, kmac256 and blake2. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9277) View the changeset: https://github.com/openssl/openssl/compare/e955edcda6a5...3f1679b26101 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/552640506?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Mon Jul 1 08:11:18 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Mon, 01 Jul 2019 08:11:18 +0000 Subject: [openssl] master update Message-ID: <1561968678.062815.6353.nullmailer@dev.openssl.org> The branch master has been updated via 68756b12f55cb23536d531695619ad4a567916ab (commit) from 3f1679b26101561ae6974e450b0c8876ece152c6 (commit) - Log ----------------------------------------------------------------- commit 68756b12f55cb23536d531695619ad4a567916ab Author: Antoine C?ur Date: Mon Jul 1 02:02:06 2019 +0800 Fix Typos CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9275) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++-- NEWS | 2 +- apps/s_client.c | 2 +- crypto/evp/bio_ok.c | 4 ++-- crypto/store/store_lib.c | 2 +- crypto/ui/ui_openssl.c | 2 +- doc/HOWTO/proxy_certificates.txt | 2 +- doc/man3/CMS_final.pod | 2 +- include/openssl/ec.h | 2 +- include/openssl/store.h | 4 ++-- test/conf_include_test.c | 2 +- test/dhtest.c | 2 +- 12 files changed, 15 insertions(+), 15 deletions(-) diff --git a/CHANGES b/CHANGES index b99241e..4c70b93 100644 --- a/CHANGES +++ b/CHANGES @@ -6985,7 +6985,7 @@ reason texts, thereby removing some of the footprint that may not be interesting if those errors aren't displayed anyway. - NOTE: it's still possible for any application or module to have it's + NOTE: it's still possible for any application or module to have its own set of error texts inserted. The routines are there, just not used by default when no-err is given. [Richard Levitte] @@ -8951,7 +8951,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [5 Dec 2002] *) New function OPENSSL_cleanse(), which is used to cleanse a section of - memory from it's contents. This is done with a counter that will + memory from its contents. This is done with a counter that will place alternating values in each byte. This can be used to solve two issues: 1) the removal of calls to memset() by highly optimizing compilers, and 2) cleansing with other values than 0, since those can diff --git a/NEWS b/NEWS index 6c79bc2..aeb2eb7 100644 --- a/NEWS +++ b/NEWS @@ -605,7 +605,7 @@ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]: - o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. + o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]: diff --git a/apps/s_client.c b/apps/s_client.c index 282d137..6f2d133 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2395,7 +2395,7 @@ int s_client_main(int argc, char **argv) (void)BIO_flush(fbio); /* * The first line is the HTTP response. According to RFC 7230, - * it's formated exactly like this: + * it's formatted exactly like this: * * HTTP/d.d ddd Reason text\r\n */ diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 8fe2cbc..7f99f32 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -38,9 +38,9 @@ of memory. BIO_f_reliable splits data stream into blocks. Each block is prefixed - with it's length and suffixed with it's digest. So you need only + with its length and suffixed with its digest. So you need only several Kbytes of memory to buffer single block before verifying - it's digest. + its digest. BIO_f_reliable goes further and adds several important capabilities: diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index ebe9182..8c55c43 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -228,7 +228,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx) * Functions to generate OSSL_STORE_INFOs, one function for each type we * support having in them as well as a generic constructor. * - * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ static OSSL_STORE_INFO *store_info_new(int type, void *data) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 04d4f6e..2b5e5c1 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -79,7 +79,7 @@ * systems that require something different. * * Note: we do not use SGTTY unless it's defined by the configuration. We - * may eventually opt to remove it's use entirely. + * may eventually opt to remove its use entirely. */ # if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) diff --git a/doc/HOWTO/proxy_certificates.txt b/doc/HOWTO/proxy_certificates.txt index 2936cd6..3c42349 100644 --- a/doc/HOWTO/proxy_certificates.txt +++ b/doc/HOWTO/proxy_certificates.txt @@ -255,7 +255,7 @@ Here is some skeleton code you can fill in: /* * process_rights() is supposed to be a procedure - * that takes a string and it's length, interprets + * that takes a string and its length, interprets * it and sets the bits in the YOUR_RIGHTS pointed * at by the third argument. */ diff --git a/doc/man3/CMS_final.pod b/doc/man3/CMS_final.pod index eab335e..8270d53 100644 --- a/doc/man3/CMS_final.pod +++ b/doc/man3/CMS_final.pod @@ -12,7 +12,7 @@ CMS_final - finalise a CMS_ContentInfo structure =head1 DESCRIPTION -CMS_final() finalises the structure B. It's purpose is to perform any +CMS_final() finalises the structure B. Its purpose is to perform any operations necessary on B (digest computation for example) and set the appropriate fields. The parameter B contains the content to be processed. The B parameter contains a BIO to write content to after diff --git a/include/openssl/ec.h b/include/openssl/ec.h index af559cb..e523d0d 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -142,7 +142,7 @@ const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); */ int EC_METHOD_get_field_type(const EC_METHOD *meth); -/** Sets the generator and it's order/cofactor of a EC_GROUP object. +/** Sets the generator and its order/cofactor of a EC_GROUP object. * \param group EC_GROUP object * \param generator EC_POINT object with the generator. * \param order the order of the group generated by the generator. diff --git a/include/openssl/store.h b/include/openssl/store.h index fa5ed1b..9200fd0 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -85,7 +85,7 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); /* - * Check if an error occured + * Check if an error occurred * Returns 1 if it did, 0 otherwise. */ int OSSL_STORE_error(OSSL_STORE_CTX *ctx); @@ -117,7 +117,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx); * Functions to generate OSSL_STORE_INFOs, one function for each type we * support having in them, as well as a generic constructor. * - * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); diff --git a/test/conf_include_test.c b/test/conf_include_test.c index ba40aa1..16459c4 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -141,7 +141,7 @@ static int test_check_null_numbers(void) } /* - * Verify that a NULL config with a missing envrionment variable returns + * Verify that a NULL config with a missing environment variable returns * a failure code. */ if (!TEST_int_eq(unsetenv("FNORD"), 0) diff --git a/test/dhtest.c b/test/dhtest.c index 1bbf565..7b2edec 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -193,7 +193,7 @@ static int dh_test(void) BN_free(q); BN_free(g); err2: - /* an error occured before priv_key was assigned to dh */ + /* an error occurred before priv_key was assigned to dh */ BN_free(priv_key); err3: success: From matthias.st.pierre at ncp-e.com Mon Jul 1 08:11:48 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Mon, 01 Jul 2019 08:11:48 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1561968708.151769.14404.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 25ccb5896bbf28b74d4d72010948b0ac7d141622 (commit) from f987a4dd8929b4552f2fa19f09fd2d4115709647 (commit) - Log ----------------------------------------------------------------- commit 25ccb5896bbf28b74d4d72010948b0ac7d141622 Author: Antoine C?ur Date: Mon Jul 1 02:02:06 2019 +0800 Fix Typos CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9275) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++-- NEWS | 2 +- apps/s_client.c | 2 +- crypto/evp/bio_ok.c | 4 ++-- crypto/store/store_lib.c | 2 +- crypto/ui/ui_openssl.c | 2 +- doc/HOWTO/proxy_certificates.txt | 2 +- doc/man3/CMS_final.pod | 2 +- include/openssl/ec.h | 2 +- include/openssl/store.h | 4 ++-- test/conf_include_test.c | 2 +- test/dhtest.c | 2 +- util/mkdef.pl | 2 +- 13 files changed, 16 insertions(+), 16 deletions(-) diff --git a/CHANGES b/CHANGES index c5cd38b..09c17f7 100644 --- a/CHANGES +++ b/CHANGES @@ -6884,7 +6884,7 @@ reason texts, thereby removing some of the footprint that may not be interesting if those errors aren't displayed anyway. - NOTE: it's still possible for any application or module to have it's + NOTE: it's still possible for any application or module to have its own set of error texts inserted. The routines are there, just not used by default when no-err is given. [Richard Levitte] @@ -8850,7 +8850,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [5 Dec 2002] *) New function OPENSSL_cleanse(), which is used to cleanse a section of - memory from it's contents. This is done with a counter that will + memory from its contents. This is done with a counter that will place alternating values in each byte. This can be used to solve two issues: 1) the removal of calls to memset() by highly optimizing compilers, and 2) cleansing with other values than 0, since those can diff --git a/NEWS b/NEWS index 8547a2e..f6264bf 100644 --- a/NEWS +++ b/NEWS @@ -605,7 +605,7 @@ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]: - o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. + o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]: diff --git a/apps/s_client.c b/apps/s_client.c index b85339a..26a6789 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2345,7 +2345,7 @@ int s_client_main(int argc, char **argv) (void)BIO_flush(fbio); /* * The first line is the HTTP response. According to RFC 7230, - * it's formated exactly like this: + * it's formatted exactly like this: * * HTTP/d.d ddd Reason text\r\n */ diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index a046221..54d83bd 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -38,9 +38,9 @@ of memory. BIO_f_reliable splits data stream into blocks. Each block is prefixed - with it's length and suffixed with it's digest. So you need only + with its length and suffixed with its digest. So you need only several Kbytes of memory to buffer single block before verifying - it's digest. + its digest. BIO_f_reliable goes further and adds several important capabilities: diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 1c43547..06bc7f7 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -228,7 +228,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx) * Functions to generate OSSL_STORE_INFOs, one function for each type we * support having in them as well as a generic constructor. * - * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ static OSSL_STORE_INFO *store_info_new(int type, void *data) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 5ca418d..0ec9f0d 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -79,7 +79,7 @@ * systems that require something different. * * Note: we do not use SGTTY unless it's defined by the configuration. We - * may eventually opt to remove it's use entirely. + * may eventually opt to remove its use entirely. */ # if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) diff --git a/doc/HOWTO/proxy_certificates.txt b/doc/HOWTO/proxy_certificates.txt index 2936cd6..3c42349 100644 --- a/doc/HOWTO/proxy_certificates.txt +++ b/doc/HOWTO/proxy_certificates.txt @@ -255,7 +255,7 @@ Here is some skeleton code you can fill in: /* * process_rights() is supposed to be a procedure - * that takes a string and it's length, interprets + * that takes a string and its length, interprets * it and sets the bits in the YOUR_RIGHTS pointed * at by the third argument. */ diff --git a/doc/man3/CMS_final.pod b/doc/man3/CMS_final.pod index 264fe7b..e40ee5b 100644 --- a/doc/man3/CMS_final.pod +++ b/doc/man3/CMS_final.pod @@ -12,7 +12,7 @@ CMS_final - finalise a CMS_ContentInfo structure =head1 DESCRIPTION -CMS_final() finalises the structure B. It's purpose is to perform any +CMS_final() finalises the structure B. Its purpose is to perform any operations necessary on B (digest computation for example) and set the appropriate fields. The parameter B contains the content to be processed. The B parameter contains a BIO to write content to after diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 347cfb6..0dec972 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -142,7 +142,7 @@ const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); */ int EC_METHOD_get_field_type(const EC_METHOD *meth); -/** Sets the generator and it's order/cofactor of a EC_GROUP object. +/** Sets the generator and its order/cofactor of a EC_GROUP object. * \param group EC_GROUP object * \param generator EC_POINT object with the generator. * \param order the order of the group generated by the generator. diff --git a/include/openssl/store.h b/include/openssl/store.h index 7b43e8b..cda8c97 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -85,7 +85,7 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); /* - * Check if an error occured + * Check if an error occurred * Returns 1 if it did, 0 otherwise. */ int OSSL_STORE_error(OSSL_STORE_CTX *ctx); @@ -117,7 +117,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx); * Functions to generate OSSL_STORE_INFOs, one function for each type we * support having in them, as well as a generic constructor. * - * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); diff --git a/test/conf_include_test.c b/test/conf_include_test.c index ee02d9b..74c571d 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -141,7 +141,7 @@ static int test_check_null_numbers(void) } /* - * Verify that a NULL config with a missing envrionment variable returns + * Verify that a NULL config with a missing environment variable returns * a failure code. */ if (!TEST_int_eq(unsetenv("FNORD"), 0) diff --git a/test/dhtest.c b/test/dhtest.c index 5b2fd67..84a0468 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -193,7 +193,7 @@ static int dh_test(void) BN_free(q); BN_free(g); err2: - /* an error occured before priv_key was assigned to dh */ + /* an error occurred before priv_key was assigned to dh */ BN_free(priv_key); err3: success: diff --git a/util/mkdef.pl b/util/mkdef.pl index bcbb475..07974b5 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -360,7 +360,7 @@ sub do_defs # params: symbol, alias, platforms, kind # The reason to put this subroutine in a variable is that - # it will otherwise create it's own, unshared, version of + # it will otherwise create its own, unshared, version of # %tag and %variant... my $make_variant = sub { From builds at travis-ci.org Mon Jul 1 08:33:03 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jul 2019 08:33:03 +0000 Subject: Errored: openssl/openssl#26163 (master - 68756b1) In-Reply-To: Message-ID: <5d19c53f5afdc_43fdd99a1ac8c25793b@2002f205-963e-449d-ae32-9012c877b05a.mail> Build Update for openssl/openssl ------------------------------------- Build: #26163 Status: Errored Duration: 21 mins and 7 secs Commit: 68756b1 (master) Author: Antoine C?ur Message: Fix Typos CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9275) View the changeset: https://github.com/openssl/openssl/compare/3f1679b26101...68756b12f55c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/552651822?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Jul 1 09:13:07 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 01 Jul 2019 09:13:07 +0000 Subject: [openssl] master update Message-ID: <1561972387.036177.16383.nullmailer@dev.openssl.org> The branch master has been updated via 08607613d573de9e3e021227506759f4f58debc6 (commit) from 68756b12f55cb23536d531695619ad4a567916ab (commit) - Log ----------------------------------------------------------------- commit 08607613d573de9e3e021227506759f4f58debc6 Author: Matt Caswell Date: Fri Jun 28 14:29:34 2019 +0100 Only cache a method if we actually created one We were attempting to cache a method after we failed to create it which leads to an assertion failure. Fixes #9264 Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9269) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_fetch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index b039cc0..e785474 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -207,7 +207,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, mcmdata.destruct_method = free_method; if ((method = ossl_method_construct(libctx, operation_id, name, properties, 0 /* !force_cache */, - &mcm, &mcmdata)) == NULL) { + &mcm, &mcmdata)) != NULL) { /* * If construction did create a method for us, we know that * there is a correct nameid and methodid, since those have From matt at openssl.org Mon Jul 1 09:28:30 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 01 Jul 2019 09:28:30 +0000 Subject: [openssl] master update Message-ID: <1561973310.534778.24568.nullmailer@dev.openssl.org> The branch master has been updated via 9a131ad7477f85d40ee96853e60d0de86f5f4e09 (commit) via 792cb4ee8d82e4b063f707fc9f4992271ffd65ab (commit) from 08607613d573de9e3e021227506759f4f58debc6 (commit) - Log ----------------------------------------------------------------- commit 9a131ad7477f85d40ee96853e60d0de86f5f4e09 Author: Matt Caswell Date: Fri Jun 28 16:29:42 2019 +0100 Change RC5_32_set_key to return an int type If the key is too long we now return an error. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8834) commit 792cb4ee8d82e4b063f707fc9f4992271ffd65ab Author: Matt Caswell Date: Fri Apr 26 12:11:13 2019 +0100 Ensure that rc5 doesn't try to use a key longer than 2040 bits The maximum key length for rc5 is 2040 bits so we should not attempt to use keys longer than this. Issue found by OSS-Fuzz and Guido Vranken. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8834) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++++ apps/speed.c | 5 ++++- crypto/err/openssl.txt | 2 ++ crypto/evp/e_rc5.c | 9 ++++++--- crypto/evp/evp_err.c | 3 +++ crypto/rc5/rc5_skey.c | 9 +++++++-- doc/man3/EVP_rc5_32_12_16_cbc.pod | 25 ++++++++++++++++++++----- include/openssl/evperr.h | 2 ++ include/openssl/rc5.h | 4 ++-- test/rc5test.c | 7 +++++-- 10 files changed, 57 insertions(+), 15 deletions(-) diff --git a/CHANGES b/CHANGES index 4c70b93..8b70fa3 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,12 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) RC5_32_set_key has been changed to return an int type, with 0 indicating + an error and 1 indicating success. In previous versions of OpenSSL this + was a void type. If a key was set longer than the maximum possible this + would crash. + [Matt Caswell] + *) Support SM2 signing and verification schemes with X509 certificate. [Paul Yang] diff --git a/apps/speed.c b/apps/speed.c index 5f16b13..0f3ca9c 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1985,7 +1985,10 @@ int speed_main(int argc, char **argv) RC2_set_key(&rc2_ks, 16, key16, 128); #endif #ifndef OPENSSL_NO_RC5 - RC5_32_set_key(&rc5_ks, 16, key16, 12); + if (!RC5_32_set_key(&rc5_ks, 16, key16, 12)) { + BIO_printf(bio_err, "Failed setting RC5 key\n"); + goto end; + } #endif #ifndef OPENSSL_NO_BF BF_set_key(&bf_ks, 16, key16); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c463ace..c70cdee 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -889,6 +889,7 @@ EVP_F_PKEY_SET_TYPE:158:pkey_set_type EVP_F_POLY1305_CTRL:216:poly1305_ctrl EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth EVP_F_RC5_CTRL:125:rc5_ctrl +EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl EVP_F_S390X_AES_GCM_TLS_CIPHER:208:s390x_aes_gcm_tls_cipher EVP_F_SCRYPT_ALG:228:scrypt_alg @@ -2385,6 +2386,7 @@ ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR:101:ess signing cert v2 add error EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed EVP_R_BAD_DECRYPT:100:bad decrypt +EVP_R_BAD_KEY_LENGTH:195:bad key length EVP_R_BUFFER_TOO_SMALL:155:buffer too small EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed EVP_R_CIPHER_NOT_GCM_MODE:184:cipher not gcm mode diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index b0234c9..95a626b 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -66,9 +66,12 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), - key, data(ctx)->rounds); - return 1; + if (EVP_CIPHER_CTX_key_length(ctx) > 255) { + EVPerr(EVP_F_R_32_12_16_INIT_KEY, EVP_R_BAD_KEY_LENGTH); + return 0; + } + return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), + key, data(ctx)->rounds); } #endif diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 199fabb..8483465 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -185,6 +185,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_POLY1305_CTRL, 0), "poly1305_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), + "r_32_12_16_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_TLS_CIPHER, 0), "s390x_aes_gcm_tls_cipher"}, @@ -199,6 +201,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), "aria key setup failed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c index 1746406..43dc932 100644 --- a/crypto/rc5/rc5_skey.c +++ b/crypto/rc5/rc5_skey.c @@ -10,12 +10,15 @@ #include #include "rc5_locl.h" -void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds) +int RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds) { RC5_32_INT L[64], l, ll, A, B, *S, k; int i, j, m, c, t, ii, jj; + if (len > 255) + return 0; + if ((rounds != RC5_16_ROUNDS) && (rounds != RC5_12_ROUNDS) && (rounds != RC5_8_ROUNDS)) rounds = RC5_16_ROUNDS; @@ -58,4 +61,6 @@ void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, if (++jj >= c) jj = 0; } + + return 1; } diff --git a/doc/man3/EVP_rc5_32_12_16_cbc.pod b/doc/man3/EVP_rc5_32_12_16_cbc.pod index ee3ef85..0876fab 100644 --- a/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -33,7 +33,26 @@ EVP_rc5_32_12_16_ofb() RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a variable key length cipher with an additional "number of rounds" parameter. By -default the key length is set to 128 bits and 12 rounds. +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using L. The maximum key length is +2040 bits. + +The following rc5 specific Is are supported (see +L). + +=over 4 + +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) + +Sets the number of rounds to B. This must be one of RC5_8_ROUNDS, +RC5_12_ROUNDS or RC5_16_ROUNDS. + +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds) + +Stores the number of rounds currently configured in B<*rounds> where B<*rounds> +is an int. + +=back =back @@ -43,10 +62,6 @@ These functions return an B structure that contains the implementation of the symmetric cipher. See L for details of the B structure. -=head1 BUGS - -Currently the number of rounds in RC5 can only be set to 8, 12 or 16. -This is a limitation of the current RC5 code rather than the EVP interface. =head1 SEE ALSO diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 9810a1e..0e0d5f4 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -151,6 +151,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_POLY1305_CTRL 216 # define EVP_F_RC2_MAGIC_TO_METH 109 # define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 # define EVP_F_S390X_AES_GCM_CTRL 201 # define EVP_F_S390X_AES_GCM_TLS_CIPHER 208 # define EVP_F_SCRYPT_ALG 228 @@ -162,6 +163,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_AES_KEY_SETUP_FAILED 143 # define EVP_R_ARIA_KEY_SETUP_FAILED 176 # define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 # define EVP_R_BUFFER_TOO_SMALL 155 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 # define EVP_R_CIPHER_NOT_GCM_MODE 184 diff --git a/include/openssl/rc5.h b/include/openssl/rc5.h index 80a7d68..97e22f7 100644 --- a/include/openssl/rc5.h +++ b/include/openssl/rc5.h @@ -39,8 +39,8 @@ typedef struct rc5_key_st { RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; } RC5_32_KEY; -void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds); +int RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, RC5_32_KEY *key, int enc); void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); diff --git a/test/rc5test.c b/test/rc5test.c index 16f4071..39a113e 100644 --- a/test/rc5test.c +++ b/test/rc5test.c @@ -181,7 +181,8 @@ static int test_rc5_ecb(int n) RC5_32_KEY key; unsigned char buf[8], buf2[8]; - RC5_32_set_key(&key, 16, &RC5key[n][0], 12); + if (!TEST_true(RC5_32_set_key(&key, 16, &RC5key[n][0], 12))) + return 0; RC5_32_ecb_encrypt(&RC5plain[n][0], buf, &key, RC5_ENCRYPT); if (!TEST_mem_eq(&RC5cipher[n][0], sizeof(RC5cipher[0]), buf, sizeof(buf))) @@ -203,7 +204,9 @@ static int test_rc5_cbc(int n) i = rc5_cbc_rounds[n]; if (i >= 8) { - RC5_32_set_key(&key, rc5_cbc_key[n][0], &rc5_cbc_key[n][1], i); + if (!TEST_true(RC5_32_set_key(&key, rc5_cbc_key[n][0], + &rc5_cbc_key[n][1], i))) + return 0; memcpy(ivb, &rc5_cbc_iv[n][0], 8); RC5_32_cbc_encrypt(&rc5_cbc_plain[n][0], buf, 8, From matt at openssl.org Mon Jul 1 09:28:51 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 01 Jul 2019 09:28:51 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1561973331.859193.25753.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 26675d1cf407fb7ba248c04767eccda56b06263f (commit) from 25ccb5896bbf28b74d4d72010948b0ac7d141622 (commit) - Log ----------------------------------------------------------------- commit 26675d1cf407fb7ba248c04767eccda56b06263f Author: Matt Caswell Date: Fri Apr 26 12:11:13 2019 +0100 Ensure that rc5 doesn't try to use a key longer than 2040 bits The maximum key length for rc5 is 2040 bits so we should not attempt to use keys longer than this. Issue found by OSS-Fuzz and Guido Vranken. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8834) (cherry picked from commit 792cb4ee8d82e4b063f707fc9f4992271ffd65ab) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 2 ++ crypto/evp/e_rc5.c | 4 ++++ crypto/evp/evp_err.c | 3 +++ doc/man3/EVP_rc5_32_12_16_cbc.pod | 25 ++++++++++++++++++++----- include/openssl/evperr.h | 2 ++ 5 files changed, 31 insertions(+), 5 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index bb6b932..655bfb6 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -812,6 +812,7 @@ EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen EVP_F_PKEY_SET_TYPE:158:pkey_set_type EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth EVP_F_RC5_CTRL:125:rc5_ctrl +EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl EVP_F_UPDATE:173:update KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str @@ -2223,6 +2224,7 @@ ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed EVP_R_BAD_DECRYPT:100:bad decrypt +EVP_R_BAD_KEY_LENGTH:195:bad key length EVP_R_BUFFER_TOO_SMALL:155:buffer too small EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index a2f26d8..79b3647 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -66,6 +66,10 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { + if (EVP_CIPHER_CTX_key_length(ctx) > 255) { + EVPerr(EVP_F_R_32_12_16_INIT_KEY, EVP_R_BAD_KEY_LENGTH); + return 0; + } RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key, data(ctx)->rounds); return 1; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 40ed0d9..84bd3c2 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -153,6 +153,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), + "r_32_12_16_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {0, NULL} @@ -164,6 +166,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), "aria key setup failed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, diff --git a/doc/man3/EVP_rc5_32_12_16_cbc.pod b/doc/man3/EVP_rc5_32_12_16_cbc.pod index 442a114..6e411b0 100644 --- a/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -33,7 +33,26 @@ EVP_rc5_32_12_16_ofb() RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a variable key length cipher with an additional "number of rounds" parameter. By -default the key length is set to 128 bits and 12 rounds. +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using L. The maximum key length is +2040 bits. + +The following rc5 specific Is are supported (see +L). + +=over 4 + +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) + +Sets the number of rounds to B. This must be one of RC5_8_ROUNDS, +RC5_12_ROUNDS or RC5_16_ROUNDS. + +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds) + +Stores the number of rounds currently configured in B<*rounds> where B<*rounds> +is an int. + +=back =back @@ -43,10 +62,6 @@ These functions return an B structure that contains the implementation of the symmetric cipher. See L for details of the B structure. -=head1 BUGS - -Currently the number of rounds in RC5 can only be set to 8, 12 or 16. -This is a limitation of the current RC5 code rather than the EVP interface. =head1 SEE ALSO diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 0a5b7e2..3a14fd5 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -118,6 +118,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_RC2_MAGIC_TO_METH 109 # define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 # define EVP_F_S390X_AES_GCM_CTRL 201 # define EVP_F_UPDATE 173 @@ -127,6 +128,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_AES_KEY_SETUP_FAILED 143 # define EVP_R_ARIA_KEY_SETUP_FAILED 176 # define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 # define EVP_R_BUFFER_TOO_SMALL 155 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 # define EVP_R_CIPHER_PARAMETER_ERROR 122 From builds at travis-ci.org Mon Jul 1 09:31:38 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jul 2019 09:31:38 +0000 Subject: Failed: openssl/openssl#26165 (master - 0860761) In-Reply-To: Message-ID: <5d19d2fa111e6_43fdda0b320b42739b4@2002f205-963e-449d-ae32-9012c877b05a.mail> Build Update for openssl/openssl ------------------------------------- Build: #26165 Status: Failed Duration: 17 mins and 57 secs Commit: 0860761 (master) Author: Matt Caswell Message: Only cache a method if we actually created one We were attempting to cache a method after we failed to create it which leads to an assertion failure. Fixes #9264 Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9269) View the changeset: https://github.com/openssl/openssl/compare/68756b12f55c...08607613d573 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/552675109?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Jul 1 09:32:51 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 01 Jul 2019 09:32:51 +0000 Subject: [openssl] master update Message-ID: <1561973571.535607.30017.nullmailer@dev.openssl.org> The branch master has been updated via 19ea6b2b375b15919f9f5f523d1312398315017f (commit) from 9a131ad7477f85d40ee96853e60d0de86f5f4e09 (commit) - Log ----------------------------------------------------------------- commit 19ea6b2b375b15919f9f5f523d1312398315017f Author: Matt Caswell Date: Fri Jun 28 15:06:55 2019 +0100 Fix a leak in evp_test If evp_test fails to load the legacy provider then it leaks a reference to the default provider. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9270) ----------------------------------------------------------------------- Summary of changes: test/evp_test.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/evp_test.c b/test/evp_test.c index 6fc9f03..b70b4ea 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -3096,8 +3096,10 @@ int setup_tests(void) return 0; #ifndef NO_LEGACY_MODULE legacyprov = OSSL_PROVIDER_load(NULL, "legacy"); - if (!TEST_ptr(legacyprov)) + if (!TEST_ptr(legacyprov)) { + OSSL_PROVIDER_unload(defltprov); return 0; + } #endif /* NO_LEGACY_MODULE */ ADD_ALL_TESTS(run_file_tests, n); From builds at travis-ci.org Mon Jul 1 09:49:06 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jul 2019 09:49:06 +0000 Subject: Failed: openssl/openssl#26166 (master - 9a131ad) In-Reply-To: Message-ID: <5d19d712156d_43faf1e67385811262d@39d8b38c-7648-4695-90af-f1ed2c1ba4df.mail> Build Update for openssl/openssl ------------------------------------- Build: #26166 Status: Failed Duration: 20 mins and 3 secs Commit: 9a131ad (master) Author: Matt Caswell Message: Change RC5_32_set_key to return an int type If the key is too long we now return an error. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8834) View the changeset: https://github.com/openssl/openssl/compare/08607613d573...9a131ad7477f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/552681171?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 1 10:12:35 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jul 2019 10:12:35 +0000 Subject: Still Failing: openssl/openssl#26168 (master - 19ea6b2) In-Reply-To: Message-ID: <5d19dc92d3f92_43fced157d3a4740a5@dc9a8e99-e059-4bb8-831a-bfa9adb7afa8.mail> Build Update for openssl/openssl ------------------------------------- Build: #26168 Status: Still Failing Duration: 25 mins and 20 secs Commit: 19ea6b2 (master) Author: Matt Caswell Message: Fix a leak in evp_test If evp_test fails to load the legacy provider then it leaks a reference to the default provider. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9270) View the changeset: https://github.com/openssl/openssl/compare/9a131ad7477f...19ea6b2b375b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/552683081?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 1 13:53:03 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 01 Jul 2019 13:53:03 +0000 Subject: Build failed: openssl master.25602 Message-ID: <20190701135303.1.4A319CCE212FB12A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 1 15:21:32 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 01 Jul 2019 15:21:32 +0000 Subject: Build completed: openssl master.25603 Message-ID: <20190701152132.1.633AAB48AA4D66FC@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 1 15:47:05 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jul 2019 15:47:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1561996025.774248.1293.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: da93b5cc2b s390x assembly pack: update OPENSSL_s390xcap(3) e382f507fb s390x assembly pack: add support for pcc and kma instructions bc42bd6298 Support SM2 certificate signing 53a11c6da0 Change the DRBG HMAC implementation to lookup allowed digest names 671aaecd36 Change the DRBG HASH implementation to lookup all allowed algorithm names 4cecf7a127 Add a nid 2 algorithm name mapping capability 45c54042d0 Call RAND_DRBG_bytes from inside the FIPS provider f2d20f0bb8 Fix NULL pointer dereference in the ex_data code 57ca171a13 Make the RAND code available from inside the FIPS module 0da1d43a94 Document EVP_CIPHER_up_ref() 70c35fd1f6 Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref 42738cdeaa Add documentation for EVP_CIPHER_fetch Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 265 wallclock secs ( 1.76 usr 0.41 sys + 247.11 cusr 21.24 csys = 270.52 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 1 16:42:31 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jul 2019 16:42:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1561999351.674121.26092.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: da93b5cc2b s390x assembly pack: update OPENSSL_s390xcap(3) e382f507fb s390x assembly pack: add support for pcc and kma instructions bc42bd6298 Support SM2 certificate signing 53a11c6da0 Change the DRBG HMAC implementation to lookup allowed digest names 671aaecd36 Change the DRBG HASH implementation to lookup all allowed algorithm names 4cecf7a127 Add a nid 2 algorithm name mapping capability 45c54042d0 Call RAND_DRBG_bytes from inside the FIPS provider f2d20f0bb8 Fix NULL pointer dereference in the ex_data code 57ca171a13 Make the RAND code available from inside the FIPS module 0da1d43a94 Document EVP_CIPHER_up_ref() 70c35fd1f6 Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref 42738cdeaa Add documentation for EVP_CIPHER_fetch Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 273 wallclock secs ( 1.81 usr 0.44 sys + 247.56 cusr 21.97 csys = 271.78 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 1 22:40:17 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 01 Jul 2019 22:40:17 +0000 Subject: Build failed: openssl master.25612 Message-ID: <20190701224017.1.5C0FFB9AD2A4B981@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon Jul 1 22:45:58 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 01 Jul 2019 22:45:58 +0000 Subject: [openssl] master update Message-ID: <1562021158.465993.31217.nullmailer@dev.openssl.org> The branch master has been updated via 6b10d29c1ac7dd4054cdb72e881d3e0213fb7ef0 (commit) from 19ea6b2b375b15919f9f5f523d1312398315017f (commit) - Log ----------------------------------------------------------------- commit 6b10d29c1ac7dd4054cdb72e881d3e0213fb7ef0 Author: Rich Salz Date: Thu Jun 20 17:07:25 2019 -0400 Remove NextStep support Because of that we can remove OPENSSL_UNISTD and some other macros from e_os2.h and opensslconf.h Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9204) ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 +++ Configurations/10-main.conf | 17 ----------------- Configure | 1 - apps/opt.c | 2 +- apps/s_time.c | 2 +- apps/speed.c | 2 +- config | 11 ----------- crypto/rand/rand_egd.c | 2 +- crypto/ui/ui_openssl.c | 6 +----- crypto/uid.c | 4 ++-- e_os.h | 6 +----- include/openssl/e_os2.h | 9 --------- include/openssl/opensslconf.h.in | 3 --- test/ssltest_old.c | 2 +- 14 files changed, 12 insertions(+), 58 deletions(-) diff --git a/CHANGES b/CHANGES index 8b70fa3..f23e9b2 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,9 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Removed NextStep support and the macro OPENSSL_UNISTD + [Rich Salz] + *) RC5_32_set_key has been changed to return an int type, with 0 indicating an error and 1 indicating success. In previous versions of OpenSSL this was a void type. If a key was set longer than the maximum possible this diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 4f5e363..ad85990 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1051,23 +1051,6 @@ my %targets = ( shared_cflag => "-fPIC", }, - "nextstep" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-O -Wall", - unistd => "", - bn_ops => "BN_LLONG", - thread_scheme => "(unknown)", - }, - "nextstep3.3" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-O3 -Wall", - unistd => "", - bn_ops => "BN_LLONG", - thread_scheme => "(unknown)", - }, - #### SCO/Caldera targets. # # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. diff --git a/Configure b/Configure index 6d9451e..987eb74 100755 --- a/Configure +++ b/Configure @@ -3314,7 +3314,6 @@ sub print_table_entry "includes", "cc", "cflags", - "unistd", "ld", "lflags", "loutflag", diff --git a/apps/opt.c b/apps/opt.c index f4a4e12..c2a5878 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -15,7 +15,7 @@ #include "internal/nelem.h" #include #if !defined(OPENSSL_SYS_MSDOS) -# include OPENSSL_UNISTD +# include #endif #include diff --git a/apps/s_time.c b/apps/s_time.c index e436b57..39e3d4b 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -24,7 +24,7 @@ #include #include #if !defined(OPENSSL_SYS_MSDOS) -# include OPENSSL_UNISTD +# include #endif #define SSL_CONNECT_NAME "localhost:4433" diff --git a/apps/speed.c b/apps/speed.c index 0f3ca9c..b0cbdf4 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -29,7 +29,7 @@ #include #include #if !defined(OPENSSL_SYS_MSDOS) -# include OPENSSL_UNISTD +# include #endif #if defined(_WIN32) diff --git a/config b/config index 0755961..755d538 100755 --- a/config +++ b/config @@ -349,17 +349,6 @@ if [ -d /usr/apollo ]; then exit 0 fi -# Now NeXT -ISNEXT=`hostinfo 2>/dev/null` -case "$ISNEXT" in - *'NeXT Mach 3.3'*) - echo "whatever-next-nextstep3.3"; exit 0 - ;; - *NeXT*) - echo "whatever-next-nextstep"; exit 0 - ;; -esac - # At this point we gone through all the one's # we know of: Punt diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index ef55211..bac8d60 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -38,7 +38,7 @@ int RAND_egd_bytes(const char *path, int bytes) # else -# include OPENSSL_UNISTD +# include # include # include # include diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 2b5e5c1..4c1ec55 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -34,11 +34,7 @@ # include # if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) -# ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -# else -# include -# endif +# include /* * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX * system and have sigaction and termios. diff --git a/crypto/uid.c b/crypto/uid.c index 3ae93f6..55e276d 100644 --- a/crypto/uid.c +++ b/crypto/uid.c @@ -19,7 +19,7 @@ int OPENSSL_issetugid(void) #elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) -# include OPENSSL_UNISTD +# include int OPENSSL_issetugid(void) { @@ -28,7 +28,7 @@ int OPENSSL_issetugid(void) #else -# include OPENSSL_UNISTD +# include # include # if defined(__GLIBC__) && defined(__GLIBC_PREREQ) diff --git a/e_os.h b/e_os.h index 95ec0d6..5c887d4 100644 --- a/e_os.h +++ b/e_os.h @@ -257,11 +257,7 @@ extern FILE *_imp___iob; # else /* !defined VMS */ -# ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -# else -# include -# endif +# include # include # ifdef OPENSSL_SYS_WIN32_CYGWIN # include diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 50ce937..250b3e2 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -136,15 +136,6 @@ extern "C" { * That's it for OS-specific stuff *****************************************************************************/ -/* Specials for I/O an exit */ -# ifdef OPENSSL_SYS_MSDOS -# define OPENSSL_UNISTD_IO -# define OPENSSL_DECLARE_EXIT extern void exit(int); -# else -# define OPENSSL_UNISTD_IO OPENSSL_UNISTD -# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ -# endif - /*- * OPENSSL_EXTERN is normally used to declare a symbol with possible extra * attributes to handle its presence in a shared library. diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index ca680bc..0f99079 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -165,9 +165,6 @@ extern "C" { /* Generate 80386 code? */ {- $config{processor} eq "386" ? "# define" : "# undef" -} I386_ONLY -# undef OPENSSL_UNISTD -# define OPENSSL_UNISTD {- $target{unistd} -} - {- $config{export_var_as_fn} ? "# define" : "# undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION /* diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 390ca88..971015c 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -71,7 +71,7 @@ #ifdef OPENSSL_SYS_WINDOWS # include #else -# include OPENSSL_UNISTD +# include #endif static SSL_CTX *s_ctx = NULL; From builds at travis-ci.org Mon Jul 1 23:23:01 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jul 2019 23:23:01 +0000 Subject: Errored: openssl/openssl#26184 (master - 6b10d29) In-Reply-To: Message-ID: <5d1a95d58059c_43f842f0aadc82932a6@53521f70-845b-4c57-b1ac-7bd42e8acc5b.mail> Build Update for openssl/openssl ------------------------------------- Build: #26184 Status: Errored Duration: 36 mins and 23 secs Commit: 6b10d29 (master) Author: Rich Salz Message: Remove NextStep support Because of that we can remove OPENSSL_UNISTD and some other macros from e_os2.h and opensslconf.h Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9204) View the changeset: https://github.com/openssl/openssl/compare/19ea6b2b375b...6b10d29c1ac7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553024181?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 1 23:37:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 01 Jul 2019 23:37:48 +0000 Subject: Build completed: openssl master.25613 Message-ID: <20190701233748.1.450F7A3BD1217B82@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Jul 2 00:01:08 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 02 Jul 2019 00:01:08 +0000 Subject: [openssl] master update Message-ID: <1562025668.683890.20714.nullmailer@dev.openssl.org> The branch master has been updated via 66e2dbc01cb20b267bf132c945f49c303f63d7c4 (commit) via b66a481888e00a36f833308bdcf53408238511d4 (commit) from 6b10d29c1ac7dd4054cdb72e881d3e0213fb7ef0 (commit) - Log ----------------------------------------------------------------- commit 66e2dbc01cb20b267bf132c945f49c303f63d7c4 Author: Rich Salz Date: Mon Jul 1 14:54:53 2019 -0400 Remove global-var/function macros Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9284) commit b66a481888e00a36f833308bdcf53408238511d4 Author: Rich Salz Date: Mon Jul 1 14:41:19 2019 -0400 Remove DES_check_key global Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9284) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++++ crypto/des/set_key.c | 10 +--------- doc/man3/DES_random_key.pod | 7 ++----- include/openssl/des.h | 6 +----- include/openssl/e_os2.h | 23 ----------------------- util/libcrypto.num | 2 -- util/missingcrypto.txt | 1 - util/missingmacro.txt | 1 - util/perl/OpenSSL/ParseC.pm | 13 ------------- 9 files changed, 8 insertions(+), 59 deletions(-) diff --git a/CHANGES b/CHANGES index f23e9b2..accaee5 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,10 @@ *) Removed NextStep support and the macro OPENSSL_UNISTD [Rich Salz] + *) Removed DES_check_key. Also removed OPENSSL_IMPLEMENT_GLOBAL, + OPENSSL_GLOBAL_REF, OPENSSL_DECLARE_GLOBAL. + [Rich Salz] + *) RC5_32_set_key has been changed to return an int type, with 0 indicating an error and 1 indicating success. In previous versions of OpenSSL this was a void type. If a key was set longer than the maximum possible this diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 4726bb2..d42cebd 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -18,9 +18,6 @@ #include #include "des_locl.h" -/* defaults to false */ -OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) - static const unsigned char odd_parity[256] = { 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, @@ -277,12 +274,7 @@ static const DES_LONG des_skb[8][64] = { int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) { - if (DES_check_key) { - return DES_set_key_checked(key, schedule); - } else { - DES_set_key_unchecked(key, schedule); - return 0; - } + return DES_set_key_checked(key, schedule); } /*- diff --git a/doc/man3/DES_random_key.pod b/doc/man3/DES_random_key.pod index a148000..1506923 100644 --- a/doc/man3/DES_random_key.pod +++ b/doc/man3/DES_random_key.pod @@ -119,11 +119,8 @@ and is not a weak or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated. -DES_set_key() works like -DES_set_key_checked() if the I flag is non-zero, -otherwise like DES_set_key_unchecked(). These functions are available -for compatibility; it is recommended to use a function that does not -depend on a global variable. +DES_set_key() works like DES_set_key_checked() and remains for +backward compatibility. DES_set_odd_parity() sets the parity of the passed I to odd. diff --git a/include/openssl/des.h b/include/openssl/des.h index a0f5f3c..f74412b 100644 --- a/include/openssl/des.h +++ b/include/openssl/des.h @@ -63,9 +63,6 @@ typedef struct DES_ks { # define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ -# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) - const char *DES_options(void); void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, @@ -148,8 +145,7 @@ int DES_check_key_parity(const_DES_cblock *key); int DES_is_weak_key(const_DES_cblock *key); /* * DES_set_key (= set_key = DES_key_sched = key_sched) calls - * DES_set_key_checked if global variable DES_check_key is set, - * DES_set_key_unchecked otherwise. + * DES_set_key_unchecked */ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 250b3e2..b1a99f3 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -163,29 +163,6 @@ extern "C" { # define OPENSSL_EXTERN extern # endif -/*- - * Macros to allow global variables to be reached through function calls when - * required (if a shared library version requires it, for example. - * The way it's done allows definitions like this: - * - * // in foobar.c - * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) - * // in foobar.h - * OPENSSL_DECLARE_GLOBAL(int,foobar); - * #define foobar OPENSSL_GLOBAL_REF(foobar) - */ -# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION -# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ - type *_shadow_##name(void) \ - { static type _hide_##name=value; return &_hide_##name; } -# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) -# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) -# else -# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value; -# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name -# define OPENSSL_GLOBAL_REF(name) _shadow_##name -# endif - # ifdef _WIN32 # ifdef _WIN64 # define ossl_ssize_t __int64 diff --git a/util/libcrypto.num b/util/libcrypto.num index 38ca30a..7d77513 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2052,8 +2052,6 @@ ENGINE_unregister_RSA 2033 3_0_0 EXIST::FUNCTION:ENGINE EC_GROUP_order_bits 2034 3_0_0 EXIST::FUNCTION:EC d2i_CMS_bio 2035 3_0_0 EXIST::FUNCTION:CMS OPENSSL_sk_num 2036 3_0_0 EXIST::FUNCTION: -_shadow_DES_check_key 2037 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES -_shadow_DES_check_key 2037 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES CMS_RecipientInfo_set0_pkey 2038 3_0_0 EXIST::FUNCTION:CMS X509_STORE_CTX_set_default 2039 3_0_0 EXIST::FUNCTION: AES_wrap_key 2040 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index a7cc467..a227b10 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -1441,7 +1441,6 @@ ZINT64_it ZLONG_it ZUINT32_it ZUINT64_it -_shadow_DES_check_key a2d_ASN1_OBJECT a2i_ASN1_ENUMERATED a2i_ASN1_INTEGER diff --git a/util/missingmacro.txt b/util/missingmacro.txt index ef429c6..db4ce86 100644 --- a/util/missingmacro.txt +++ b/util/missingmacro.txt @@ -63,7 +63,6 @@ CRYPTO_get_dynlock_destroy_callback OpenSSLDie OPENSSL_assert DSA_is_prime -OPENSSL_GLOBAL_REF ECParameters_dup ENGINE_load_openssl ENGINE_load_dynamic diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm index 59b08e8..8e5b8b2 100644 --- a/util/perl/OpenSSL/ParseC.pm +++ b/util/perl/OpenSSL/ParseC.pm @@ -256,19 +256,6 @@ my @opensslchandlers = ( # an error. ##### - # Global variable stuff - { regexp => qr/OPENSSL_DECLARE_GLOBAL<<<\((.*),\s*(.*)\)>>>;/, - massager => sub { return (<<"EOF"); -#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -OPENSSL_EXPORT $1 _shadow_$2; -#else -$1 *_shadow_$2(void); -#endif -EOF - }, - }, - - ##### # Deprecated stuff, by OpenSSL release. # We trick the parser by pretending that the declaration is wrapped in a From builds at travis-ci.org Tue Jul 2 00:26:02 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 00:26:02 +0000 Subject: Failed: openssl/openssl#26186 (master - 66e2dbc) In-Reply-To: Message-ID: <5d1aa49a5827f_43ffd6c9abf4c2741d0@e033a3b3-bcc0-4d84-8a5c-19b2855794d7.mail> Build Update for openssl/openssl ------------------------------------- Build: #26186 Status: Failed Duration: 24 mins and 17 secs Commit: 66e2dbc (master) Author: Rich Salz Message: Remove global-var/function macros Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9284) View the changeset: https://github.com/openssl/openssl/compare/6b10d29c1ac7...66e2dbc01cb2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553051182?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 2 02:26:01 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jul 2019 02:26:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1562034361.777738.18578.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 19ea6b2b37 Fix a leak in evp_test 9a131ad747 Change RC5_32_set_key to return an int type 792cb4ee8d Ensure that rc5 doesn't try to use a key longer than 2040 bits 08607613d5 Only cache a method if we actually created one 68756b12f5 Fix Typos 3f1679b261 Add OIDs for kmac128, kmac256 and blake2. e955edcda6 Add a note in the contributing file about trivial commits. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 262 wallclock secs ( 2.90 usr 0.38 sys + 248.07 cusr 21.55 csys = 272.90 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 2 06:24:14 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jul 2019 06:24:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1562048654.707491.4315.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 19ea6b2b37 Fix a leak in evp_test 9a131ad747 Change RC5_32_set_key to return an int type 792cb4ee8d Ensure that rc5 doesn't try to use a key longer than 2040 bits 08607613d5 Only cache a method if we actually created one 68756b12f5 Fix Typos 3f1679b261 Add OIDs for kmac128, kmac256 and blake2. e955edcda6 Add a note in the contributing file about trivial commits. Build log ended with (last 100 lines): providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_absorb': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:156: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:156: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:173: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:199: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:197: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:282: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:275: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:286: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:292: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:295: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:298: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:345: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:350: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:350: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:70: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:362: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:365: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:374: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:378: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:399: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:399: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:404: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:404: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:412: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:413: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:133: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:133: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:138: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:143: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:145: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:146: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:149: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:240: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7081: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From matthias.st.pierre at ncp-e.com Tue Jul 2 08:08:06 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 02 Jul 2019 08:08:06 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562054886.457380.25021.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 3003d2dba996d16e47c8bc70a23c70b3d394fb7c (commit) via dfaaf47a1acddc0b2832b3fe2a211444a5e746ae (commit) from 26675d1cf407fb7ba248c04767eccda56b06263f (commit) - Log ----------------------------------------------------------------- commit 3003d2dba996d16e47c8bc70a23c70b3d394fb7c Author: Dr. Matthias St. Pierre Date: Mon Jul 1 17:57:35 2019 +0200 Add regenerated header files Reviewed-by: Richard Levitte Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9281) commit dfaaf47a1acddc0b2832b3fe2a211444a5e746ae Author: Rich Salz Date: Mon Mar 4 15:53:58 2019 -0500 util/mkerr.pl: Add an inclusion of symhacks.h in all error files This does no harm, and ensures that the inclusion isn't mistakenly removed in the generated *err.h where it's actually needed. Reviewed-by: Nicola Tuveri Reviewed-by: Richard Levitte (cherry picked from commit b53c4fe3f92e3d2c5bd9fca1a171cd24f66ef14d) Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9281) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/sm2err.h | 6 +++++- include/internal/dsoerr.h | 4 +++- include/openssl/asn1err.h | 6 +++++- include/openssl/asyncerr.h | 6 +++++- include/openssl/bioerr.h | 6 +++++- include/openssl/bnerr.h | 6 +++++- include/openssl/buffererr.h | 6 +++++- include/openssl/cmserr.h | 6 +++++- include/openssl/comperr.h | 6 +++++- include/openssl/conferr.h | 6 +++++- include/openssl/cryptoerr.h | 9 +++++---- include/openssl/cterr.h | 6 +++++- include/openssl/dherr.h | 6 +++++- include/openssl/dsaerr.h | 6 +++++- include/openssl/ecerr.h | 4 ++++ include/openssl/engineerr.h | 6 +++++- include/openssl/evperr.h | 4 ++++ include/openssl/kdferr.h | 6 +++++- include/openssl/objectserr.h | 6 +++++- include/openssl/ocsperr.h | 6 +++++- include/openssl/pemerr.h | 6 +++++- include/openssl/pkcs12err.h | 6 +++++- include/openssl/pkcs7err.h | 6 +++++- include/openssl/randerr.h | 6 +++++- include/openssl/rsaerr.h | 6 +++++- include/openssl/sslerr.h | 4 ++++ include/openssl/storeerr.h | 6 +++++- include/openssl/tserr.h | 6 +++++- include/openssl/uierr.h | 6 +++++- include/openssl/x509err.h | 6 +++++- include/openssl/x509v3err.h | 6 +++++- util/mkerr.pl | 8 +++++--- 32 files changed, 155 insertions(+), 34 deletions(-) diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h index a4db1b7..09edfab 100644 --- a/crypto/include/internal/sm2err.h +++ b/crypto/include/internal/sm2err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_SM2ERR_H # define HEADER_SM2ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_SM2 diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index 0edf277..5f4511c 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -11,7 +11,9 @@ #ifndef HEADER_DSOERR_H # define HEADER_DSOERR_H -# include +# ifndef HEADER_SYMHACKS_H +# include +# endif # ifdef __cplusplus extern "C" diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index 5a91126..faed5a5 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_ASN1ERR_H # define HEADER_ASN1ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/asyncerr.h b/include/openssl/asyncerr.h index 5497ba7..91afbbb 100644 --- a/include/openssl/asyncerr.h +++ b/include/openssl/asyncerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_ASYNCERR_H # define HEADER_ASYNCERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/bioerr.h b/include/openssl/bioerr.h index f119a59..46e2c96 100644 --- a/include/openssl/bioerr.h +++ b/include/openssl/bioerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_BIOERR_H # define HEADER_BIOERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h index 8a022cc..9f3c7cf 100644 --- a/include/openssl/bnerr.h +++ b/include/openssl/bnerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_BNERR_H # define HEADER_BNERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/buffererr.h b/include/openssl/buffererr.h index 3aee132..04f6ff7 100644 --- a/include/openssl/buffererr.h +++ b/include/openssl/buffererr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_BUFERR_H # define HEADER_BUFERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index f011965..7dbc13d 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_CMSERR_H # define HEADER_CMSERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_CMS diff --git a/include/openssl/comperr.h b/include/openssl/comperr.h index edea63a..90231e9 100644 --- a/include/openssl/comperr.h +++ b/include/openssl/comperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_COMPERR_H # define HEADER_COMPERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_COMP diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h index d1c92f4..32b9229 100644 --- a/include/openssl/conferr.h +++ b/include/openssl/conferr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_CONFERR_H # define HEADER_CONFERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index 10723d0..3db5a4e 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,12 +11,13 @@ #ifndef HEADER_CRYPTOERR_H # define HEADER_CRYPTOERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif - -# include - int ERR_load_CRYPTO_strings(void); /* diff --git a/include/openssl/cterr.h b/include/openssl/cterr.h index 764e1a2..feb7bc5 100644 --- a/include/openssl/cterr.h +++ b/include/openssl/cterr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_CTERR_H # define HEADER_CTERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_CT diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h index 81e73f7..916b3be 100644 --- a/include/openssl/dherr.h +++ b/include/openssl/dherr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_DHERR_H # define HEADER_DHERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_DH diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h index d94f97b..772ee2c 100644 --- a/include/openssl/dsaerr.h +++ b/include/openssl/dsaerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_DSAERR_H # define HEADER_DSAERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_DSA diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index be313d2..f7b9183 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -11,6 +11,10 @@ #ifndef HEADER_ECERR_H # define HEADER_ECERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_EC diff --git a/include/openssl/engineerr.h b/include/openssl/engineerr.h index b4c036b..05e84bd 100644 --- a/include/openssl/engineerr.h +++ b/include/openssl/engineerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_ENGINEERR_H # define HEADER_ENGINEERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_ENGINE diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 3a14fd5..6a651f5 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -11,6 +11,10 @@ #ifndef HEADER_EVPERR_H # define HEADER_EVPERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h index 6437c27..3f51bd0 100644 --- a/include/openssl/kdferr.h +++ b/include/openssl/kdferr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_KDFERR_H # define HEADER_KDFERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/objectserr.h b/include/openssl/objectserr.h index 02308df..02e166f 100644 --- a/include/openssl/objectserr.h +++ b/include/openssl/objectserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_OBJERR_H # define HEADER_OBJERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/ocsperr.h b/include/openssl/ocsperr.h index 7d93b12..8dd9e01 100644 --- a/include/openssl/ocsperr.h +++ b/include/openssl/ocsperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_OCSPERR_H # define HEADER_OCSPERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_OCSP diff --git a/include/openssl/pemerr.h b/include/openssl/pemerr.h index cd61b82..0c45918 100644 --- a/include/openssl/pemerr.h +++ b/include/openssl/pemerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_PEMERR_H # define HEADER_PEMERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/pkcs12err.h b/include/openssl/pkcs12err.h index c7184ff..eff5eb2 100644 --- a/include/openssl/pkcs12err.h +++ b/include/openssl/pkcs12err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_PKCS12ERR_H # define HEADER_PKCS12ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/pkcs7err.h b/include/openssl/pkcs7err.h index 0ba418d..02e0299 100644 --- a/include/openssl/pkcs7err.h +++ b/include/openssl/pkcs7err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_PKCS7ERR_H # define HEADER_PKCS7ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 599a2a1..d9aa9b3 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_RANDERR_H # define HEADER_RANDERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h index d5bc01c..b3cb035 100644 --- a/include/openssl/rsaerr.h +++ b/include/openssl/rsaerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_RSAERR_H # define HEADER_RSAERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index a50a075..3d6850d 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -11,6 +11,10 @@ #ifndef HEADER_SSLERR_H # define HEADER_SSLERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h index 33d0ab7..190eab0 100644 --- a/include/openssl/storeerr.h +++ b/include/openssl/storeerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_OSSL_STOREERR_H # define HEADER_OSSL_STOREERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/tserr.h b/include/openssl/tserr.h index 3e04925..07f2333 100644 --- a/include/openssl/tserr.h +++ b/include/openssl/tserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_TSERR_H # define HEADER_TSERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_TS diff --git a/include/openssl/uierr.h b/include/openssl/uierr.h index 72fd9a9..bd68864 100644 --- a/include/openssl/uierr.h +++ b/include/openssl/uierr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_UIERR_H # define HEADER_UIERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index b1d6a87..7d9622c 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_X509ERR_H # define HEADER_X509ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/include/openssl/x509v3err.h b/include/openssl/x509v3err.h index 6b3df12..5f25442 100644 --- a/include/openssl/x509v3err.h +++ b/include/openssl/x509v3err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_X509V3ERR_H # define HEADER_X509V3ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/util/mkerr.pl b/util/mkerr.pl index 0ea0296..c4a2f8f 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -417,9 +417,7 @@ print STDERR "\n" if $debug; &phase("Writing files"); my $newstate = 0; foreach my $lib ( keys %errorfile ) { - if ( ! $fnew{$lib} && ! $rnew{$lib} ) { - next unless $rebuild; - } + next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild; next if scalar keys %modules > 0 && !$modules{$lib}; next if $nowrite; print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib}; @@ -455,6 +453,10 @@ foreach my $lib ( keys %errorfile ) { #ifndef HEADER_${lib}ERR_H # define HEADER_${lib}ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + EOF if ( $internal ) { # Declare the load function because the generate C file From pauli at openssl.org Tue Jul 2 08:21:54 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 02 Jul 2019 08:21:54 +0000 Subject: [openssl] master update Message-ID: <1562055714.568550.31893.nullmailer@dev.openssl.org> The branch master has been updated via 211da00b79f5ab9df62f69ddff65d493759eae4c (commit) from 66e2dbc01cb20b267bf132c945f49c303f63d7c4 (commit) - Log ----------------------------------------------------------------- commit 211da00b79f5ab9df62f69ddff65d493759eae4c Author: Rich Salz Date: Mon Jul 1 16:24:08 2019 -0400 Remove EXPORT_VAR_AS_FUNC We only export functions, not global, so remove the config option and some of the #ifdef stuff. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9285) ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 + Configurations/10-main.conf | 2 - Configurations/50-win-onecore.conf | 4 +- Configurations/README | 3 - Configure | 2 - include/openssl/asn1.h | 27 +-- include/openssl/asn1t.h | 58 +---- include/openssl/opensslconf.h.in | 2 - util/find-doc-nits | 1 - util/libcrypto.num | 477 +++++++++++++------------------------ util/mkdef.pl | 12 +- util/perl/OpenSSL/Ordinals.pm | 2 - util/perl/OpenSSL/ParseC.pm | 4 - 13 files changed, 179 insertions(+), 417 deletions(-) diff --git a/CHANGES b/CHANGES index accaee5..cc7a964 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,8 @@ *) Removed DES_check_key. Also removed OPENSSL_IMPLEMENT_GLOBAL, OPENSSL_GLOBAL_REF, OPENSSL_DECLARE_GLOBAL. + Also removed "export var as function" capability; we do not export + variables, only functions. [Rich Salz] *) RC5_32_set_key has been changed to return an int type, with 0 indicating diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index ad85990..9b08cf4 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1274,7 +1274,6 @@ my %targets = ( shared_target => "win-shared", # meaningless except it gives Configure a hint thread_scheme => "winthreads", dso_scheme => "win32", - bn_ops => "EXPORT_VAR_AS_FN", perl_platform => 'Windows::MSVC', # additional parameter to build_scheme denotes install-path "flavour" build_scheme => add("VC-common", { separator => undef }), @@ -1426,7 +1425,6 @@ my %targets = ( threads("-D_MT")), lib_cppflags => "-DL_ENDIAN", ex_libs => add("-lws2_32 -lgdi32 -lcrypt32"), - bn_ops => "EXPORT_VAR_AS_FN", thread_scheme => "winthreads", dso_scheme => "win32", shared_target => "mingw-shared", diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf index 2cc3928..42a1ee0 100644 --- a/Configurations/50-win-onecore.conf +++ b/Configurations/50-win-onecore.conf @@ -47,7 +47,7 @@ my %targets = ( inherit_from => [ "VC-noCE-common" ], defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", "OPENSSL_SYS_WIN_CORE"), - bn_ops => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN", + bn_ops => "BN_LLONG RC4_CHAR", lflags => add("/NODEFAULTLIB:kernel32.lib"), ex_libs => "onecore.lib", multilib => "-arm", @@ -56,7 +56,7 @@ my %targets = ( inherit_from => [ "VC-noCE-common" ], defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", "OPENSSL_SYS_WIN_CORE"), - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN", + bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", lflags => add("/NODEFAULTLIB:kernel32.lib"), ex_libs => "onecore.lib", multilib => "-arm64", diff --git a/Configurations/README b/Configurations/README index fa99539..a0618ca 100644 --- a/Configurations/README +++ b/Configurations/README @@ -236,9 +236,6 @@ In each table entry, the following keys are significant: up of 'unsigned char's; RC4_INT RC4 key schedule is made up of 'unsigned int's; - EXPORT_VAR_AS_FN for shared libraries, - export vars as - accessor functions. [1] as part of the target configuration, one can have a key called diff --git a/Configure b/Configure index 987eb74..30f9e61 100755 --- a/Configure +++ b/Configure @@ -1456,7 +1456,6 @@ if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') { # Deal with bn_ops ################################################### $config{bn_ll} =0; -$config{export_var_as_fn} =0; my $def_int="unsigned int"; $config{rc4_int} =$def_int; ($config{b64l},$config{b64},$config{b32})=(0,0,1); @@ -1464,7 +1463,6 @@ $config{rc4_int} =$def_int; my $count = 0; foreach (sort split(/\s+/,$target{bn_ops})) { $count++ if /SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT/; - $config{export_var_as_fn}=1 if $_ eq 'EXPORT_VAR_AS_FN'; $config{bn_ll}=1 if $_ eq 'BN_LLONG'; $config{rc4_int}="unsigned char" if $_ eq 'RC4_CHAR'; ($config{b64l},$config{b64},$config{b32}) diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 3790c6b..3268db1 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -310,23 +310,6 @@ TYPEDEF_D2I2D_OF(void); * */ -# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION - -/* ASN1_ITEM pointer exported type */ -typedef const ASN1_ITEM ASN1_ITEM_EXP; - -/* Macro to obtain ASN1_ITEM pointer from exported type */ -# define ASN1_ITEM_ptr(iptr) (iptr) - -/* Macro to include ASN1_ITEM pointer from base type */ -# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) - -# define ASN1_ITEM_rptr(ref) (&(ref##_it)) - -# define DECLARE_ASN1_ITEM(name) \ - OPENSSL_EXTERN const ASN1_ITEM name##_it; - -# else /* * Platforms that can't easily handle shared global variables are declared as @@ -337,18 +320,16 @@ typedef const ASN1_ITEM ASN1_ITEM_EXP; typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); /* Macro to obtain ASN1_ITEM pointer from exported type */ -# define ASN1_ITEM_ptr(iptr) (iptr()) +# define ASN1_ITEM_ptr(iptr) (iptr()) /* Macro to include ASN1_ITEM pointer from base type */ -# define ASN1_ITEM_ref(iptr) (iptr##_it) +# define ASN1_ITEM_ref(iptr) (iptr##_it) -# define ASN1_ITEM_rptr(ref) (ref##_it()) +# define ASN1_ITEM_rptr(ref) (ref##_it()) -# define DECLARE_ASN1_ITEM(name) \ +# define DECLARE_ASN1_ITEM(name) \ const ASN1_ITEM * name##_it(void); -# endif - /* Parameters used by ASN1_STRING_print_ex() */ /* diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 8158c41..568b347 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -25,44 +25,24 @@ extern "C" { #endif -# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION - -/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ -# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) - -/* Macros for start and end of ASN1_ITEM definition */ - -# define ASN1_ITEM_start(itname) \ - const ASN1_ITEM itname##_it = { - -# define static_ASN1_ITEM_start(itname) \ - static const ASN1_ITEM itname##_it = { - -# define ASN1_ITEM_end(itname) \ - }; - -# else - /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ -# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) /* Macros for start and end of ASN1_ITEM definition */ -# define ASN1_ITEM_start(itname) \ +# define ASN1_ITEM_start(itname) \ const ASN1_ITEM * itname##_it(void) \ { \ static const ASN1_ITEM local_it = { -# define static_ASN1_ITEM_start(itname) \ +# define static_ASN1_ITEM_start(itname) \ static ASN1_ITEM_start(itname) -# define ASN1_ITEM_end(itname) \ +# define ASN1_ITEM_end(itname) \ }; \ return &local_it; \ } -# endif - /* Macros to aid ASN1 template writing */ # define ASN1_ITEM_TEMPLATE(tname) \ @@ -335,13 +315,9 @@ extern "C" { /* Any defined by macros: the field used is in the table itself */ -# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } -# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } -# else -# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } -# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } -# endif +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } + /* Plain simple type */ # define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) /* Embedded simple type */ @@ -421,23 +397,7 @@ extern "C" { # define ASN1_ADB(name) \ static const ASN1_ADB_TABLE name##_adbtbl[] -# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION - -# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ - ;\ - static const ASN1_ADB name##_adb = {\ - flags,\ - offsetof(name, field),\ - adb_cb,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ - none\ - } - -# else - -# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ ;\ static const ASN1_ITEM *name##_adb(void) \ { \ @@ -455,8 +415,6 @@ extern "C" { } \ void dummy_function(void) -# endif - # define ADB_ENTRY(val, template) {val, template} # define ASN1_ADB_TEMPLATE(name) \ diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 0f99079..6c6b4f3 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -165,8 +165,6 @@ extern "C" { /* Generate 80386 code? */ {- $config{processor} eq "386" ? "# define" : "# undef" -} I386_ONLY -{- $config{export_var_as_fn} ? "# define" : "# undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION - /* * The following are cipher-specific, but are part of the public API. */ diff --git a/util/find-doc-nits b/util/find-doc-nits index f6a638c..ecd9f9a 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -266,7 +266,6 @@ sub parsenum() while ( <$IN> ) { next if /^#/; next if /\bNOEXIST\b/; - next if /\bEXPORT_VAR_AS_FUNC\b/; my @fields = split(); die "Malformed line $_" if scalar @fields != 2 && scalar @fields != 4; diff --git a/util/libcrypto.num b/util/libcrypto.num index 7d77513..d003124 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -13,8 +13,7 @@ X509_NAME_get0_der 12 3_0_0 EXIST::FUNCTION: i2d_ESS_ISSUER_SERIAL 13 3_0_0 EXIST::FUNCTION: X509at_get_attr_by_NID 14 3_0_0 EXIST::FUNCTION: X509_PUBKEY_set0_param 15 3_0_0 EXIST::FUNCTION: -PKCS12_it 16 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_it 16 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS12_it 16 3_0_0 EXIST::FUNCTION: i2d_ASN1_OCTET_STRING 17 3_0_0 EXIST::FUNCTION: EC_KEY_set_private_key 18 3_0_0 EXIST::FUNCTION:EC SRP_VBASE_get_by_user 19 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP @@ -40,8 +39,7 @@ PEM_read_bio_PUBKEY 39 3_0_0 EXIST::FUNCTION: X509_NAME_delete_entry 40 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_verify_recover 41 3_0_0 EXIST::FUNCTION: UI_set_method 42 3_0_0 EXIST::FUNCTION: -PKCS7_ISSUER_AND_SERIAL_it 43 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ISSUER_AND_SERIAL_it 43 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_ISSUER_AND_SERIAL_it 43 3_0_0 EXIST::FUNCTION: EC_GROUP_method_of 44 3_0_0 EXIST::FUNCTION:EC RSA_blinding_on 45 3_0_0 EXIST::FUNCTION:RSA X509_get0_signature 47 3_0_0 EXIST::FUNCTION: @@ -181,8 +179,7 @@ OCSP_response_status 182 3_0_0 EXIST::FUNCTION:OCSP i2d_ASN1_PRINTABLESTRING 183 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set_hostflags 184 3_0_0 EXIST::FUNCTION: SCT_get0_log_id 185 3_0_0 EXIST::FUNCTION:CT -ASN1_IA5STRING_it 186 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_IA5STRING_it 186 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_IA5STRING_it 186 3_0_0 EXIST::FUNCTION: PEM_write_bio_ECPrivateKey 187 3_0_0 EXIST::FUNCTION:EC BN_consttime_swap 188 3_0_0 EXIST::FUNCTION: BIO_f_buffer 189 3_0_0 EXIST::FUNCTION: @@ -214,8 +211,7 @@ PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION: b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION:DSA s2i_ASN1_OCTET_STRING 217 3_0_0 EXIST::FUNCTION: -POLICYINFO_it 218 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICYINFO_it 218 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICYINFO_it 218 3_0_0 EXIST::FUNCTION: OBJ_create 219 3_0_0 EXIST::FUNCTION: d2i_NOTICEREF 220 3_0_0 EXIST::FUNCTION: BN_get_rfc2409_prime_768 221 3_0_0 EXIST::FUNCTION: @@ -264,8 +260,7 @@ PKCS7_add1_attrib_digest 265 3_0_0 EXIST::FUNCTION: EC_POINT_get_affine_coordinates_GFp 266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC EVP_seed_ecb 267 3_0_0 EXIST::FUNCTION:SEED BIO_dgram_sctp_wait_for_dry 268 3_0_0 EXIST::FUNCTION:DGRAM,SCTP -ASN1_OCTET_STRING_NDEF_it 269 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_NDEF_it 269 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_OCTET_STRING_NDEF_it 269 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_get_count 270 3_0_0 EXIST::FUNCTION: WHIRLPOOL_Init 271 3_0_0 EXIST::FUNCTION:WHIRLPOOL EVP_OpenInit 272 3_0_0 EXIST::FUNCTION:RSA @@ -340,13 +335,11 @@ BIO_get_host_ip 340 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1 PKCS7_add_certificate 341 3_0_0 EXIST::FUNCTION: TS_REQ_get_ext 342 3_0_0 EXIST::FUNCTION:TS X509_NAME_cmp 343 3_0_0 EXIST::FUNCTION: -DIST_POINT_it 344 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DIST_POINT_it 344 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +DIST_POINT_it 344 3_0_0 EXIST::FUNCTION: PEM_read_X509_CRL 345 3_0_0 EXIST::FUNCTION:STDIO OPENSSL_sk_sort 346 3_0_0 EXIST::FUNCTION: CTLOG_STORE_load_file 347 3_0_0 EXIST::FUNCTION:CT -ASN1_SEQUENCE_it 348 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_SEQUENCE_it 348 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_SEQUENCE_it 348 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_get_tst_info 349 3_0_0 EXIST::FUNCTION:TS RC4 350 3_0_0 EXIST::FUNCTION:RC4 PKCS7_stream 352 3_0_0 EXIST::FUNCTION: @@ -360,8 +353,7 @@ PKCS12_mac_present 359 3_0_0 EXIST::FUNCTION: d2i_PUBKEY_bio 360 3_0_0 EXIST::FUNCTION: BN_asc2bn 361 3_0_0 EXIST::FUNCTION: EVP_desx_cbc 362 3_0_0 EXIST::FUNCTION:DES -SXNETID_it 363 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -SXNETID_it 363 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +SXNETID_it 363 3_0_0 EXIST::FUNCTION: CRYPTO_gcm128_encrypt 364 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_ctrl_str 365 3_0_0 EXIST::FUNCTION: CMS_signed_add1_attr_by_txt 366 3_0_0 EXIST::FUNCTION:CMS @@ -470,8 +462,7 @@ OCSP_RESPID_free 470 3_0_0 EXIST::FUNCTION:OCSP PKCS5_pbe2_set 471 3_0_0 EXIST::FUNCTION: SCT_set_signature_nid 473 3_0_0 EXIST::FUNCTION:CT i2d_RSA_PUBKEY_fp 474 3_0_0 EXIST::FUNCTION:RSA,STDIO -PKCS12_BAGS_it 475 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_BAGS_it 475 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS12_BAGS_it 475 3_0_0 EXIST::FUNCTION: X509_pubkey_digest 476 3_0_0 EXIST::FUNCTION: ENGINE_register_all_RSA 477 3_0_0 EXIST::FUNCTION:ENGINE CRYPTO_THREAD_set_local 478 3_0_0 EXIST::FUNCTION: @@ -489,14 +480,12 @@ X509_STORE_set_trust 489 3_0_0 EXIST::FUNCTION: d2i_POLICYINFO 490 3_0_0 EXIST::FUNCTION: DES_cbc_encrypt 491 3_0_0 EXIST::FUNCTION:DES BN_GF2m_mod_sqr_arr 492 3_0_0 EXIST::FUNCTION:EC2M -ASN1_PRINTABLESTRING_it 493 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_PRINTABLESTRING_it 493 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_PRINTABLESTRING_it 493 3_0_0 EXIST::FUNCTION: BIO_f_cipher 494 3_0_0 EXIST::FUNCTION: UI_destroy_method 495 3_0_0 EXIST::FUNCTION: BN_get_rfc3526_prime_3072 496 3_0_0 EXIST::FUNCTION: X509_INFO_new 497 3_0_0 EXIST::FUNCTION: -OCSP_RESPDATA_it 498 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_RESPDATA_it 498 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_RESPDATA_it 498 3_0_0 EXIST::FUNCTION:OCSP X509_CRL_print 499 3_0_0 EXIST::FUNCTION: WHIRLPOOL_Update 500 3_0_0 EXIST::FUNCTION:WHIRLPOOL DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DSA @@ -542,8 +531,7 @@ ENGINE_unregister_RAND 542 3_0_0 EXIST::FUNCTION:ENGINE PEM_write_bio_RSAPrivateKey 543 3_0_0 EXIST::FUNCTION:RSA CONF_get_number 544 3_0_0 EXIST::FUNCTION: X509_EXTENSION_get_object 545 3_0_0 EXIST::FUNCTION: -X509_EXTENSIONS_it 546 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_EXTENSIONS_it 546 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_EXTENSIONS_it 546 3_0_0 EXIST::FUNCTION: EC_POINT_set_compressed_coordinates_GF2m 547 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC,EC2M RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:RSA d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO @@ -595,11 +583,9 @@ RAND_query_egd_bytes 596 3_0_0 EXIST::FUNCTION:EGD i2d_ASN1_PRINTABLE 597 3_0_0 EXIST::FUNCTION: ENGINE_cmd_is_executable 598 3_0_0 EXIST::FUNCTION:ENGINE BIO_puts 599 3_0_0 EXIST::FUNCTION: -RSAPublicKey_it 601 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -RSAPublicKey_it 601 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA +RSAPublicKey_it 601 3_0_0 EXIST::FUNCTION:RSA ISSUING_DIST_POINT_new 602 3_0_0 EXIST::FUNCTION: -X509_VAL_it 603 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_VAL_it 603 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_VAL_it 603 3_0_0 EXIST::FUNCTION: EVP_DigestVerifyInit 604 3_0_0 EXIST::FUNCTION: i2d_IPAddressChoice 605 3_0_0 EXIST::FUNCTION:RFC3779 EVP_md5 606 3_0_0 EXIST::FUNCTION:MD5 @@ -615,8 +601,7 @@ BN_is_negative 615 3_0_0 EXIST::FUNCTION: EVP_PKEY_get_attr_count 616 3_0_0 EXIST::FUNCTION: X509_REVOKED_get_ext_by_critical 617 3_0_0 EXIST::FUNCTION: X509at_get_attr 618 3_0_0 EXIST::FUNCTION: -X509_PUBKEY_it 619 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_PUBKEY_it 619 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_PUBKEY_it 619 3_0_0 EXIST::FUNCTION: DES_ede3_ofb64_encrypt 620 3_0_0 EXIST::FUNCTION:DES EC_KEY_METHOD_get_compute_key 621 3_0_0 EXIST::FUNCTION:EC RC2_cfb64_encrypt 622 3_0_0 EXIST::FUNCTION:RC2 @@ -634,8 +619,7 @@ OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:OCSP d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DH BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION: -X509_REVOKED_it 638 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_REVOKED_it 638 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_REVOKED_it 638 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_write_lock 639 3_0_0 EXIST::FUNCTION: X509V3_NAME_from_section 640 3_0_0 EXIST::FUNCTION: EC_POINT_set_compressed_coordinates_GFp 641 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC @@ -670,8 +654,7 @@ PKCS5_pbe_set0_algor 670 3_0_0 EXIST::FUNCTION: ENGINE_get_table_flags 671 3_0_0 EXIST::FUNCTION:ENGINE PKCS12_MAC_DATA_new 672 3_0_0 EXIST::FUNCTION: X509_chain_up_ref 673 3_0_0 EXIST::FUNCTION: -OCSP_REQINFO_it 674 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_REQINFO_it 674 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_REQINFO_it 674 3_0_0 EXIST::FUNCTION:OCSP PKCS12_add_localkeyid 675 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get0_type 676 3_0_0 EXIST::FUNCTION: X509_TRUST_set_default 677 3_0_0 EXIST::FUNCTION: @@ -680,8 +663,7 @@ BN_sub 679 3_0_0 EXIST::FUNCTION: ASRange_free 680 3_0_0 EXIST::FUNCTION:RFC3779 EVP_aes_192_cfb8 681 3_0_0 EXIST::FUNCTION: DSO_global_lookup 682 3_0_0 EXIST::FUNCTION: -PKCS7_SIGNER_INFO_it 683 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_SIGNER_INFO_it 683 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_SIGNER_INFO_it 683 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_copy_ctx 684 3_0_0 EXIST::FUNCTION:OCB TS_REQ_get_ext_d2i 685 3_0_0 EXIST::FUNCTION:TS AES_ige_encrypt 686 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 @@ -701,8 +683,7 @@ TS_RESP_CTX_set_signer_key 699 3_0_0 EXIST::FUNCTION:TS i2d_DSAPrivateKey_bio 700 3_0_0 EXIST::FUNCTION:DSA ASN1_item_d2i 702 3_0_0 EXIST::FUNCTION: BIO_int_ctrl 703 3_0_0 EXIST::FUNCTION: -CMS_ReceiptRequest_it 704 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS -CMS_ReceiptRequest_it 704 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS +CMS_ReceiptRequest_it 704 3_0_0 EXIST::FUNCTION:CMS X509_ATTRIBUTE_get0_type 705 3_0_0 EXIST::FUNCTION: EVP_MD_meth_set_copy 706 3_0_0 EXIST::FUNCTION: d2i_ASN1_ENUMERATED 707 3_0_0 EXIST::FUNCTION: @@ -720,8 +701,7 @@ BIO_new_PKCS7 719 3_0_0 EXIST::FUNCTION: UI_get0_user_data 720 3_0_0 EXIST::FUNCTION: TS_RESP_get_token 721 3_0_0 EXIST::FUNCTION:TS OCSP_RESPID_new 722 3_0_0 EXIST::FUNCTION:OCSP -ASN1_SET_ANY_it 723 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_SET_ANY_it 723 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_SET_ANY_it 723 3_0_0 EXIST::FUNCTION: d2i_TS_RESP_bio 724 3_0_0 EXIST::FUNCTION:TS PEM_write_X509_REQ 725 3_0_0 EXIST::FUNCTION:STDIO BIO_snprintf 726 3_0_0 EXIST::FUNCTION: @@ -825,8 +805,7 @@ PKCS7_DIGEST_free 824 3_0_0 EXIST::FUNCTION: OBJ_nid2ln 825 3_0_0 EXIST::FUNCTION: COMP_CTX_new 826 3_0_0 EXIST::FUNCTION:COMP BIO_ADDR_family 827 3_0_0 EXIST::FUNCTION:SOCK -OCSP_RESPONSE_it 828 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_RESPONSE_it 828 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_RESPONSE_it 828 3_0_0 EXIST::FUNCTION:OCSP BIO_ADDRINFO_socktype 829 3_0_0 EXIST::FUNCTION:SOCK d2i_X509_REQ_bio 830 3_0_0 EXIST::FUNCTION: EVP_PBE_cleanup 831 3_0_0 EXIST::FUNCTION: @@ -834,8 +813,7 @@ X509_STORE_CTX_get0_current_crl 832 3_0_0 EXIST::FUNCTION: CMS_get0_SignerInfos 833 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_paramgen 834 3_0_0 EXIST::FUNCTION: PEM_write_PKCS8PrivateKey_nid 835 3_0_0 EXIST::FUNCTION:STDIO -PKCS7_ATTR_VERIFY_it 836 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ATTR_VERIFY_it 836 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_ATTR_VERIFY_it 836 3_0_0 EXIST::FUNCTION: OCSP_response_status_str 837 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_gcm128_new 838 3_0_0 EXIST::FUNCTION: SMIME_read_PKCS7 839 3_0_0 EXIST::FUNCTION: @@ -862,8 +840,7 @@ TXT_DB_insert 860 3_0_0 EXIST::FUNCTION: EC_POINTs_make_affine 861 3_0_0 EXIST::FUNCTION:EC RSA_padding_add_PKCS1_PSS 862 3_0_0 EXIST::FUNCTION:RSA BF_options 863 3_0_0 EXIST::FUNCTION:BF -OCSP_BASICRESP_it 864 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_BASICRESP_it 864 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_BASICRESP_it 864 3_0_0 EXIST::FUNCTION:OCSP X509_VERIFY_PARAM_get0_name 865 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_signer_digest 866 3_0_0 EXIST::FUNCTION:TS X509_VERIFY_PARAM_set1_email 867 3_0_0 EXIST::FUNCTION: @@ -873,8 +850,7 @@ BN_GF2m_mod_sqrt_arr 870 3_0_0 EXIST::FUNCTION:EC2M X509_get0_extensions 871 3_0_0 EXIST::FUNCTION: TS_STATUS_INFO_set_status 872 3_0_0 EXIST::FUNCTION:TS RSA_verify 873 3_0_0 EXIST::FUNCTION:RSA -ASN1_FBOOLEAN_it 874 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_FBOOLEAN_it 874 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_FBOOLEAN_it 874 3_0_0 EXIST::FUNCTION: d2i_ASN1_TIME 875 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_signctx 876 3_0_0 EXIST::FUNCTION: EC_KEY_METHOD_set_compute_key 877 3_0_0 EXIST::FUNCTION:EC @@ -892,8 +868,7 @@ X509_VERIFY_PARAM_set_purpose 889 3_0_0 EXIST::FUNCTION: i2d_TS_MSG_IMPRINT_bio 890 3_0_0 EXIST::FUNCTION:TS X509_EXTENSION_set_object 891 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_get_app_data 892 3_0_0 EXIST::FUNCTION: -CRL_DIST_POINTS_it 893 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -CRL_DIST_POINTS_it 893 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +CRL_DIST_POINTS_it 893 3_0_0 EXIST::FUNCTION: DIRECTORYSTRING_new 894 3_0_0 EXIST::FUNCTION: ERR_load_ASYNC_strings 895 3_0_0 EXIST::FUNCTION: EVP_bf_cfb64 896 3_0_0 EXIST::FUNCTION:BF @@ -934,8 +909,7 @@ X509at_add1_attr_by_NID 931 3_0_0 EXIST::FUNCTION: DHparams_dup 932 3_0_0 EXIST::FUNCTION:DH X509_get_ext 933 3_0_0 EXIST::FUNCTION: X509_issuer_and_serial_hash 934 3_0_0 EXIST::FUNCTION: -ASN1_BMPSTRING_it 935 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_BMPSTRING_it 935 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_BMPSTRING_it 935 3_0_0 EXIST::FUNCTION: PEM_read_EC_PUBKEY 936 3_0_0 EXIST::FUNCTION:EC,STDIO d2i_ASN1_IA5STRING 937 3_0_0 EXIST::FUNCTION: TS_TST_INFO_ext_free 938 3_0_0 EXIST::FUNCTION:TS @@ -950,8 +924,7 @@ i2d_ECPrivateKey 947 3_0_0 EXIST::FUNCTION:EC X509_NAME_ENTRY_create_by_OBJ 948 3_0_0 EXIST::FUNCTION: TS_VERIFY_CTX_cleanup 949 3_0_0 EXIST::FUNCTION:TS ASN1_INTEGER_get 950 3_0_0 EXIST::FUNCTION: -ASN1_PRINTABLE_it 951 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_PRINTABLE_it 951 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_PRINTABLE_it 951 3_0_0 EXIST::FUNCTION: EVP_VerifyFinal 952 3_0_0 EXIST::FUNCTION: TS_ASN1_INTEGER_print_bio 953 3_0_0 EXIST::FUNCTION:TS X509_NAME_ENTRY_set_object 954 3_0_0 EXIST::FUNCTION: @@ -970,10 +943,8 @@ TS_RESP_dup 966 3_0_0 EXIST::FUNCTION:TS ERR_set_error_data 967 3_0_0 EXIST::FUNCTION: BN_RECP_CTX_new 968 3_0_0 EXIST::FUNCTION: DES_options 969 3_0_0 EXIST::FUNCTION:DES -IPAddressChoice_it 970 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressChoice_it 970 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 -ASN1_UNIVERSALSTRING_it 971 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_UNIVERSALSTRING_it 971 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +IPAddressChoice_it 970 3_0_0 EXIST::FUNCTION:RFC3779 +ASN1_UNIVERSALSTRING_it 971 3_0_0 EXIST::FUNCTION: d2i_DSAPublicKey 972 3_0_0 EXIST::FUNCTION:DSA ENGINE_get_name 973 3_0_0 EXIST::FUNCTION:ENGINE CRYPTO_THREAD_read_lock 974 3_0_0 EXIST::FUNCTION: @@ -1001,8 +972,7 @@ a2i_IPADDRESS 996 3_0_0 EXIST::FUNCTION: ERR_peek_error_line_data 997 3_0_0 EXIST::FUNCTION: ERR_unload_strings 998 3_0_0 EXIST::FUNCTION: SEED_cfb128_encrypt 999 3_0_0 EXIST::FUNCTION:SEED -ASN1_BIT_STRING_it 1000 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_BIT_STRING_it 1000 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_BIT_STRING_it 1000 3_0_0 EXIST::FUNCTION: PKCS12_decrypt_skey 1001 3_0_0 EXIST::FUNCTION: ENGINE_register_EC 1002 3_0_0 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_new 1003 3_0_0 EXIST::FUNCTION:OCSP @@ -1015,8 +985,7 @@ ASN1_item_digest 1009 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set_trust 1010 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get_error 1011 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_encrypt 1012 3_0_0 EXIST::FUNCTION: -ASN1_UTCTIME_it 1013 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_UTCTIME_it 1013 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_UTCTIME_it 1013 3_0_0 EXIST::FUNCTION: i2d_DSA_PUBKEY_fp 1014 3_0_0 EXIST::FUNCTION:DSA,STDIO X509at_get_attr_by_OBJ 1015 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_copy_ex 1016 3_0_0 EXIST::FUNCTION: @@ -1031,13 +1000,11 @@ X509_set_subject_name 1025 3_0_0 EXIST::FUNCTION: i2d_PKCS8PrivateKey_nid_bio 1026 3_0_0 EXIST::FUNCTION: ERR_put_error 1027 3_0_0 EXIST::FUNCTION: ERR_add_error_data 1028 3_0_0 EXIST::FUNCTION: -X509_ALGORS_it 1029 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_ALGORS_it 1029 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_ALGORS_it 1029 3_0_0 EXIST::FUNCTION: MD5_Update 1030 3_0_0 EXIST::FUNCTION:MD5 X509_policy_check 1031 3_0_0 EXIST::FUNCTION: X509_CRL_METHOD_new 1032 3_0_0 EXIST::FUNCTION: -ASN1_ANY_it 1033 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_ANY_it 1033 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_ANY_it 1033 3_0_0 EXIST::FUNCTION: d2i_DSA_SIG 1034 3_0_0 EXIST::FUNCTION:DSA DH_free 1035 3_0_0 EXIST::FUNCTION:DH ENGINE_register_all_DSA 1036 3_0_0 EXIST::FUNCTION:ENGINE @@ -1101,8 +1068,7 @@ ERR_load_PEM_strings 1094 3_0_0 EXIST::FUNCTION: ENGINE_unregister_pkey_asn1_meths 1095 3_0_0 EXIST::FUNCTION:ENGINE IPAddressFamily_free 1096 3_0_0 EXIST::FUNCTION:RFC3779 UI_method_get_prompt_constructor 1097 3_0_0 EXIST::FUNCTION: -ASN1_NULL_it 1098 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_NULL_it 1098 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_NULL_it 1098 3_0_0 EXIST::FUNCTION: X509_REQ_get_pubkey 1099 3_0_0 EXIST::FUNCTION: X509_CRL_set1_nextUpdate 1100 3_0_0 EXIST::FUNCTION: EVP_des_ede3_cfb64 1101 3_0_0 EXIST::FUNCTION:DES @@ -1127,8 +1093,7 @@ RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:RSA,STDIO OPENSSL_INIT_set_config_appname 1120 3_0_0 EXIST::FUNCTION:STDIO EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:EC,STDIO BIO_dup_chain 1122 3_0_0 EXIST::FUNCTION: -PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST::FUNCTION: RSA_OAEP_PARAMS_free 1124 3_0_0 EXIST::FUNCTION:RSA ASN1_item_new 1125 3_0_0 EXIST::FUNCTION: CRYPTO_cts128_encrypt 1126 3_0_0 EXIST::FUNCTION: @@ -1137,8 +1102,7 @@ PEM_write 1128 3_0_0 EXIST::FUNCTION:STDIO EVP_CIPHER_meth_get_get_asn1_params 1129 3_0_0 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 1130 3_0_0 EXIST::FUNCTION:OCSP d2i_ASN1_UTF8STRING 1131 3_0_0 EXIST::FUNCTION: -EXTENDED_KEY_USAGE_it 1132 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -EXTENDED_KEY_USAGE_it 1132 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +EXTENDED_KEY_USAGE_it 1132 3_0_0 EXIST::FUNCTION: EVP_CipherInit 1133 3_0_0 EXIST::FUNCTION: PKCS12_add_safe 1134 3_0_0 EXIST::FUNCTION: ENGINE_get_digest 1135 3_0_0 EXIST::FUNCTION:ENGINE @@ -1171,8 +1135,7 @@ ASN1_tag2str 1161 3_0_0 EXIST::FUNCTION: BN_zero_ex 1162 3_0_0 EXIST::FUNCTION: X509_NAME_dup 1163 3_0_0 EXIST::FUNCTION: SCT_LIST_print 1164 3_0_0 EXIST::FUNCTION:CT -NOTICEREF_it 1165 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NOTICEREF_it 1165 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NOTICEREF_it 1165 3_0_0 EXIST::FUNCTION: CMS_add0_crl 1166 3_0_0 EXIST::FUNCTION:CMS d2i_DSAparams 1167 3_0_0 EXIST::FUNCTION:DSA EVP_CIPHER_CTX_set_app_data 1168 3_0_0 EXIST::FUNCTION: @@ -1219,15 +1182,13 @@ ENGINE_register_DSA 1208 3_0_0 EXIST::FUNCTION:ENGINE OPENSSL_LH_node_stats 1209 3_0_0 EXIST::FUNCTION:STDIO X509_policy_tree_free 1210 3_0_0 EXIST::FUNCTION: EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:EC -X509_it 1212 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_it 1212 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_it 1212 3_0_0 EXIST::FUNCTION: d2i_PROXY_POLICY 1213 3_0_0 EXIST::FUNCTION: MDC2_Update 1214 3_0_0 EXIST::FUNCTION:MDC2 EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:EC X509_CRL_free 1216 3_0_0 EXIST::FUNCTION: i2d_PKCS7_SIGN_ENVELOPE 1217 3_0_0 EXIST::FUNCTION: -OCSP_CERTSTATUS_it 1218 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_CERTSTATUS_it 1218 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_CERTSTATUS_it 1218 3_0_0 EXIST::FUNCTION:OCSP BIO_f_reliable 1219 3_0_0 EXIST::FUNCTION: OCSP_resp_count 1220 3_0_0 EXIST::FUNCTION:OCSP i2d_X509_AUX 1221 3_0_0 EXIST::FUNCTION: @@ -1299,8 +1260,7 @@ EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:EC i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:RSA,STDIO CRYPTO_ctr128_encrypt_ctr32 1290 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_move_peername 1291 3_0_0 EXIST::FUNCTION: -OCSP_SINGLERESP_it 1292 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_SINGLERESP_it 1292 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_SINGLERESP_it 1292 3_0_0 EXIST::FUNCTION:OCSP BN_num_bits 1293 3_0_0 EXIST::FUNCTION: X509_CRL_METHOD_free 1294 3_0_0 EXIST::FUNCTION: PEM_read_NETSCAPE_CERT_SEQUENCE 1295 3_0_0 EXIST::FUNCTION:STDIO @@ -1313,11 +1273,9 @@ TS_ACCURACY_free 1301 3_0_0 EXIST::FUNCTION:TS PEM_write_DSA_PUBKEY 1302 3_0_0 EXIST::FUNCTION:DSA,STDIO BN_rshift1 1303 3_0_0 EXIST::FUNCTION: i2d_PKCS7_ENVELOPE 1304 3_0_0 EXIST::FUNCTION: -PBKDF2PARAM_it 1305 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PBKDF2PARAM_it 1305 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PBKDF2PARAM_it 1305 3_0_0 EXIST::FUNCTION: UI_get_result_maxsize 1306 3_0_0 EXIST::FUNCTION: -PBEPARAM_it 1307 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PBEPARAM_it 1307 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PBEPARAM_it 1307 3_0_0 EXIST::FUNCTION: TS_ACCURACY_set_seconds 1308 3_0_0 EXIST::FUNCTION:TS UI_get0_action_string 1309 3_0_0 EXIST::FUNCTION: RC2_decrypt 1310 3_0_0 EXIST::FUNCTION:RC2 @@ -1338,8 +1296,7 @@ SMIME_read_CMS 1324 3_0_0 EXIST::FUNCTION:CMS X509_subject_name_cmp 1325 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_finish 1326 3_0_0 EXIST::FUNCTION:OCB EVP_CIPHER_do_all 1327 3_0_0 EXIST::FUNCTION: -POLICY_MAPPINGS_it 1328 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPINGS_it 1328 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_MAPPINGS_it 1328 3_0_0 EXIST::FUNCTION: SCT_set0_log_id 1329 3_0_0 EXIST::FUNCTION:CT CRYPTO_cfb128_encrypt 1330 3_0_0 EXIST::FUNCTION: RSA_padding_add_PKCS1_type_2 1331 3_0_0 EXIST::FUNCTION:RSA @@ -1386,8 +1343,7 @@ BN_GENCB_set_old 1373 3_0_0 EXIST::FUNCTION: PEM_write_bio_X509 1374 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_free 1375 3_0_0 EXIST::FUNCTION: ENGINE_unregister_DH 1376 3_0_0 EXIST::FUNCTION:ENGINE -PROXY_CERT_INFO_EXTENSION_it 1377 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PROXY_CERT_INFO_EXTENSION_it 1377 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PROXY_CERT_INFO_EXTENSION_it 1377 3_0_0 EXIST::FUNCTION: CT_POLICY_EVAL_CTX_set1_cert 1378 3_0_0 EXIST::FUNCTION:CT X509_NAME_hash 1379 3_0_0 EXIST::FUNCTION: SCT_set_timestamp 1380 3_0_0 EXIST::FUNCTION:CT @@ -1437,11 +1393,9 @@ CRYPTO_nistcts128_encrypt 1425 3_0_0 EXIST::FUNCTION: CONF_modules_finish 1426 3_0_0 EXIST::FUNCTION: BN_value_one 1427 3_0_0 EXIST::FUNCTION: RSA_padding_add_SSLv23 1428 3_0_0 EXIST::FUNCTION:RSA -OCSP_RESPBYTES_it 1429 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_RESPBYTES_it 1429 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_RESPBYTES_it 1429 3_0_0 EXIST::FUNCTION:OCSP EVP_aes_192_wrap 1430 3_0_0 EXIST::FUNCTION: -OCSP_CERTID_it 1431 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_CERTID_it 1431 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_CERTID_it 1431 3_0_0 EXIST::FUNCTION:OCSP ENGINE_get_RSA 1432 3_0_0 EXIST::FUNCTION:ENGINE RAND_get_rand_method 1433 3_0_0 EXIST::FUNCTION: ERR_load_DSA_strings 1434 3_0_0 EXIST::FUNCTION:DSA @@ -1497,8 +1451,7 @@ BIO_accept_ex 1484 3_0_0 EXIST::FUNCTION:SOCK CRYPTO_get_mem_functions 1485 3_0_0 EXIST::FUNCTION: PEM_read_bio 1486 3_0_0 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_critical 1487 3_0_0 EXIST::FUNCTION:OCSP -SXNET_it 1488 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -SXNET_it 1488 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +SXNET_it 1488 3_0_0 EXIST::FUNCTION: BIO_indent 1489 3_0_0 EXIST::FUNCTION: i2d_X509_fp 1490 3_0_0 EXIST::FUNCTION:STDIO d2i_ASN1_TYPE 1491 3_0_0 EXIST::FUNCTION: @@ -1603,8 +1556,7 @@ X509_STORE_set_flags 1590 3_0_0 EXIST::FUNCTION: UI_get0_output_string 1591 3_0_0 EXIST::FUNCTION: ERR_get_error_line_data 1592 3_0_0 EXIST::FUNCTION: CTLOG_get0_name 1593 3_0_0 EXIST::FUNCTION:CT -ASN1_TBOOLEAN_it 1594 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_TBOOLEAN_it 1594 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_TBOOLEAN_it 1594 3_0_0 EXIST::FUNCTION: RC2_set_key 1595 3_0_0 EXIST::FUNCTION:RC2 X509_REVOKED_get_ext_by_NID 1596 3_0_0 EXIST::FUNCTION: RSA_padding_add_none 1597 3_0_0 EXIST::FUNCTION:RSA @@ -1650,8 +1602,7 @@ PKCS7_ENCRYPT_free 1638 3_0_0 EXIST::FUNCTION: i2d_DIST_POINT 1639 3_0_0 EXIST::FUNCTION: EVP_PKEY_paramgen_init 1640 3_0_0 EXIST::FUNCTION: TS_MSG_IMPRINT_dup 1641 3_0_0 EXIST::FUNCTION:TS -CMS_ContentInfo_it 1642 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS -CMS_ContentInfo_it 1642 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS +CMS_ContentInfo_it 1642 3_0_0 EXIST::FUNCTION:CMS OCSP_resp_get0_signature 1643 3_0_0 EXIST::FUNCTION:OCSP X509_STORE_CTX_get1_issuer 1644 3_0_0 EXIST::FUNCTION: EVP_Digest 1645 3_0_0 EXIST::FUNCTION: @@ -1684,8 +1635,7 @@ OCSP_crlID_new 1673 3_0_0 EXIST:!VMS:FUNCTION:OCSP OCSP_crlID2_new 1673 3_0_0 EXIST:VMS:FUNCTION:OCSP PEM_write_PKCS7 1674 3_0_0 EXIST::FUNCTION:STDIO PKCS7_add_signer 1675 3_0_0 EXIST::FUNCTION: -X509_SIG_it 1676 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_SIG_it 1676 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_SIG_it 1676 3_0_0 EXIST::FUNCTION: ASYNC_start_job 1677 3_0_0 EXIST::FUNCTION: TS_TST_INFO_dup 1678 3_0_0 EXIST::FUNCTION:TS EVP_aes_192_ctr 1679 3_0_0 EXIST::FUNCTION: @@ -1707,8 +1657,7 @@ d2i_PKCS12_MAC_DATA 1694 3_0_0 EXIST::FUNCTION: ENGINE_ctrl_cmd 1695 3_0_0 EXIST::FUNCTION:ENGINE PKCS12_SAFEBAG_get_bag_nid 1696 3_0_0 EXIST::FUNCTION: TS_CONF_set_digests 1697 3_0_0 EXIST::FUNCTION:TS -PKCS7_SIGNED_it 1698 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_SIGNED_it 1698 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_SIGNED_it 1698 3_0_0 EXIST::FUNCTION: b2i_PublicKey 1699 3_0_0 EXIST::FUNCTION:DSA X509_PURPOSE_cleanup 1700 3_0_0 EXIST::FUNCTION: ESS_SIGNING_CERT_dup 1701 3_0_0 EXIST::FUNCTION: @@ -1768,8 +1717,7 @@ ASYNC_init_thread 1755 3_0_0 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_OBJ 1756 3_0_0 EXIST::FUNCTION:OCSP X509_reject_clear 1757 3_0_0 EXIST::FUNCTION: DH_security_bits 1758 3_0_0 EXIST::FUNCTION:DH -LONG_it 1759 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_3 -LONG_it 1759 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_3 +LONG_it 1759 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 ASN1_dup 1760 3_0_0 EXIST::FUNCTION: TS_RESP_new 1761 3_0_0 EXIST::FUNCTION:TS i2d_PKCS8PrivateKeyInfo_fp 1762 3_0_0 EXIST::FUNCTION:STDIO @@ -1786,8 +1734,7 @@ ASN1_tag2bit 1772 3_0_0 EXIST::FUNCTION: TS_REQ_add_ext 1773 3_0_0 EXIST::FUNCTION:TS X509_digest 1776 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_cleanup_local 1777 3_0_0 EXIST::FUNCTION: -NETSCAPE_CERT_SEQUENCE_it 1778 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_CERT_SEQUENCE_it 1778 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NETSCAPE_CERT_SEQUENCE_it 1778 3_0_0 EXIST::FUNCTION: EVP_aes_128_wrap 1779 3_0_0 EXIST::FUNCTION: X509V3_conf_free 1780 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_ext_by_NID 1781 3_0_0 EXIST::FUNCTION:TS @@ -1796,8 +1743,7 @@ X509_issuer_name_cmp 1783 3_0_0 EXIST::FUNCTION: CMS_RecipientEncryptedKey_get0_id 1784 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_meth_get_verify_recover 1785 3_0_0 EXIST::FUNCTION: NAME_CONSTRAINTS_check 1786 3_0_0 EXIST::FUNCTION: -X509_CERT_AUX_it 1787 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CERT_AUX_it 1787 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_CERT_AUX_it 1787 3_0_0 EXIST::FUNCTION: X509_get_X509_PUBKEY 1789 3_0_0 EXIST::FUNCTION: TXT_DB_create_index 1790 3_0_0 EXIST::FUNCTION: RAND_set_rand_engine 1791 3_0_0 EXIST::FUNCTION:ENGINE @@ -1834,15 +1780,13 @@ X509V3_EXT_add_list 1821 3_0_0 EXIST::FUNCTION: CMS_compress 1822 3_0_0 EXIST::FUNCTION:CMS X509_get_ext_by_critical 1823 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_clear_fd 1824 3_0_0 EXIST::FUNCTION: -ZLONG_it 1825 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_3 -ZLONG_it 1825 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_3 +ZLONG_it 1825 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 OPENSSL_sk_find_ex 1826 3_0_0 EXIST::FUNCTION: ASN1_ENUMERATED_to_BN 1827 3_0_0 EXIST::FUNCTION: X509_CRL_get_ext_d2i 1828 3_0_0 EXIST::FUNCTION: i2d_AUTHORITY_KEYID 1829 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_time 1830 3_0_0 EXIST::FUNCTION:TS -ASN1_VISIBLESTRING_it 1831 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_VISIBLESTRING_it 1831 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_VISIBLESTRING_it 1831 3_0_0 EXIST::FUNCTION: X509V3_EXT_REQ_add_conf 1832 3_0_0 EXIST::FUNCTION: ASN1_STRING_to_UTF8 1833 3_0_0 EXIST::FUNCTION: EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION: @@ -1856,15 +1800,13 @@ X509_CRL_get_ext_count 1842 3_0_0 EXIST::FUNCTION: PKCS12_add_key 1843 3_0_0 EXIST::FUNCTION: EVP_camellia_128_cfb1 1844 3_0_0 EXIST::FUNCTION:CAMELLIA BIO_find_type 1845 3_0_0 EXIST::FUNCTION: -ISSUING_DIST_POINT_it 1846 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ISSUING_DIST_POINT_it 1846 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ISSUING_DIST_POINT_it 1846 3_0_0 EXIST::FUNCTION: BIO_ctrl_wpending 1847 3_0_0 EXIST::FUNCTION: X509_ALGOR_cmp 1848 3_0_0 EXIST::FUNCTION: i2d_ASN1_bio_stream 1849 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_init_local 1850 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_serial_cb 1851 3_0_0 EXIST::FUNCTION:TS -POLICY_MAPPING_it 1852 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPING_it 1852 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_MAPPING_it 1852 3_0_0 EXIST::FUNCTION: ERR_load_KDF_strings 1853 3_0_0 EXIST::FUNCTION: UI_method_set_reader 1854 3_0_0 EXIST::FUNCTION: BIO_next 1855 3_0_0 EXIST::FUNCTION: @@ -1877,8 +1819,7 @@ PKCS7_digest_from_attributes 1861 3_0_0 EXIST::FUNCTION: EC_GROUP_set_curve_GFp 1862 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC X509_PURPOSE_get0 1863 3_0_0 EXIST::FUNCTION: EVP_PKEY_set1_DSA 1864 3_0_0 EXIST::FUNCTION:DSA -X509_NAME_it 1865 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_NAME_it 1865 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_NAME_it 1865 3_0_0 EXIST::FUNCTION: OBJ_add_object 1866 3_0_0 EXIST::FUNCTION: DSA_generate_key 1867 3_0_0 EXIST::FUNCTION:DSA EVP_DigestUpdate 1868 3_0_0 EXIST::FUNCTION: @@ -1901,8 +1842,7 @@ CMS_add1_crl 1884 3_0_0 EXIST::FUNCTION:CMS d2i_EDIPARTYNAME 1885 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_set0_trusted_stack 1886 3_0_0 EXIST::FUNCTION: BIO_ADDR_service_string 1887 3_0_0 EXIST::FUNCTION:SOCK -ASN1_BOOLEAN_it 1888 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_BOOLEAN_it 1888 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_BOOLEAN_it 1888 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_time_cb 1889 3_0_0 EXIST::FUNCTION:TS IDEA_cbc_encrypt 1890 3_0_0 EXIST::FUNCTION:IDEA BN_CTX_secure_new 1891 3_0_0 EXIST::FUNCTION: @@ -1977,8 +1917,7 @@ ENGINE_get_pkey_asn1_meth 1962 3_0_0 EXIST::FUNCTION:ENGINE SHA256_Update 1963 3_0_0 EXIST::FUNCTION: d2i_PKCS7_ISSUER_AND_SERIAL 1964 3_0_0 EXIST::FUNCTION: PKCS12_unpack_authsafes 1965 3_0_0 EXIST::FUNCTION: -X509_CRL_it 1966 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CRL_it 1966 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_CRL_it 1966 3_0_0 EXIST::FUNCTION: d2i_X509_ALGOR 1967 3_0_0 EXIST::FUNCTION: PKCS12_PBE_keyivgen 1968 3_0_0 EXIST::FUNCTION: BIO_test_flags 1969 3_0_0 EXIST::FUNCTION: @@ -1990,8 +1929,7 @@ i2d_OCSP_REQINFO 1974 3_0_0 EXIST::FUNCTION:OCSP EVP_PKEY_sign 1975 3_0_0 EXIST::FUNCTION: TS_REQ_get_ext_by_critical 1976 3_0_0 EXIST::FUNCTION:TS EC_KEY_key2buf 1977 3_0_0 EXIST::FUNCTION:EC -X509_EXTENSION_it 1978 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_EXTENSION_it 1978 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_EXTENSION_it 1978 3_0_0 EXIST::FUNCTION: i2d_PKCS8_fp 1979 3_0_0 EXIST::FUNCTION:STDIO UTF8_getc 1980 3_0_0 EXIST::FUNCTION: ASN1_IA5STRING_free 1981 3_0_0 EXIST::FUNCTION: @@ -2004,16 +1942,14 @@ EVP_PKEY_get0_DSA 1987 3_0_0 EXIST::FUNCTION:DSA d2i_CMS_ContentInfo 1988 3_0_0 EXIST::FUNCTION:CMS EVP_CIPHER_meth_get_do_cipher 1989 3_0_0 EXIST::FUNCTION: i2d_DSA_PUBKEY 1990 3_0_0 EXIST::FUNCTION:DSA -GENERAL_NAME_it 1991 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_NAME_it 1991 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_NAME_it 1991 3_0_0 EXIST::FUNCTION: EVP_des_ede_ecb 1992 3_0_0 EXIST::FUNCTION:DES i2d_CRL_DIST_POINTS 1993 3_0_0 EXIST::FUNCTION: PEM_write_bio_X509_REQ_NEW 1994 3_0_0 EXIST::FUNCTION: RC5_32_ofb64_encrypt 1995 3_0_0 EXIST::FUNCTION:RC5 i2d_PKCS7 1996 3_0_0 EXIST::FUNCTION: BN_mod_lshift_quick 1997 3_0_0 EXIST::FUNCTION: -DIST_POINT_NAME_it 1998 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DIST_POINT_NAME_it 1998 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +DIST_POINT_NAME_it 1998 3_0_0 EXIST::FUNCTION: PEM_read_PrivateKey 1999 3_0_0 EXIST::FUNCTION:STDIO X509V3_get_d2i 2000 3_0_0 EXIST::FUNCTION: PKCS7_SIGNER_INFO_sign 2001 3_0_0 EXIST::FUNCTION: @@ -2058,12 +1994,10 @@ AES_wrap_key 2040 3_0_0 EXIST::FUNCTION: EVP_md_null 2041 3_0_0 EXIST::FUNCTION: i2d_SCT_LIST 2042 3_0_0 EXIST::FUNCTION:CT PKCS7_get_issuer_and_serial 2043 3_0_0 EXIST::FUNCTION: -PKCS7_SIGN_ENVELOPE_it 2044 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_SIGN_ENVELOPE_it 2044 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_SIGN_ENVELOPE_it 2044 3_0_0 EXIST::FUNCTION: ASN1_d2i_fp 2045 3_0_0 EXIST::FUNCTION:STDIO EVP_DecryptFinal 2046 3_0_0 EXIST::FUNCTION: -ASN1_ENUMERATED_it 2047 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_ENUMERATED_it 2047 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_ENUMERATED_it 2047 3_0_0 EXIST::FUNCTION: o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:EC ERR_load_BUF_strings 2049 3_0_0 EXIST::FUNCTION: PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:RSA @@ -2126,8 +2060,7 @@ i2d_TS_REQ 2106 3_0_0 EXIST::FUNCTION:TS OCSP_ONEREQ_add1_ext_i2d 2107 3_0_0 EXIST::FUNCTION:OCSP ENGINE_register_pkey_meths 2108 3_0_0 EXIST::FUNCTION:ENGINE ENGINE_load_public_key 2109 3_0_0 EXIST::FUNCTION:ENGINE -ASIdOrRange_it 2110 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASIdOrRange_it 2110 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +ASIdOrRange_it 2110 3_0_0 EXIST::FUNCTION:RFC3779 DHparams_print_fp 2111 3_0_0 EXIST::FUNCTION:DH,STDIO ERR_load_CRYPTO_strings 2112 3_0_0 EXIST:!VMS:FUNCTION: ERR_load_CRYPTOlib_strings 2112 3_0_0 EXIST:VMS:FUNCTION: @@ -2149,8 +2082,7 @@ EVP_mdc2 2127 3_0_0 EXIST::FUNCTION:MDC2 EVP_des_cfb64 2128 3_0_0 EXIST::FUNCTION:DES PKCS7_sign 2129 3_0_0 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_critical 2130 3_0_0 EXIST::FUNCTION:OCSP -EDIPARTYNAME_it 2131 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -EDIPARTYNAME_it 2131 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +EDIPARTYNAME_it 2131 3_0_0 EXIST::FUNCTION: ERR_print_errors_fp 2132 3_0_0 EXIST::FUNCTION:STDIO BN_GF2m_mod_div_arr 2133 3_0_0 EXIST::FUNCTION:EC2M PKCS12_SAFEBAG_get0_attr 2134 3_0_0 EXIST::FUNCTION: @@ -2166,12 +2098,10 @@ SEED_cbc_encrypt 2143 3_0_0 EXIST::FUNCTION:SEED EVP_rc2_40_cbc 2144 3_0_0 EXIST::FUNCTION:RC2 ECDSA_SIG_new 2145 3_0_0 EXIST::FUNCTION:EC i2d_PKCS8PrivateKey_nid_fp 2146 3_0_0 EXIST::FUNCTION:STDIO -X509_NAME_ENTRY_it 2147 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_NAME_ENTRY_it 2147 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_NAME_ENTRY_it 2147 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_compare_id 2148 3_0_0 EXIST::FUNCTION: d2i_IPAddressChoice 2149 3_0_0 EXIST::FUNCTION:RFC3779 -IPAddressFamily_it 2150 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressFamily_it 2150 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +IPAddressFamily_it 2150 3_0_0 EXIST::FUNCTION:RFC3779 ERR_load_OCSP_strings 2151 3_0_0 EXIST::FUNCTION:OCSP BIO_push 2152 3_0_0 EXIST::FUNCTION: ASN1_BMPSTRING_new 2153 3_0_0 EXIST::FUNCTION: @@ -2187,10 +2117,8 @@ OPENSSL_sk_set 2162 3_0_0 EXIST::FUNCTION: OCSP_request_sign 2163 3_0_0 EXIST::FUNCTION:OCSP BN_GF2m_mod_solve_quad 2164 3_0_0 EXIST::FUNCTION:EC2M EC_POINT_method_of 2165 3_0_0 EXIST::FUNCTION:EC -PKCS7_ENCRYPT_it 2166 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ENCRYPT_it 2166 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -AUTHORITY_INFO_ACCESS_it 2167 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -AUTHORITY_INFO_ACCESS_it 2167 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_ENCRYPT_it 2166 3_0_0 EXIST::FUNCTION: +AUTHORITY_INFO_ACCESS_it 2167 3_0_0 EXIST::FUNCTION: X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION: i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION: @@ -2204,8 +2132,7 @@ OCSP_ONEREQ_get_ext 2177 3_0_0 EXIST::FUNCTION:OCSP BN_get_rfc3526_prime_4096 2179 3_0_0 EXIST::FUNCTION: d2i_PKCS7_fp 2180 3_0_0 EXIST::FUNCTION:STDIO PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 3_0_0 EXIST::FUNCTION: -PKCS12_AUTHSAFES_it 2182 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_AUTHSAFES_it 2182 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS12_AUTHSAFES_it 2182 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_free 2183 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_kari_orig_id_cmp 2184 3_0_0 EXIST::FUNCTION:CMS NETSCAPE_SPKI_b64_encode 2185 3_0_0 EXIST::FUNCTION: @@ -2267,8 +2194,7 @@ SRP_VBASE_init 2241 3_0_0 EXIST::FUNCTION:SRP SHA224_Final 2242 3_0_0 EXIST::FUNCTION: OCSP_CERTSTATUS_free 2243 3_0_0 EXIST::FUNCTION:OCSP d2i_TS_TST_INFO 2244 3_0_0 EXIST::FUNCTION:TS -IPAddressOrRange_it 2245 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressOrRange_it 2245 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +IPAddressOrRange_it 2245 3_0_0 EXIST::FUNCTION:RFC3779 ENGINE_get_cipher 2246 3_0_0 EXIST::FUNCTION:ENGINE TS_TST_INFO_delete_ext 2247 3_0_0 EXIST::FUNCTION:TS TS_OBJ_print_bio 2248 3_0_0 EXIST::FUNCTION:TS @@ -2278,8 +2204,7 @@ ERR_load_X509_strings 2251 3_0_0 EXIST::FUNCTION: SHA1_Transform 2252 3_0_0 EXIST::FUNCTION: CMS_signed_get_attr_by_NID 2253 3_0_0 EXIST::FUNCTION:CMS X509_STORE_CTX_get_by_subject 2254 3_0_0 EXIST::FUNCTION: -ASN1_OCTET_STRING_it 2255 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_it 2255 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_OCTET_STRING_it 2255 3_0_0 EXIST::FUNCTION: OPENSSL_sk_set_cmp_func 2256 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_table_cleanup 2257 3_0_0 EXIST::FUNCTION: i2d_re_X509_REQ_tbs 2258 3_0_0 EXIST::FUNCTION: @@ -2293,8 +2218,7 @@ ERR_get_state 2265 3_0_0 EXIST::FUNCTION: d2i_DSAPrivateKey_bio 2266 3_0_0 EXIST::FUNCTION:DSA X509_PURPOSE_get_trust 2267 3_0_0 EXIST::FUNCTION: EC_GROUP_get_point_conversion_form 2268 3_0_0 EXIST::FUNCTION:EC -ASN1_OBJECT_it 2269 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OBJECT_it 2269 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_OBJECT_it 2269 3_0_0 EXIST::FUNCTION: BN_mod_add_quick 2270 3_0_0 EXIST::FUNCTION: NCONF_free 2271 3_0_0 EXIST::FUNCTION: NETSCAPE_SPKI_b64_decode 2272 3_0_0 EXIST::FUNCTION: @@ -2387,8 +2311,7 @@ EVP_PKEY_up_ref 2359 3_0_0 EXIST::FUNCTION: X509_getm_notBefore 2360 3_0_0 EXIST::FUNCTION: BN_nist_mod_224 2361 3_0_0 EXIST::FUNCTION: DES_decrypt3 2362 3_0_0 EXIST::FUNCTION:DES -OTHERNAME_it 2363 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OTHERNAME_it 2363 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +OTHERNAME_it 2363 3_0_0 EXIST::FUNCTION: X509at_add1_attr_by_txt 2364 3_0_0 EXIST::FUNCTION: PKCS7_SIGN_ENVELOPE_free 2365 3_0_0 EXIST::FUNCTION: BIO_dgram_is_sctp 2366 3_0_0 EXIST::FUNCTION:DGRAM,SCTP @@ -2402,8 +2325,7 @@ DES_encrypt3 2373 3_0_0 EXIST::FUNCTION:DES PKCS7_get_signer_info 2374 3_0_0 EXIST::FUNCTION: ASN1_OCTET_STRING_set 2375 3_0_0 EXIST::FUNCTION: BN_mask_bits 2376 3_0_0 EXIST::FUNCTION: -ASN1_UTF8STRING_it 2377 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_UTF8STRING_it 2377 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_UTF8STRING_it 2377 3_0_0 EXIST::FUNCTION: ASN1_SCTX_set_app_data 2378 3_0_0 EXIST::FUNCTION: CMS_add0_cert 2379 3_0_0 EXIST::FUNCTION:CMS i2d_GENERAL_NAME 2380 3_0_0 EXIST::FUNCTION: @@ -2449,8 +2371,7 @@ i2d_OCSP_CERTSTATUS 2421 3_0_0 EXIST::FUNCTION:OCSP X509_REVOKED_get0_revocationDate 2422 3_0_0 EXIST::FUNCTION: PKCS7_add_crl 2423 3_0_0 EXIST::FUNCTION: ECDSA_do_sign 2424 3_0_0 EXIST::FUNCTION:EC -ASN1_GENERALIZEDTIME_it 2425 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_GENERALIZEDTIME_it 2425 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_GENERALIZEDTIME_it 2425 3_0_0 EXIST::FUNCTION: PKCS8_pkey_get0 2426 3_0_0 EXIST::FUNCTION: OCSP_sendreq_new 2427 3_0_0 EXIST::FUNCTION:OCSP EVP_aes_256_cfb128 2428 3_0_0 EXIST::FUNCTION: @@ -2470,8 +2391,7 @@ BN_hex2bn 2441 3_0_0 EXIST::FUNCTION: EVP_CIPHER_meth_set_impl_ctx_size 2442 3_0_0 EXIST::FUNCTION: ASIdentifiers_new 2443 3_0_0 EXIST::FUNCTION:RFC3779 CONF_imodule_get_flags 2444 3_0_0 EXIST::FUNCTION: -PKCS12_SAFEBAG_it 2445 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_SAFEBAG_it 2445 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS12_SAFEBAG_it 2445 3_0_0 EXIST::FUNCTION: EVP_CIPHER_meth_set_set_asn1_params 2446 3_0_0 EXIST::FUNCTION: EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:EC X509_OBJECT_idx_by_subject 2448 3_0_0 EXIST::FUNCTION: @@ -2481,8 +2401,7 @@ CRYPTO_ocb128_decrypt 2451 3_0_0 EXIST::FUNCTION:OCB ASYNC_WAIT_CTX_free 2452 3_0_0 EXIST::FUNCTION: d2i_PKCS7_DIGEST 2453 3_0_0 EXIST::FUNCTION: d2i_TS_TST_INFO_bio 2454 3_0_0 EXIST::FUNCTION:TS -BIGNUM_it 2455 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -BIGNUM_it 2455 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +BIGNUM_it 2455 3_0_0 EXIST::FUNCTION: BN_BLINDING_get_flags 2456 3_0_0 EXIST::FUNCTION: X509_EXTENSION_get_critical 2457 3_0_0 EXIST::FUNCTION: DSA_set_default_method 2458 3_0_0 EXIST::FUNCTION:DSA @@ -2498,8 +2417,7 @@ X509_signature_print 2467 3_0_0 EXIST::FUNCTION: EVP_camellia_128_ecb 2468 3_0_0 EXIST::FUNCTION:CAMELLIA MD2_Final 2469 3_0_0 EXIST::FUNCTION:MD2 OCSP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:OCSP -NETSCAPE_SPKAC_it 2471 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_SPKAC_it 2471 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NETSCAPE_SPKAC_it 2471 3_0_0 EXIST::FUNCTION: ASIdOrRange_free 2472 3_0_0 EXIST::FUNCTION:RFC3779 EC_POINT_get_Jprojective_coordinates_GFp 2473 3_0_0 EXIST::FUNCTION:EC EVP_aes_128_cbc_hmac_sha256 2474 3_0_0 EXIST::FUNCTION: @@ -2508,8 +2426,7 @@ TS_VERIFY_CTX_set_data 2476 3_0_0 EXIST::FUNCTION:TS BN_pseudo_rand_range 2477 3_0_0 EXIST::FUNCTION: X509V3_EXT_add_nconf 2478 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2479 3_0_0 EXIST::FUNCTION: -ASN1_T61STRING_it 2480 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_T61STRING_it 2480 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_T61STRING_it 2480 3_0_0 EXIST::FUNCTION: ENGINE_get_prev 2481 3_0_0 EXIST::FUNCTION:ENGINE OCSP_accept_responses_new 2482 3_0_0 EXIST::FUNCTION:OCSP ERR_load_EC_strings 2483 3_0_0 EXIST::FUNCTION:EC @@ -2605,8 +2522,7 @@ ASN1_item_ex_d2i 2575 3_0_0 EXIST::FUNCTION: EVP_MD_meth_free 2576 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_new 2577 3_0_0 EXIST::FUNCTION: RSA_padding_check_PKCS1_OAEP 2578 3_0_0 EXIST::FUNCTION:RSA -OCSP_SERVICELOC_it 2579 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_SERVICELOC_it 2579 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_SERVICELOC_it 2579 3_0_0 EXIST::FUNCTION:OCSP PKCS12_SAFEBAG_get_nid 2580 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_set_update_fn 2581 3_0_0 EXIST::FUNCTION: BIO_f_asn1 2582 3_0_0 EXIST::FUNCTION: @@ -2633,21 +2549,18 @@ DH_set_method 2602 3_0_0 EXIST::FUNCTION:DH EVP_rc2_64_cbc 2603 3_0_0 EXIST::FUNCTION:RC2 CRYPTO_THREAD_get_current_id 2604 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_cb 2605 3_0_0 EXIST::FUNCTION: -PROXY_POLICY_it 2606 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PROXY_POLICY_it 2606 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PROXY_POLICY_it 2606 3_0_0 EXIST::FUNCTION: ENGINE_register_complete 2607 3_0_0 EXIST::FUNCTION:ENGINE EVP_DecodeUpdate 2609 3_0_0 EXIST::FUNCTION: ENGINE_get_default_RAND 2610 3_0_0 EXIST::FUNCTION:ENGINE ERR_peek_last_error_line 2611 3_0_0 EXIST::FUNCTION: ENGINE_get_ssl_client_cert_function 2612 3_0_0 EXIST::FUNCTION:ENGINE OPENSSL_LH_node_usage_stats 2613 3_0_0 EXIST::FUNCTION:STDIO -DIRECTORYSTRING_it 2614 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DIRECTORYSTRING_it 2614 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +DIRECTORYSTRING_it 2614 3_0_0 EXIST::FUNCTION: BIO_write 2615 3_0_0 EXIST::FUNCTION: OCSP_ONEREQ_get_ext_by_OBJ 2616 3_0_0 EXIST::FUNCTION:OCSP SEED_encrypt 2617 3_0_0 EXIST::FUNCTION:SEED -IPAddressRange_it 2618 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressRange_it 2618 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +IPAddressRange_it 2618 3_0_0 EXIST::FUNCTION:RFC3779 PEM_read_bio_DSAPrivateKey 2619 3_0_0 EXIST::FUNCTION:DSA CMS_get0_type 2620 3_0_0 EXIST::FUNCTION:CMS ASN1_PCTX_free 2621 3_0_0 EXIST::FUNCTION: @@ -2661,10 +2574,8 @@ OBJ_add_sigid 2628 3_0_0 EXIST::FUNCTION: d2i_SXNETID 2629 3_0_0 EXIST::FUNCTION: CMS_get1_certs 2630 3_0_0 EXIST::FUNCTION:CMS X509_CRL_check_suiteb 2631 3_0_0 EXIST::FUNCTION: -PKCS7_ENVELOPE_it 2632 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ENVELOPE_it 2632 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASIdentifierChoice_it 2633 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASIdentifierChoice_it 2633 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +PKCS7_ENVELOPE_it 2632 3_0_0 EXIST::FUNCTION: +ASIdentifierChoice_it 2633 3_0_0 EXIST::FUNCTION:RFC3779 CMS_RecipientEncryptedKey_cert_cmp 2634 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_CTX_get_app_data 2635 3_0_0 EXIST::FUNCTION: EC_GROUP_clear_free 2636 3_0_0 EXIST::FUNCTION:EC @@ -2677,8 +2588,7 @@ EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION: EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4 RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION: -GENERAL_NAMES_it 2647 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_NAMES_it 2647 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION: X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_nonce 2649 3_0_0 EXIST::FUNCTION:TS MD4_Init 2650 3_0_0 EXIST::FUNCTION:MD4 @@ -2711,15 +2621,13 @@ i2d_EXTENDED_KEY_USAGE 2677 3_0_0 EXIST::FUNCTION: PEM_write_bio_DSAparams 2678 3_0_0 EXIST::FUNCTION:DSA X509_cmp_time 2679 3_0_0 EXIST::FUNCTION: d2i_CMS_ReceiptRequest 2680 3_0_0 EXIST::FUNCTION:CMS -X509_CRL_INFO_it 2681 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CRL_INFO_it 2681 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_CRL_INFO_it 2681 3_0_0 EXIST::FUNCTION: BUF_reverse 2682 3_0_0 EXIST::FUNCTION: d2i_OCSP_SIGNATURE 2683 3_0_0 EXIST::FUNCTION:OCSP X509_REQ_delete_attr 2684 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_signer_cert 2685 3_0_0 EXIST::FUNCTION:TS X509V3_EXT_d2i 2686 3_0_0 EXIST::FUNCTION: -ASN1_GENERALSTRING_it 2687 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_GENERALSTRING_it 2687 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_GENERALSTRING_it 2687 3_0_0 EXIST::FUNCTION: POLICYQUALINFO_free 2688 3_0_0 EXIST::FUNCTION: EC_KEY_set_group 2689 3_0_0 EXIST::FUNCTION:EC OCSP_check_validity 2690 3_0_0 EXIST::FUNCTION:OCSP @@ -2766,8 +2674,7 @@ CMS_ContentInfo_print_ctx 2730 3_0_0 EXIST::FUNCTION:CMS d2i_PKCS7_SIGNED 2731 3_0_0 EXIST::FUNCTION: GENERAL_NAMES_free 2732 3_0_0 EXIST::FUNCTION: SCT_get_timestamp 2733 3_0_0 EXIST::FUNCTION:CT -OCSP_SIGNATURE_it 2734 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_SIGNATURE_it 2734 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_SIGNATURE_it 2734 3_0_0 EXIST::FUNCTION:OCSP CMS_verify_receipt 2735 3_0_0 EXIST::FUNCTION:CMS CRYPTO_THREAD_lock_new 2736 3_0_0 EXIST::FUNCTION: BIO_get_ex_data 2737 3_0_0 EXIST::FUNCTION: @@ -2790,8 +2697,7 @@ TS_REQ_get_policy_id 2753 3_0_0 EXIST::FUNCTION:TS RC5_32_cbc_encrypt 2754 3_0_0 EXIST::FUNCTION:RC5 BN_is_zero 2755 3_0_0 EXIST::FUNCTION: CT_POLICY_EVAL_CTX_new 2756 3_0_0 EXIST::FUNCTION:CT -NETSCAPE_SPKI_it 2757 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_SPKI_it 2757 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NETSCAPE_SPKI_it 2757 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_unlock 2758 3_0_0 EXIST::FUNCTION: UI_method_set_writer 2759 3_0_0 EXIST::FUNCTION: UI_dup_info_string 2760 3_0_0 EXIST::FUNCTION: @@ -2802,24 +2708,20 @@ EVP_SealFinal 2764 3_0_0 EXIST::FUNCTION:RSA CONF_imodule_set_flags 2766 3_0_0 EXIST::FUNCTION: i2d_ASN1_SET_ANY 2767 3_0_0 EXIST::FUNCTION: EVP_PKEY_decrypt 2768 3_0_0 EXIST::FUNCTION: -OCSP_RESPID_it 2769 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_RESPID_it 2769 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_RESPID_it 2769 3_0_0 EXIST::FUNCTION:OCSP EVP_des_ede3_cbc 2770 3_0_0 EXIST::FUNCTION:DES X509_up_ref 2771 3_0_0 EXIST::FUNCTION: OBJ_NAME_do_all_sorted 2772 3_0_0 EXIST::FUNCTION: ENGINE_unregister_DSA 2773 3_0_0 EXIST::FUNCTION:ENGINE ASN1_bn_print 2774 3_0_0 EXIST::FUNCTION: CMS_is_detached 2775 3_0_0 EXIST::FUNCTION:CMS -X509_REQ_INFO_it 2776 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_REQ_INFO_it 2776 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -RSAPrivateKey_it 2777 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -RSAPrivateKey_it 2777 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA +X509_REQ_INFO_it 2776 3_0_0 EXIST::FUNCTION: +RSAPrivateKey_it 2777 3_0_0 EXIST::FUNCTION:RSA X509_NAME_ENTRY_free 2778 3_0_0 EXIST::FUNCTION: BIO_new_fd 2779 3_0_0 EXIST::FUNCTION: OPENSSL_sk_value 2781 3_0_0 EXIST::FUNCTION: NCONF_get_section 2782 3_0_0 EXIST::FUNCTION: -PKCS12_MAC_DATA_it 2783 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_MAC_DATA_it 2783 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS12_MAC_DATA_it 2783 3_0_0 EXIST::FUNCTION: X509_REQ_add1_attr_by_NID 2784 3_0_0 EXIST::FUNCTION: ASN1_sign 2785 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_encrypt 2786 3_0_0 EXIST::FUNCTION:CMS @@ -2838,8 +2740,7 @@ X509_REQ_get0_signature 2799 3_0_0 EXIST::FUNCTION: PKEY_USAGE_PERIOD_free 2800 3_0_0 EXIST::FUNCTION: EC_GROUP_set_point_conversion_form 2801 3_0_0 EXIST::FUNCTION:EC CMS_dataFinal 2802 3_0_0 EXIST::FUNCTION:CMS -ASN1_TIME_it 2803 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_TIME_it 2803 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_TIME_it 2803 3_0_0 EXIST::FUNCTION: ENGINE_get_static_state 2804 3_0_0 EXIST::FUNCTION:ENGINE EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:EC EC_GFp_mont_method 2806 3_0_0 EXIST::FUNCTION:EC @@ -2888,13 +2789,11 @@ ASN1_UNIVERSALSTRING_free 2849 3_0_0 EXIST::FUNCTION: EC_KEY_precompute_mult 2850 3_0_0 EXIST::FUNCTION:EC CRYPTO_mem_debug_realloc 2851 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG PKCS7_new 2852 3_0_0 EXIST::FUNCTION: -BASIC_CONSTRAINTS_it 2853 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -BASIC_CONSTRAINTS_it 2853 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +BASIC_CONSTRAINTS_it 2853 3_0_0 EXIST::FUNCTION: ASN1_generate_v3 2854 3_0_0 EXIST::FUNCTION: PEM_write_bio_PrivateKey 2855 3_0_0 EXIST::FUNCTION: ASN1_UTCTIME_check 2856 3_0_0 EXIST::FUNCTION: -ACCESS_DESCRIPTION_it 2857 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ACCESS_DESCRIPTION_it 2857 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ACCESS_DESCRIPTION_it 2857 3_0_0 EXIST::FUNCTION: TS_MSG_IMPRINT_get_msg 2859 3_0_0 EXIST::FUNCTION:TS PKCS8_add_keyusage 2860 3_0_0 EXIST::FUNCTION: X509_EXTENSION_dup 2861 3_0_0 EXIST::FUNCTION: @@ -2916,8 +2815,7 @@ NCONF_get_number_e 2876 3_0_0 EXIST::FUNCTION: OPENSSL_cleanse 2877 3_0_0 EXIST::FUNCTION: SCT_set0_signature 2878 3_0_0 EXIST::FUNCTION:CT X509_CRL_sign 2879 3_0_0 EXIST::FUNCTION: -X509_CINF_it 2880 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CINF_it 2880 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_CINF_it 2880 3_0_0 EXIST::FUNCTION: TS_CONF_set_accuracy 2881 3_0_0 EXIST::FUNCTION:TS DES_crypt 2882 3_0_0 EXIST::FUNCTION:DES BN_BLINDING_create_param 2883 3_0_0 EXIST::FUNCTION: @@ -2925,8 +2823,7 @@ OCSP_SERVICELOC_free 2884 3_0_0 EXIST::FUNCTION:OCSP DIST_POINT_NAME_free 2885 3_0_0 EXIST::FUNCTION: BIO_listen 2886 3_0_0 EXIST::FUNCTION:SOCK BIO_ADDR_path_string 2887 3_0_0 EXIST::FUNCTION:SOCK -POLICY_CONSTRAINTS_it 2888 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_CONSTRAINTS_it 2888 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_CONSTRAINTS_it 2888 3_0_0 EXIST::FUNCTION: NCONF_free_data 2889 3_0_0 EXIST::FUNCTION: BIO_asn1_set_prefix 2890 3_0_0 EXIST::FUNCTION: PEM_SignUpdate 2891 3_0_0 EXIST::FUNCTION: @@ -2936,8 +2833,7 @@ IPAddressChoice_free 2894 3_0_0 EXIST::FUNCTION:RFC3779 d2i_X509_AUX 2895 3_0_0 EXIST::FUNCTION: X509_get_default_cert_area 2896 3_0_0 EXIST::FUNCTION: ERR_load_DSO_strings 2897 3_0_0 EXIST::FUNCTION: -ASIdentifiers_it 2898 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASIdentifiers_it 2898 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +ASIdentifiers_it 2898 3_0_0 EXIST::FUNCTION:RFC3779 BN_mod_lshift 2899 3_0_0 EXIST::FUNCTION: ENGINE_get_last 2900 3_0_0 EXIST::FUNCTION:ENGINE EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION: @@ -2957,8 +2853,7 @@ X509_PUBKEY_get0 2914 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get0_parent_ctx 2915 3_0_0 EXIST::FUNCTION: EC_GROUP_set_seed 2916 3_0_0 EXIST::FUNCTION:EC X509_STORE_CTX_free 2917 3_0_0 EXIST::FUNCTION: -AUTHORITY_KEYID_it 2918 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -AUTHORITY_KEYID_it 2918 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +AUTHORITY_KEYID_it 2918 3_0_0 EXIST::FUNCTION: X509V3_get_value_int 2919 3_0_0 EXIST::FUNCTION: ASN1_UTCTIME_set_string 2920 3_0_0 EXIST::FUNCTION: RC5_32_decrypt 2921 3_0_0 EXIST::FUNCTION:RC5 @@ -3011,8 +2906,7 @@ SHA384_Init 2968 3_0_0 EXIST::FUNCTION: ASN1_UNIVERSALSTRING_new 2969 3_0_0 EXIST::FUNCTION: EVP_PKEY_print_private 2970 3_0_0 EXIST::FUNCTION: ASN1_INTEGER_new 2971 3_0_0 EXIST::FUNCTION: -NAME_CONSTRAINTS_it 2972 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NAME_CONSTRAINTS_it 2972 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NAME_CONSTRAINTS_it 2972 3_0_0 EXIST::FUNCTION: TS_REQ_get_cert_req 2973 3_0_0 EXIST::FUNCTION:TS BIO_pop 2974 3_0_0 EXIST::FUNCTION: SHA256_Final 2975 3_0_0 EXIST::FUNCTION: @@ -3060,8 +2954,7 @@ OCSP_request_is_signed 3017 3_0_0 EXIST::FUNCTION:OCSP i2d_BASIC_CONSTRAINTS 3018 3_0_0 EXIST::FUNCTION: EC_KEY_get_method 3019 3_0_0 EXIST::FUNCTION:EC EC_POINT_bn2point 3021 3_0_0 EXIST::FUNCTION:EC -PBE2PARAM_it 3022 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PBE2PARAM_it 3022 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PBE2PARAM_it 3022 3_0_0 EXIST::FUNCTION: BN_rand 3023 3_0_0 EXIST::FUNCTION: ASN1_TYPE_unpack_sequence 3024 3_0_0 EXIST::FUNCTION: X509_CRL_sign_ctx 3025 3_0_0 EXIST::FUNCTION: @@ -3073,8 +2966,7 @@ PEM_write_bio_PKCS8PrivateKey_nid 3030 3_0_0 EXIST::FUNCTION: BN_MONT_CTX_new 3031 3_0_0 EXIST::FUNCTION: CRYPTO_free_ex_index 3032 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_new 3033 3_0_0 EXIST::FUNCTION: -PKCS7_it 3034 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_it 3034 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_it 3034 3_0_0 EXIST::FUNCTION: CMS_unsigned_get_attr_by_OBJ 3035 3_0_0 EXIST::FUNCTION:CMS BN_clear 3036 3_0_0 EXIST::FUNCTION: BIO_socket_ioctl 3037 3_0_0 EXIST::FUNCTION:SOCK @@ -3082,8 +2974,7 @@ GENERAL_NAME_cmp 3038 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_set_purpose 3039 3_0_0 EXIST::FUNCTION: X509_REVOKED_get_ext_d2i 3040 3_0_0 EXIST::FUNCTION: X509V3_set_conf_lhash 3041 3_0_0 EXIST::FUNCTION: -PKCS7_ENC_CONTENT_it 3042 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ENC_CONTENT_it 3042 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_ENC_CONTENT_it 3042 3_0_0 EXIST::FUNCTION: PKCS12_item_pack_safebag 3043 3_0_0 EXIST::FUNCTION: i2d_OCSP_RESPDATA 3044 3_0_0 EXIST::FUNCTION:OCSP i2d_X509_PUBKEY 3045 3_0_0 EXIST::FUNCTION: @@ -3164,8 +3055,7 @@ ASN1_BIT_STRING_set 3119 3_0_0 EXIST::FUNCTION: PKCS5_PBKDF2_HMAC_SHA1 3120 3_0_0 EXIST::FUNCTION: RSA_padding_check_PKCS1_type_2 3121 3_0_0 EXIST::FUNCTION:RSA EVP_des_ede3_ecb 3122 3_0_0 EXIST::FUNCTION:DES -CBIGNUM_it 3123 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -CBIGNUM_it 3123 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +CBIGNUM_it 3123 3_0_0 EXIST::FUNCTION: BIO_new_NDEF 3124 3_0_0 EXIST::FUNCTION: EVP_aes_256_wrap 3125 3_0_0 EXIST::FUNCTION: ASN1_STRING_print 3126 3_0_0 EXIST::FUNCTION: @@ -3294,8 +3184,7 @@ EVP_aes_192_ecb 3249 3_0_0 EXIST::FUNCTION: ASN1_OCTET_STRING_new 3250 3_0_0 EXIST::FUNCTION: CMS_set1_eContentType 3251 3_0_0 EXIST::FUNCTION:CMS EVP_des_ede3_wrap 3252 3_0_0 EXIST::FUNCTION:DES -GENERAL_SUBTREE_it 3253 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_SUBTREE_it 3253 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_SUBTREE_it 3253 3_0_0 EXIST::FUNCTION: EVP_read_pw_string_min 3254 3_0_0 EXIST::FUNCTION: X509_set1_notBefore 3255 3_0_0 EXIST::FUNCTION: MD4 3256 3_0_0 EXIST::FUNCTION:MD4 @@ -3340,8 +3229,7 @@ i2s_ASN1_IA5STRING 3295 3_0_0 EXIST::FUNCTION: EC_KEY_get_default_method 3296 3_0_0 EXIST::FUNCTION:EC PKCS8_decrypt 3297 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_data 3298 3_0_0 EXIST::FUNCTION: -POLICYQUALINFO_it 3299 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICYQUALINFO_it 3299 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICYQUALINFO_it 3299 3_0_0 EXIST::FUNCTION: PKCS7_ISSUER_AND_SERIAL_free 3300 3_0_0 EXIST::FUNCTION: DSA_SIG_free 3301 3_0_0 EXIST::FUNCTION:DSA BIO_asn1_set_suffix 3302 3_0_0 EXIST::FUNCTION: @@ -3391,8 +3279,7 @@ OCSP_SERVICELOC_new 3346 3_0_0 EXIST::FUNCTION:OCSP ASN1_VISIBLESTRING_new 3347 3_0_0 EXIST::FUNCTION: BN_set_flags 3348 3_0_0 EXIST::FUNCTION: d2i_PrivateKey_bio 3349 3_0_0 EXIST::FUNCTION: -ASN1_SEQUENCE_ANY_it 3350 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_SEQUENCE_ANY_it 3350 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_SEQUENCE_ANY_it 3350 3_0_0 EXIST::FUNCTION: ASN1_UTCTIME_adj 3351 3_0_0 EXIST::FUNCTION: BN_mod_sqrt 3352 3_0_0 EXIST::FUNCTION: OPENSSL_sk_is_sorted 3353 3_0_0 EXIST::FUNCTION: @@ -3417,15 +3304,13 @@ CMS_add1_cert 3371 3_0_0 EXIST::FUNCTION:CMS DSO_convert_filename 3372 3_0_0 EXIST::FUNCTION: RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:RSA CRYPTO_gcm128_finish 3374 3_0_0 EXIST::FUNCTION: -PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION: PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION: EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:EC EVP_EncryptInit_ex 3378 3_0_0 EXIST::FUNCTION: ENGINE_add 3379 3_0_0 EXIST::FUNCTION:ENGINE OPENSSL_LH_error 3380 3_0_0 EXIST::FUNCTION: -PKCS7_DIGEST_it 3381 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_DIGEST_it 3381 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_DIGEST_it 3381 3_0_0 EXIST::FUNCTION: X509_CINF_new 3382 3_0_0 EXIST::FUNCTION: EVP_PKEY_keygen_init 3383 3_0_0 EXIST::FUNCTION: EVP_aes_192_ocb 3384 3_0_0 EXIST::FUNCTION:OCB @@ -3558,8 +3443,7 @@ EVP_PKEY_add1_attr_by_NID 3513 3_0_0 EXIST::FUNCTION: i2d_PKCS8_PRIV_KEY_INFO_bio 3514 3_0_0 EXIST::FUNCTION: X509_NAME_get_index_by_NID 3515 3_0_0 EXIST::FUNCTION: ENGINE_get_first 3516 3_0_0 EXIST::FUNCTION:ENGINE -CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_ctrl 3518 3_0_0 EXIST::FUNCTION: PKCS7_final 3519 3_0_0 EXIST::FUNCTION: EVP_PKEY_size 3520 3_0_0 EXIST::FUNCTION: @@ -3606,10 +3490,8 @@ RAND_file_name 3564 3_0_0 EXIST::FUNCTION: EVP_CipherInit_ex 3566 3_0_0 EXIST::FUNCTION: BIO_dgram_sctp_notification_cb 3567 3_0_0 EXIST::FUNCTION:DGRAM,SCTP ERR_load_RAND_strings 3568 3_0_0 EXIST::FUNCTION: -X509_ATTRIBUTE_it 3569 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_ATTRIBUTE_it 3569 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_ALGOR_it 3570 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_ALGOR_it 3570 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_ATTRIBUTE_it 3569 3_0_0 EXIST::FUNCTION: +X509_ALGOR_it 3570 3_0_0 EXIST::FUNCTION: OCSP_CRLID_free 3571 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_ccm128_aad 3572 3_0_0 EXIST::FUNCTION: IPAddressFamily_new 3573 3_0_0 EXIST::FUNCTION:RFC3779 @@ -3633,8 +3515,7 @@ X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP SHA224 3592 3_0_0 EXIST::FUNCTION: MD2_options 3593 3_0_0 EXIST::FUNCTION:MD2 -X509_REQ_it 3595 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_REQ_it 3595 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_REQ_it 3595 3_0_0 EXIST::FUNCTION: RAND_bytes 3596 3_0_0 EXIST::FUNCTION: PKCS7_free 3597 3_0_0 EXIST::FUNCTION: X509_NAME_ENTRY_create_by_txt 3598 3_0_0 EXIST::FUNCTION: @@ -3680,8 +3561,7 @@ PEM_read_PUBKEY 3638 3_0_0 EXIST::FUNCTION:STDIO RSA_PKCS1_OpenSSL 3639 3_0_0 EXIST::FUNCTION:RSA AUTHORITY_INFO_ACCESS_free 3640 3_0_0 EXIST::FUNCTION: SCT_get0_signature 3641 3_0_0 EXIST::FUNCTION:CT -DISPLAYTEXT_it 3643 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DISPLAYTEXT_it 3643 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +DISPLAYTEXT_it 3643 3_0_0 EXIST::FUNCTION: OPENSSL_gmtime_adj 3644 3_0_0 EXIST::FUNCTION: ASN1_INTEGER_dup 3645 3_0_0 EXIST::FUNCTION: DSA_print 3646 3_0_0 EXIST::FUNCTION:DSA @@ -3739,8 +3619,7 @@ OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP PKCS8_encrypt 3699 3_0_0 EXIST::FUNCTION: i2d_PKCS7_fp 3700 3_0_0 EXIST::FUNCTION:STDIO i2d_X509_REQ 3701 3_0_0 EXIST::FUNCTION: -OCSP_CRLID_it 3702 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_CRLID_it 3702 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_CRLID_it 3702 3_0_0 EXIST::FUNCTION:OCSP PEM_ASN1_write_bio 3703 3_0_0 EXIST::FUNCTION: X509_get0_reject_objects 3704 3_0_0 EXIST::FUNCTION: BIO_set_tcp_ndelay 3705 3_0_0 EXIST::FUNCTION:SOCK @@ -3750,8 +3629,7 @@ X509_CRL_get0_by_serial 3708 3_0_0 EXIST::FUNCTION: PKCS12_add_friendlyname_asc 3709 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get1_chain 3710 3_0_0 EXIST::FUNCTION: ASN1_mbstring_ncopy 3711 3_0_0 EXIST::FUNCTION: -PKCS7_RECIP_INFO_it 3712 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_RECIP_INFO_it 3712 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_RECIP_INFO_it 3712 3_0_0 EXIST::FUNCTION: ENGINE_register_all_digests 3713 3_0_0 EXIST::FUNCTION:ENGINE X509_REQ_get_version 3714 3_0_0 EXIST::FUNCTION: i2d_ASN1_UTCTIME 3715 3_0_0 EXIST::FUNCTION: @@ -3809,8 +3687,7 @@ BIO_ADDRINFO_family 3766 3_0_0 EXIST::FUNCTION:SOCK PEM_write_DHxparams 3767 3_0_0 EXIST::FUNCTION:DH,STDIO BN_mod_exp2_mont 3768 3_0_0 EXIST::FUNCTION: ASN1_PRINTABLE_free 3769 3_0_0 EXIST::FUNCTION: -PKCS7_ATTR_SIGN_it 3771 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ATTR_SIGN_it 3771 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PKCS7_ATTR_SIGN_it 3771 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_copy 3772 3_0_0 EXIST::FUNCTION: ENGINE_set_ctrl_function 3773 3_0_0 EXIST::FUNCTION:ENGINE OCSP_id_get0_info 3774 3_0_0 EXIST::FUNCTION:OCSP @@ -3818,8 +3695,7 @@ BIO_ADDRINFO_next 3775 3_0_0 EXIST::FUNCTION:SOCK OCSP_RESPBYTES_free 3776 3_0_0 EXIST::FUNCTION:OCSP EC_KEY_METHOD_set_init 3777 3_0_0 EXIST::FUNCTION:EC EVP_PKEY_asn1_copy 3778 3_0_0 EXIST::FUNCTION: -RSA_PSS_PARAMS_it 3779 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -RSA_PSS_PARAMS_it 3779 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA +RSA_PSS_PARAMS_it 3779 3_0_0 EXIST::FUNCTION:RSA X509_STORE_CTX_get_error_depth 3780 3_0_0 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_set_string 3781 3_0_0 EXIST::FUNCTION: EC_GROUP_new_curve_GFp 3782 3_0_0 EXIST::FUNCTION:EC @@ -3849,10 +3725,8 @@ EVP_bf_ecb 3805 3_0_0 EXIST::FUNCTION:BF v2i_GENERAL_NAME_ex 3806 3_0_0 EXIST::FUNCTION: CMS_signed_delete_attr 3807 3_0_0 EXIST::FUNCTION:CMS ASN1_TYPE_pack_sequence 3808 3_0_0 EXIST::FUNCTION: -USERNOTICE_it 3809 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -USERNOTICE_it 3809 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PKEY_USAGE_PERIOD_it 3810 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKEY_USAGE_PERIOD_it 3810 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +USERNOTICE_it 3809 3_0_0 EXIST::FUNCTION: +PKEY_USAGE_PERIOD_it 3810 3_0_0 EXIST::FUNCTION: BN_mul_word 3811 3_0_0 EXIST::FUNCTION: i2d_IPAddressRange 3813 3_0_0 EXIST::FUNCTION:RFC3779 CMS_unsigned_add1_attr_by_txt 3814 3_0_0 EXIST::FUNCTION:CMS @@ -3860,8 +3734,7 @@ d2i_RSA_PUBKEY 3815 3_0_0 EXIST::FUNCTION:RSA PKCS12_gen_mac 3816 3_0_0 EXIST::FUNCTION: ERR_load_ENGINE_strings 3817 3_0_0 EXIST::FUNCTION:ENGINE ERR_load_CT_strings 3818 3_0_0 EXIST::FUNCTION:CT -OCSP_ONEREQ_it 3819 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_ONEREQ_it 3819 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_ONEREQ_it 3819 3_0_0 EXIST::FUNCTION:OCSP X509_PURPOSE_get_by_sname 3820 3_0_0 EXIST::FUNCTION: X509_PURPOSE_set 3821 3_0_0 EXIST::FUNCTION: BN_mod_inverse 3822 3_0_0 EXIST::FUNCTION: @@ -3904,10 +3777,8 @@ i2o_ECPublicKey 3858 3_0_0 EXIST::FUNCTION:EC PKCS12_SAFEBAG_create0_pkcs8 3859 3_0_0 EXIST::FUNCTION: OBJ_get0_data 3860 3_0_0 EXIST::FUNCTION: EC_GROUP_get0_seed 3861 3_0_0 EXIST::FUNCTION:EC -OCSP_REQUEST_it 3862 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_REQUEST_it 3862 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP -ASRange_it 3863 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASRange_it 3863 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +OCSP_REQUEST_it 3862 3_0_0 EXIST::FUNCTION:OCSP +ASRange_it 3863 3_0_0 EXIST::FUNCTION:RFC3779 i2d_TS_RESP 3864 3_0_0 EXIST::FUNCTION:TS TS_TST_INFO_get_ext_by_OBJ 3865 3_0_0 EXIST::FUNCTION:TS d2i_PKCS7_RECIP_INFO 3866 3_0_0 EXIST::FUNCTION: @@ -3915,8 +3786,7 @@ d2i_X509_CRL 3867 3_0_0 EXIST::FUNCTION: ASN1_OCTET_STRING_dup 3868 3_0_0 EXIST::FUNCTION: CRYPTO_nistcts128_decrypt_block 3869 3_0_0 EXIST::FUNCTION: CMS_stream 3870 3_0_0 EXIST::FUNCTION:CMS -RSA_OAEP_PARAMS_it 3871 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -RSA_OAEP_PARAMS_it 3871 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA +RSA_OAEP_PARAMS_it 3871 3_0_0 EXIST::FUNCTION:RSA BN_bn2mpi 3872 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_cleanup 3873 3_0_0 EXIST::FUNCTION: OCSP_onereq_get0_id 3874 3_0_0 EXIST::FUNCTION:OCSP @@ -3928,8 +3798,7 @@ CMS_add0_RevocationInfoChoice 3880 3_0_0 EXIST::FUNCTION:CMS ASN1_PCTX_get_flags 3881 3_0_0 EXIST::FUNCTION: EVP_MD_meth_set_result_size 3882 3_0_0 EXIST::FUNCTION: i2d_X509_CRL 3883 3_0_0 EXIST::FUNCTION: -ASN1_INTEGER_it 3885 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_INTEGER_it 3885 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ASN1_INTEGER_it 3885 3_0_0 EXIST::FUNCTION: TS_ACCURACY_new 3886 3_0_0 EXIST::FUNCTION:TS i2d_SXNETID 3887 3_0_0 EXIST::FUNCTION: BN_mod_mul_montgomery 3888 3_0_0 EXIST::FUNCTION: @@ -3939,8 +3808,7 @@ PBKDF2PARAM_new 3891 3_0_0 EXIST::FUNCTION: ENGINE_set_RSA 3892 3_0_0 EXIST::FUNCTION:ENGINE i2d_X509_ATTRIBUTE 3893 3_0_0 EXIST::FUNCTION: PKCS7_ctrl 3894 3_0_0 EXIST::FUNCTION: -OCSP_REVOKEDINFO_it 3895 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP -OCSP_REVOKEDINFO_it 3895 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP +OCSP_REVOKEDINFO_it 3895 3_0_0 EXIST::FUNCTION:OCSP X509V3_set_ctx 3896 3_0_0 EXIST::FUNCTION: ASN1_ENUMERATED_set_int64 3897 3_0_0 EXIST::FUNCTION: o2i_SCT 3898 3_0_0 EXIST::FUNCTION:CT @@ -3967,13 +3835,10 @@ BN_BLINDING_unlock 3918 3_0_0 EXIST::FUNCTION: EC_GROUP_new_from_ecpkparameters 3919 3_0_0 EXIST::FUNCTION:EC EC_GROUP_get_ecpkparameters 3920 3_0_0 EXIST::FUNCTION:EC EC_GROUP_new_from_ecparameters 3921 3_0_0 EXIST::FUNCTION:EC -ECPARAMETERS_it 3922 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC -ECPARAMETERS_it 3922 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC -ECPKPARAMETERS_it 3923 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC -ECPKPARAMETERS_it 3923 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC +ECPARAMETERS_it 3922 3_0_0 EXIST::FUNCTION:EC +ECPKPARAMETERS_it 3923 3_0_0 EXIST::FUNCTION:EC EC_GROUP_get_ecparameters 3924 3_0_0 EXIST::FUNCTION:EC -DHparams_it 3925 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH -DHparams_it 3925 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH +DHparams_it 3925 3_0_0 EXIST::FUNCTION:DH EVP_blake2s256 3926 3_0_0 EXIST::FUNCTION:BLAKE2 EVP_blake2b512 3927 3_0_0 EXIST::FUNCTION:BLAKE2 X509_SIG_get0 3928 3_0_0 EXIST::FUNCTION: @@ -4251,22 +4116,14 @@ EVP_aria_128_ctr 4204 3_0_0 EXIST::FUNCTION:ARIA EVP_aria_192_ctr 4205 3_0_0 EXIST::FUNCTION:ARIA UI_null 4206 3_0_0 EXIST::FUNCTION: EC_KEY_get0_engine 4207 3_0_0 EXIST::FUNCTION:EC -INT32_it 4208 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -INT32_it 4208 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UINT64_it 4209 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -UINT64_it 4209 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ZINT32_it 4210 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ZINT32_it 4210 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ZUINT64_it 4211 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ZUINT64_it 4211 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -INT64_it 4212 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -INT64_it 4212 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ZUINT32_it 4213 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ZUINT32_it 4213 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UINT32_it 4214 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -UINT32_it 4214 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ZINT64_it 4215 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ZINT64_it 4215 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +INT32_it 4208 3_0_0 EXIST::FUNCTION: +UINT64_it 4209 3_0_0 EXIST::FUNCTION: +ZINT32_it 4210 3_0_0 EXIST::FUNCTION: +ZUINT64_it 4211 3_0_0 EXIST::FUNCTION: +INT64_it 4212 3_0_0 EXIST::FUNCTION: +ZUINT32_it 4213 3_0_0 EXIST::FUNCTION: +UINT32_it 4214 3_0_0 EXIST::FUNCTION: +ZINT64_it 4215 3_0_0 EXIST::FUNCTION: CRYPTO_mem_leaks_cb 4216 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG BIO_lookup_ex 4217 3_0_0 EXIST::FUNCTION:SOCK X509_CRL_print_ex 4218 3_0_0 EXIST::FUNCTION: @@ -4362,8 +4219,7 @@ SCRYPT_PARAMS_new 4310 3_0_0 EXIST::FUNCTION:SCRYPT SCRYPT_PARAMS_free 4311 3_0_0 EXIST::FUNCTION:SCRYPT i2d_SCRYPT_PARAMS 4312 3_0_0 EXIST::FUNCTION:SCRYPT d2i_SCRYPT_PARAMS 4313 3_0_0 EXIST::FUNCTION:SCRYPT -SCRYPT_PARAMS_it 4314 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:SCRYPT -SCRYPT_PARAMS_it 4314 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:SCRYPT +SCRYPT_PARAMS_it 4314 3_0_0 EXIST::FUNCTION:SCRYPT CRYPTO_secure_clear_free 4315 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get0 4316 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_count 4317 3_0_0 EXIST::FUNCTION: @@ -4433,8 +4289,7 @@ d2i_ADMISSION_SYNTAX 4384 3_0_0 EXIST::FUNCTION: NAMING_AUTHORITY_set0_authorityId 4385 3_0_0 EXIST::FUNCTION: NAMING_AUTHORITY_set0_authorityURL 4386 3_0_0 EXIST::FUNCTION: d2i_PROFESSION_INFO 4387 3_0_0 EXIST::FUNCTION: -NAMING_AUTHORITY_it 4388 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NAMING_AUTHORITY_it 4388 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NAMING_AUTHORITY_it 4388 3_0_0 EXIST::FUNCTION: ADMISSION_SYNTAX_get0_contentsOfAdmissions 4389 3_0_0 EXIST::FUNCTION: PROFESSION_INFO_set0_professionItems 4390 3_0_0 EXIST::FUNCTION: NAMING_AUTHORITY_new 4391 3_0_0 EXIST::FUNCTION: @@ -4444,8 +4299,7 @@ PROFESSION_INFO_new 4394 3_0_0 EXIST::FUNCTION: ADMISSIONS_new 4395 3_0_0 EXIST::FUNCTION: ADMISSION_SYNTAX_set0_admissionAuthority 4396 3_0_0 EXIST::FUNCTION: PROFESSION_INFO_get0_professionOIDs 4397 3_0_0 EXIST::FUNCTION: -PROFESSION_INFO_it 4398 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PROFESSION_INFO_it 4398 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PROFESSION_INFO_it 4398 3_0_0 EXIST::FUNCTION: i2d_PROFESSION_INFO 4399 3_0_0 EXIST::FUNCTION: ADMISSIONS_set0_professionInfos 4400 3_0_0 EXIST::FUNCTION: PROFESSION_INFO_get0_namingAuthority 4401 3_0_0 EXIST::FUNCTION: @@ -4454,8 +4308,7 @@ PROFESSION_INFO_set0_addProfessionInfo 4403 3_0_0 EXIST::FUNCTION: PROFESSION_INFO_set0_registrationNumber 4404 3_0_0 EXIST::FUNCTION: ADMISSION_SYNTAX_set0_contentsOfAdmissions 4405 3_0_0 EXIST::FUNCTION: NAMING_AUTHORITY_get0_authorityId 4406 3_0_0 EXIST::FUNCTION: -ADMISSION_SYNTAX_it 4407 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ADMISSION_SYNTAX_it 4407 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ADMISSION_SYNTAX_it 4407 3_0_0 EXIST::FUNCTION: i2d_ADMISSION_SYNTAX 4408 3_0_0 EXIST::FUNCTION: NAMING_AUTHORITY_get0_authorityText 4409 3_0_0 EXIST::FUNCTION: PROFESSION_INFO_set0_namingAuthority 4410 3_0_0 EXIST::FUNCTION: @@ -4470,8 +4323,7 @@ PROFESSION_INFO_get0_professionItems 4418 3_0_0 EXIST::FUNCTION: ADMISSIONS_get0_admissionAuthority 4419 3_0_0 EXIST::FUNCTION: PROFESSION_INFO_set0_professionOIDs 4420 3_0_0 EXIST::FUNCTION: d2i_NAMING_AUTHORITY 4421 3_0_0 EXIST::FUNCTION: -ADMISSIONS_it 4422 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ADMISSIONS_it 4422 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ADMISSIONS_it 4422 3_0_0 EXIST::FUNCTION: ADMISSIONS_get0_namingAuthority 4423 3_0_0 EXIST::FUNCTION: NAMING_AUTHORITY_set0_authorityText 4424 3_0_0 EXIST::FUNCTION: ADMISSIONS_set0_namingAuthority 4425 3_0_0 EXIST::FUNCTION: @@ -4662,50 +4514,42 @@ d2i_OSSL_CRMF_ENCRYPTEDVALUE 4619 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_ENCRYPTEDVALUE 4620 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDVALUE_free 4621 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDVALUE_new 4622 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_it 4623 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_it 4623 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDVALUE_it 4623 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_MSG 4624 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_MSG 4625 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_free 4626 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_new 4627 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_it 4628 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_MSG_it 4628 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_MSG_it 4628 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_PBMPARAMETER 4629 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_PBMPARAMETER 4630 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_PBMPARAMETER_free 4631 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_PBMPARAMETER_new 4632 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PBMPARAMETER_it 4633 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_PBMPARAMETER_it 4633 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_PBMPARAMETER_it 4633 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_CERTID 4634 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_CERTID 4635 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_free 4636 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_new 4637 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_it 4638 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_CERTID_it 4638 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_CERTID_it 4638 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_PKIPUBLICATIONINFO 4639 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_PKIPUBLICATIONINFO 4640 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_PKIPUBLICATIONINFO_free 4641 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_PKIPUBLICATIONINFO_new 4642 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_it 4643 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_it 4643 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_it 4643 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_SINGLEPUBINFO 4644 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_SINGLEPUBINFO 4645 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_SINGLEPUBINFO_free 4646 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_SINGLEPUBINFO_new 4647 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_SINGLEPUBINFO_it 4648 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_SINGLEPUBINFO_it 4648 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_SINGLEPUBINFO_it 4648 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_CERTTEMPLATE 4649 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_CERTTEMPLATE 4650 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_free 4651 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTTEMPLATE_new 4652 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_it 4653 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_CERTTEMPLATE_it 4653 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_it 4653 3_0_0 EXIST::FUNCTION:CRMF d2i_OSSL_CRMF_MSGS 4654 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_MSGS 4655 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSGS_free 4656 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSGS_new 4657 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_it 4658 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_MSGS_it 4658 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_MSGS_it 4658 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_pbmp_new 4659 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_pbm_new 4660 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regCtrl_regToken 4661 3_0_0 EXIST::FUNCTION:CRMF @@ -4798,18 +4642,15 @@ i2d_KeyParams 4747 3_0_0 EXIST::FUNCTION: d2i_KeyParams 4748 3_0_0 EXIST::FUNCTION: i2d_KeyParams_bio 4749 3_0_0 EXIST::FUNCTION: d2i_KeyParams_bio 4750 3_0_0 EXIST::FUNCTION: -OSSL_CMP_PKISTATUS_it 4751 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CMP_PKISTATUS_it 4751 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMP +OSSL_CMP_PKISTATUS_it 4751 3_0_0 EXIST::FUNCTION:CMP d2i_OSSL_CMP_PKIHEADER 4752 3_0_0 EXIST::FUNCTION:CMP i2d_OSSL_CMP_PKIHEADER 4753 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_PKIHEADER_free 4754 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_PKIHEADER_new 4755 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKIHEADER_it 4756 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CMP_PKIHEADER_it 4756 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMP +OSSL_CMP_PKIHEADER_it 4756 3_0_0 EXIST::FUNCTION:CMP d2i_OSSL_CMP_MSG 4757 3_0_0 EXIST::FUNCTION:CMP i2d_OSSL_CMP_MSG 4758 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_it 4759 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CMP_MSG_it 4759 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMP +OSSL_CMP_MSG_it 4759 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_ITAV_create 4760 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_ITAV_set0 4761 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_ITAV_get0_type 4762 3_0_0 EXIST::FUNCTION:CMP diff --git a/util/mkdef.pl b/util/mkdef.pl index 83c9d79..a860db6 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -109,24 +109,20 @@ my $libname = platform->sharedname($name); my %OS_data = ( solaris => { writer => \&writer_linux, sort => sorter_linux(), - platforms => { UNIX => 1, - EXPORT_VAR_AS_FUNCTION => 0 } }, + platforms => { UNIX => 1 } }, linux => 'solaris', # alias "bsd-gcc" => 'solaris', # alias aix => { writer => \&writer_aix, sort => sorter_unix(), - platforms => { UNIX => 1, - EXPORT_VAR_AS_FUNCTION => 0 } }, + platforms => { UNIX => 1 } }, VMS => { writer => \&writer_VMS, sort => OpenSSL::Ordinals::by_number(), - platforms => { VMS => 1, - EXPORT_VAR_AS_FUNCTION => 0 } }, + platforms => { VMS => 1 } }, vms => 'VMS', # alias WINDOWS => { writer => \&writer_windows, sort => OpenSSL::Ordinals::by_name(), platforms => { WIN32 => 1, - _WIN32 => 1, - EXPORT_VAR_AS_FUNCTION => 1 } }, + _WIN32 => 1 } }, windows => 'WINDOWS', # alias WIN32 => 'WINDOWS', # alias win32 => 'WIN32', # alias diff --git a/util/perl/OpenSSL/Ordinals.pm b/util/perl/OpenSSL/Ordinals.pm index c26a866..302d58f 100644 --- a/util/perl/OpenSSL/Ordinals.pm +++ b/util/perl/OpenSSL/Ordinals.pm @@ -342,8 +342,6 @@ sub _parse_platforms { # if ($def =~ m{^__DragonFly__$}) { $platforms{$&} = $op; } # if ($def =~ m{^__OpenBSD__$}) { $platforms{$&} = $op; } # if ($def =~ m{^__NetBSD__$}) { $platforms{$&} = $op; } - if ($def =~ - m{^OPENSSL_(EXPORT_VAR_AS_FUNCTION)$}) { $platforms{$1} = $op; } if ($def =~ m{^OPENSSL_SYS_}) { $platforms{$'} = $op; } } diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm index 8e5b8b2..286fa7e 100644 --- a/util/perl/OpenSSL/ParseC.pm +++ b/util/perl/OpenSSL/ParseC.pm @@ -400,11 +400,7 @@ EOF { regexp => qr/DECLARE_ASN1_ITEM<<<\((.*)\)>>>/, massager => sub { return (<<"EOF"); -#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -OPENSSL_EXTERN const ASN1_ITEM *$1_it; -#else const ASN1_ITEM *$1_it(void); -#endif EOF }, }, From builds at travis-ci.org Tue Jul 2 08:59:22 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 08:59:22 +0000 Subject: Still Failing: openssl/openssl#26196 (master - 211da00) In-Reply-To: Message-ID: <5d1b1ce9b0fb9_43f903e8b4620308388@8da30bcf-d2fd-408b-98c8-7879347d3f25.mail> Build Update for openssl/openssl ------------------------------------- Build: #26196 Status: Still Failing Duration: 24 mins and 10 secs Commit: 211da00 (master) Author: Rich Salz Message: Remove EXPORT_VAR_AS_FUNC We only export functions, not global, so remove the config option and some of the #ifdef stuff. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9285) View the changeset: https://github.com/openssl/openssl/compare/66e2dbc01cb2...211da00b79f5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553173984?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Tue Jul 2 11:21:22 2019 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Tue, 02 Jul 2019 11:21:22 +0000 Subject: [openssl] master update Message-ID: <1562066482.338682.2944.nullmailer@dev.openssl.org> The branch master has been updated via f663ddc7b00a2d75c1e7d868b73b24adc3f62095 (commit) from 211da00b79f5ab9df62f69ddff65d493759eae4c (commit) - Log ----------------------------------------------------------------- commit f663ddc7b00a2d75c1e7d868b73b24adc3f62095 Author: Patrick Steuer Date: Mon Jul 1 18:09:16 2019 +0200 test/p_test.c: silence -Wstringop-overflow Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9282) ----------------------------------------------------------------------- Summary of changes: test/p_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/p_test.c b/test/p_test.c index 925e3b8..904b75b 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -92,7 +92,7 @@ static int p_get_params(void *vprov, OSSL_PARAM params[]) p->return_size = buf_l = strlen(buf) + 1; if (p->data_size >= buf_l) - strncpy(p->data, buf, buf_l); + strcpy(p->data, buf); else ok = 0; } From builds at travis-ci.org Tue Jul 2 11:41:47 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 11:41:47 +0000 Subject: Still Failing: openssl/openssl#26199 (master - f663ddc) In-Reply-To: Message-ID: <5d1b42fabc4a7_43fd097393a442954e3@d3e0c2b6-e811-42d3-addf-c8fbce732e1d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26199 Status: Still Failing Duration: 19 mins and 49 secs Commit: f663ddc (master) Author: Patrick Steuer Message: test/p_test.c: silence -Wstringop-overflow Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9282) View the changeset: https://github.com/openssl/openssl/compare/211da00b79f5...f663ddc7b00a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553244256?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Tue Jul 2 12:23:28 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 02 Jul 2019 12:23:28 +0000 Subject: [openssl] master update Message-ID: <1562070208.306617.31850.nullmailer@dev.openssl.org> The branch master has been updated via c2969ff6e70b10f71fbd97c1d0b0cffc92bd69df (commit) from f663ddc7b00a2d75c1e7d868b73b24adc3f62095 (commit) - Log ----------------------------------------------------------------- commit c2969ff6e70b10f71fbd97c1d0b0cffc92bd69df Author: Antoine C?ur Date: Tue Jul 2 16:04:04 2019 +0800 Fix Typos CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9288) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++-- Configurations/15-ios.conf | 2 +- Configurations/50-win-onecore.conf | 2 +- Configurations/common0.tmpl | 2 +- apps/pkcs12.c | 2 +- apps/speed.c | 2 +- apps/storeutl.c | 2 +- crypto/README.sparse_array | 2 +- crypto/aes/asm/aes-s390x.pl | 4 ++-- crypto/asn1/a_time.c | 2 +- crypto/bio/bss_dgram.c | 2 +- crypto/bn/asm/mips.pl | 2 +- crypto/bn/bn_div.c | 2 +- crypto/bn/bn_lcl.h | 2 +- crypto/dsa/dsa_ossl.c | 2 +- crypto/ec/asm/ecp_nistz256-x86_64.pl | 2 +- crypto/ec/asm/x25519-ppc64.pl | 4 ++-- crypto/ec/ec_lcl.h | 2 +- crypto/ec/ecp_nistp521.c | 2 +- crypto/ec/ecx_meth.c | 2 +- crypto/err/openssl.txt | 2 +- crypto/evp/evp_err.c | 2 +- crypto/initthread.c | 2 +- crypto/lhash/lhash.c | 6 +++--- crypto/poly1305/asm/poly1305-ppc.pl | 6 +++--- crypto/rand/drbg_lib.c | 2 +- crypto/rand/rand_lib.c | 2 +- crypto/rsa/rsa_gen.c | 2 +- crypto/sha/asm/sha512-sparcv9.pl | 2 +- crypto/sm2/sm2_sign.c | 4 ++-- crypto/sparse_array.c | 2 +- crypto/store/loader_file.c | 4 ++-- demos/bio/descrip.mms | 2 +- demos/evp/aesgcm.c | 2 +- doc/internal/man3/openssl_ctx_get_data.pod | 2 +- doc/internal/man3/ossl_method_construct.pod | 2 +- doc/internal/man3/ossl_provider_new.pod | 2 +- doc/man1/mac.pod | 2 +- doc/man3/ADMISSIONS.pod | 2 +- doc/man3/BIO_s_mem.pod | 2 +- doc/man3/EVP_DigestSignInit.pod | 2 +- doc/man3/EVP_DigestVerifyInit.pod | 2 +- doc/man3/EVP_MD_fetch.pod | 4 ++-- doc/man3/EVP_md5.pod | 2 +- doc/man3/OSSL_CRMF_pbmp_new.pod | 2 +- doc/man3/OSSL_PARAM_int.pod | 4 ++-- doc/man3/OSSL_STORE_LOADER.pod | 2 +- doc/man3/OSSL_STORE_expect.pod | 2 +- doc/man3/RAND_DRBG_set_callbacks.pod | 2 +- doc/man3/SSL_CTX_set_cipher_list.pod | 2 +- doc/man3/SSL_CTX_set_srp_password.pod | 2 +- doc/man3/SSL_SESSION_get0_hostname.pod | 2 +- doc/man3/SSL_write.pod | 2 +- doc/man7/EVP_KDF_SS.pod | 2 +- doc/man7/EVP_KDF_SSHKDF.pod | 8 ++++---- doc/man7/EVP_KDF_X963.pod | 2 +- doc/man7/property.pod | 4 ++-- engines/e_devcrypto.c | 2 +- include/internal/property.h | 2 +- include/internal/thread_once.h | 4 ++-- include/internal/tsan_assist.h | 2 +- test/asn1_time_test.c | 4 ++-- test/drbgtest.c | 2 +- test/dtlstest.c | 2 +- test/evp_extra_test.c | 2 +- test/params_test.c | 6 +++--- test/ssltestlib.c | 2 +- test/tls13secretstest.c | 2 +- util/perl/OpenSSL/Test.pm | 4 ++-- 69 files changed, 89 insertions(+), 89 deletions(-) diff --git a/CHANGES b/CHANGES index cc7a964..c44dc0f 100644 --- a/CHANGES +++ b/CHANGES @@ -39,7 +39,7 @@ EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE. [Shane Lontis] - *) Default cipher lists/suites are now avaialble via a function, the + *) Default cipher lists/suites are now available via a function, the #defines are deprecated. [Todd Short] @@ -462,7 +462,7 @@ SSL_set_ciphersuites() [Matt Caswell] - *) Memory allocation failures consistenly add an error to the error + *) Memory allocation failures consistently add an error to the error stack. [Rich Salz] diff --git a/Configurations/15-ios.conf b/Configurations/15-ios.conf index a95f808..4b5aeec 100644 --- a/Configurations/15-ios.conf +++ b/Configurations/15-ios.conf @@ -1,6 +1,6 @@ #### iPhoneOS/iOS # -# It takes recent enough XCode to use following two targets. It shouldn't +# It takes recent enough Xcode to use following two targets. It shouldn't # be a problem by now, but if they don't work, original targets below # that depend on manual definition of environment variables should still # work... diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf index 42a1ee0..d4e6e64 100644 --- a/Configurations/50-win-onecore.conf +++ b/Configurations/50-win-onecore.conf @@ -1,6 +1,6 @@ # Windows OneCore targets. # -# OneCore is new API stability "contract" that transends Desktop, IoT and +# OneCore is new API stability "contract" that transcends Desktop, IoT and # Mobile[?] Windows editions. It's a set up "umbrella" libraries that # export subset of Win32 API that are common to all Windows 10 devices. # diff --git a/Configurations/common0.tmpl b/Configurations/common0.tmpl index 03acb3e..852b1fb 100644 --- a/Configurations/common0.tmpl +++ b/Configurations/common0.tmpl @@ -22,7 +22,7 @@ our @generated = sort ( ( grep { defined $unified_info{generate}->{$_} } sort keys %generatables ), - # Scripts are assumed to be generated, so add thhem too + # Scripts are assumed to be generated, so add them too ( grep { defined $unified_info{sources}->{$_} } @{$unified_info{scripts}} ) ); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index bf22aeb..407340b 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -838,7 +838,7 @@ static int alg_print(const X509_ALGOR *alg) goto done; } BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, " - "Block size(r): %ld, Paralelizm(p): %ld", + "Block size(r): %ld, Parallelism(p): %ld", ASN1_STRING_length(kdf->salt), ASN1_INTEGER_get(kdf->costParameter), ASN1_INTEGER_get(kdf->blockSize), diff --git a/apps/speed.c b/apps/speed.c index b0cbdf4..a5e9d44 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1876,7 +1876,7 @@ int speed_main(int argc, char **argv) } buflen = lengths[size_num - 1]; - if (buflen < 36) /* size of random vector in RSA bencmark */ + if (buflen < 36) /* size of random vector in RSA benchmark */ buflen = 36; buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); diff --git a/apps/storeutl.c b/apps/storeutl.c index bc212c6..f557f4d 100644 --- a/apps/storeutl.c +++ b/apps/storeutl.c @@ -125,7 +125,7 @@ int storeutl_main(int argc, char *argv[]) } /* * If expected wasn't set at this point, it means the map - * isn't syncronised with the possible options leading here. + * isn't synchronised with the possible options leading here. */ OPENSSL_assert(expected != 0); } diff --git a/crypto/README.sparse_array b/crypto/README.sparse_array index 947c34d..d86a48d 100644 --- a/crypto/README.sparse_array +++ b/crypto/README.sparse_array @@ -43,7 +43,7 @@ The tree height is dynamically increased as needed based on additions. An empty tree is represented by a NULL root pointer. Inserting a value at index 0 results in the allocation of a top level node full of null pointers except for the single pointer to the user's data (N = SA_BLOCK_MAX for -breviety): +brevity): +----+ |Root| diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 4f55a6b..9a15091 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -38,14 +38,14 @@ # Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided # for 128-bit keys, if hardware support is detected. -# Januray 2009. +# January 2009. # # Add support for hardware AES192/256 and reschedule instructions to # minimize/avoid Address Generation Interlock hazard and to favour # dual-issue z10 pipeline. This gave ~25% improvement on z10 and # almost 50% on z9. The gain is smaller on z10, because being dual- # issue z10 makes it impossible to eliminate the interlock condition: -# critial path is not long enough. Yet it spends ~24 cycles per byte +# critical path is not long enough. Yet it spends ~24 cycles per byte # processed with 128-bit key. # # Unlike previous version hardware support detection takes place only diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 60df8991..491909b 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -67,7 +67,7 @@ static void determine_days(struct tm *tm) } c = y / 100; y %= 100; - /* Zeller's congruance */ + /* Zeller's congruence */ tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7; } diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index cc8080c..941429a 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -784,7 +784,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The * value has been updated to a non-clashing value. However to preserve - * binary compatiblity we now respond to both the old value and the new one + * binary compatibility we now respond to both the old value and the new one */ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: case BIO_CTRL_DGRAM_SET_PEEK_MODE: diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index bff624d..3597176 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -800,7 +800,7 @@ $code.=<<___; #if 0 /* * The bn_div_3_words entry point is re-used for constant-time interface. - * Implementation is retained as hystorical reference. + * Implementation is retained as historical reference. */ .align 5 .globl bn_div_3_words diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 750c30e..88fcaf7 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -258,7 +258,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, * * - availability of constant-time bn_div_3_words; * - dividend is at least as "wide" as divisor, limb-wise, zero-padded - * if so requied, which shouldn't be a privacy problem, because + * if so required, which shouldn't be a privacy problem, because * divisor's length is considered public; */ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index bc52749..160f2f5 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -295,7 +295,7 @@ struct bn_gencb_st { (b) > 23 ? 3 : 1) /* - * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache + * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache * line width of the target processor is at least the following value. */ # define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index b66d5ad..a9384a0 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -248,7 +248,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * one bit longer than the modulus. * * There are some concerns about the efficacy of doing this. More - * specificly refer to the discussion starting with: + * specifically refer to the discussion starting with: * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 * The fix is to rework BN so these gymnastics aren't required. */ diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index e1e23ca..7fbc3eb 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1301,7 +1301,7 @@ ecp_nistz256_ord_mul_montx: ################################# reduction mulx 8*0+128(%r14), $t0, $t1 - adcx $t0, $acc3 # guranteed to be zero + adcx $t0, $acc3 # guaranteed to be zero adox $t1, $acc4 mulx 8*1+128(%r14), $t0, $t1 diff --git a/crypto/ec/asm/x25519-ppc64.pl b/crypto/ec/asm/x25519-ppc64.pl index 2f8d82c..5f6bff1 100755 --- a/crypto/ec/asm/x25519-ppc64.pl +++ b/crypto/ec/asm/x25519-ppc64.pl @@ -451,7 +451,7 @@ x25519_fe64_tobytes: and $t0,$t0,$t1 sldi $a3,$a3,1 add $t0,$t0,$t1 # compare to modulus in the same go - srdi $a3,$a3,1 # most signifcant bit cleared + srdi $a3,$a3,1 # most significant bit cleared addc $a0,$a0,$t0 addze $a1,$a1 @@ -462,7 +462,7 @@ x25519_fe64_tobytes: sradi $t0,$a3,63 # most significant bit -> mask sldi $a3,$a3,1 andc $t0,$t1,$t0 - srdi $a3,$a3,1 # most signifcant bit cleared + srdi $a3,$a3,1 # most significant bit cleared subi $rp,$rp,1 subfc $a0,$t0,$a0 diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index c54789b..0b1697e 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -154,7 +154,7 @@ struct ec_method_st { int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); /*- - * 'field_inv' computes the multipicative inverse of a in the field, + * 'field_inv' computes the multiplicative inverse of a in the field, * storing the result in r. * * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index fe6f3b3..06f1a63 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1269,7 +1269,7 @@ static void point_add(felem x3, felem y3, felem z3, * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb * 71e913863f7, in that case the penultimate intermediate is -9G and * the final digit is also -9G. Since this only happens for a single - * scalar, the timing leak is irrelevent. (Any attacker who wanted to + * scalar, the timing leak is irrelevant. (Any attacker who wanted to * check whether a secret scalar was that exact value, can already do * so.) */ diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 7d133a3..1958aa2 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -532,7 +532,7 @@ static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); if (alg2) X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); - /* Algorithm idetifiers set: carry on as normal */ + /* Algorithm identifiers set: carry on as normal */ return 3; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c70cdee..5a19bdc 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2439,7 +2439,7 @@ EVP_R_NO_OPERATION_SET:149:no operation set EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype -EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized +EVP_R_OPERATON_NOT_INITIALIZED:151:operation not initialized EVP_R_PARAMETER_TOO_LARGE:187:parameter too large EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 8483465..99535c0 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -284,7 +284,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), - "operaton not initialized"}, + "operation not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), "parameter too large"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), diff --git a/crypto/initthread.c b/crypto/initthread.c index b398b05..99cd96c 100644 --- a/crypto/initthread.c +++ b/crypto/initthread.c @@ -139,7 +139,7 @@ init_get_thread_local(CRYPTO_THREAD_LOCAL *local, int alloc, int keep) * destructor for threads terminating before libcrypto is initialized or * after it's de-initialized. Access to the key doesn't have to be * serialized for the said threads, because they didn't use libcrypto - * and it doesn't matter if they pick "impossible" or derefernce real + * and it doesn't matter if they pick "impossible" or dereference real * key value and pull NULL past initialization in the first thread that * intends to use libcrypto. */ diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index e3c7ac4..f91a56a 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -19,14 +19,14 @@ /* * A hashing implementation that appears to be based on the linear hashing - * alogrithm: + * algorithm: * https://en.wikipedia.org/wiki/Linear_hashing * * Litwin, Witold (1980), "Linear hashing: A new tool for file and table * addressing", Proc. 6th Conference on Very Large Databases: 212-223 - * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf + * https://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf * - * From the wikipedia article "Linear hashing is used in the BDB Berkeley + * From the Wikipedia article "Linear hashing is used in the BDB Berkeley * database system, which in turn is used by many software systems such as * OpenLDAP, using a C implementation derived from the CACM article and first * published on the Usenet in 1988 by Esmond Pitt." diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index 9f15c0d..2770f5e 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -969,15 +969,15 @@ __poly1305_blocks_vsx: addi $t1,$ctx,`48+(12^$BIG_ENDIAN)` bl __poly1305_splat - bl __poly1305_mul # caclulate r^2 + bl __poly1305_mul # calculate r^2 addi $t1,$ctx,`48+(4^$BIG_ENDIAN)` bl __poly1305_splat - bl __poly1305_mul # caclulate r^3 + bl __poly1305_mul # calculate r^3 addi $t1,$ctx,`48+(8^$BIG_ENDIAN)` bl __poly1305_splat - bl __poly1305_mul # caclulate r^4 + bl __poly1305_mul # calculate r^4 addi $t1,$ctx,`48+(0^$BIG_ENDIAN)` bl __poly1305_splat diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 812a52f..c1b9b3b 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -546,7 +546,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, /* * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy * and nonce in 1 call by increasing the entropy with 50% and increasing - * the minimum length to accomadate the length of the nonce. + * the minimum length to accommodate the length of the nonce. * We do this in case a nonce is require and get_nonce is NULL. */ if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) { diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 45742f5..07d2362 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -292,7 +292,7 @@ void rand_cleanup_int(void) /* TODO(3.0): Do we need to handle this somehow in the FIPS module? */ /* - * RAND_close_seed_files() ensures that any seed file decriptors are + * RAND_close_seed_files() ensures that any seed file descriptors are * closed after use. */ void RAND_keep_random_devices_open(int keep) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 1611fc8..dfbb79f 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -256,7 +256,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, * * This strategy has the following goals: * - * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key + * 1. 1024-bit factors are efficient when using 3072 and 4096-bit key * 2. stay the same logic with normal 2-prime key */ bitse -= bitsr[i]; diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl index 7f57010..daf6d22 100644 --- a/crypto/sha/asm/sha512-sparcv9.pl +++ b/crypto/sha/asm/sha512-sparcv9.pl @@ -27,7 +27,7 @@ # over 2x than 32-bit code. X[16] resides on stack, but access to it # is scheduled for L2 latency and staged through 32 least significant # bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI -# duality. Nevetheless it's ~40% faster than SHA256, which is pretty +# duality. Nevertheless it's ~40% faster than SHA256, which is pretty # good [optimal coefficient is 50%]. # # SHA512 on UltraSPARC T1. diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 6c2e1ca..38e5562 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -313,12 +313,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, /* * B1: verify whether r' in [1,n-1], verification failed if not - * B2: vefify whether s' in [1,n-1], verification failed if not + * B2: verify whether s' in [1,n-1], verification failed if not * B3: set M'~=ZA || M' * B4: calculate e'=Hv(M'~) * B5: calculate t = (r' + s') modn, verification failed if t=0 * B6: calculate the point (x1', y1')=[s']G + [t]PA - * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed + * B7: calculate R=(e'+x1') modn, verification pass if yes, otherwise failed */ ECDSA_SIG_get0(sig, &r, &s); diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c index f534c04..a74db5d 100644 --- a/crypto/sparse_array.c +++ b/crypto/sparse_array.c @@ -13,7 +13,7 @@ #include "internal/sparse_array.h" /* - * How many bits are used to index each level in the tree structre? + * How many bits are used to index each level in the tree structure? * This setting determines the number of pointers stored in each node of the * tree used to represent the sparse array. Having more pointers reduces the * depth of the tree but potentially wastes more memory. That is, this is a diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 9011653..5a70499 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -172,7 +172,7 @@ typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, typedef int (*file_eof_fn)(void *handler_ctx); /* * The destroy_ctx function is used to destroy the handler_ctx that was - * intiated by a repeatable try_decode fuction. This is only used when + * initiated by a repeatable try_decode function. This is only used when * the handler is marked repeatable. */ typedef void (*file_destroy_ctx_fn)(void **handler_ctx); @@ -470,7 +470,7 @@ static FILE_HANDLER PrivateKey_handler = { }; /* - * Public key decoder. Only supports SubjectPublicKeyInfo formated keys. + * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys. */ static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, const char *pem_header, diff --git a/demos/bio/descrip.mms b/demos/bio/descrip.mms index d49725f..44ca2fe 100644 --- a/demos/bio/descrip.mms +++ b/demos/bio/descrip.mms @@ -37,7 +37,7 @@ server-arg.exe : server-arg.obj server-cmod.exe : server-cmod.obj server-conf.exe : server-conf.obj -# Stoopid MMS doesn't infer this automatically... +# MMS doesn't infer this automatically... client-arg.obj : client-arg.c client-conf.obj : client-conf.c saccept.obj : saccept.c diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c index 4decdaa..c902e15 100644 --- a/demos/evp/aesgcm.c +++ b/demos/evp/aesgcm.c @@ -84,7 +84,7 @@ void aes_gcm_decrypt(void) EVP_CIPHER_CTX *ctx; int outlen, tmplen, rv; unsigned char outbuf[1024]; - printf("AES GCM Derypt:\n"); + printf("AES GCM Decrypt:\n"); printf("Ciphertext:\n"); BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct)); ctx = EVP_CIPHER_CTX_new(); diff --git a/doc/internal/man3/openssl_ctx_get_data.pod b/doc/internal/man3/openssl_ctx_get_data.pod index d9b3f5d..3d821b5 100644 --- a/doc/internal/man3/openssl_ctx_get_data.pod +++ b/doc/internal/man3/openssl_ctx_get_data.pod @@ -29,7 +29,7 @@ as a C, which allows data from diverse parts of the library to be added and removed dynamically. Each such data item must have a corresponding CRYPTO_EX_DATA index associated with it. Unlike normal CRYPTO_EX_DATA objects we use static indexes -to identify data items. These are mapped transparetnly to CRYPTO_EX_DATA dynamic +to identify data items. These are mapped transparently to CRYPTO_EX_DATA dynamic indexes internally to the implementation. See the example further down to see how that's done. diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index ecb99e0..c3c7319 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -135,7 +135,7 @@ must be incremented, using ossl_provider_upref(). This function is expected to set the method's reference count to 1. -=item desctruct() +=item destruct() Decrement the I's reference count, and destruct it when the reference count reaches zero. diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index 5a8e97b..b1018e2 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -141,7 +141,7 @@ function will get called. =item * -If no intialization function was given with ossl_provider_new(), a +If no initialization function was given with ossl_provider_new(), a loadable module with the I that was given to ossl_provider_new() will be located and loaded, then the symbol B will be located in that module, and called. diff --git a/doc/man1/mac.pod b/doc/man1/mac.pod index 5d1e796..3143df8 100644 --- a/doc/man1/mac.pod +++ b/doc/man1/mac.pod @@ -76,7 +76,7 @@ To see the list of supported digests, use the command I. =item B -Used by CMAC and GMAC to specifiy the cipher algorithm. +Used by CMAC and GMAC to specify the cipher algorithm. For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or DES-EDE3-CBC. For GMAC it should be a GCM mode cipher e.g. AES-128-GCM. diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod index 7590123..f86aac9 100644 --- a/doc/man3/ADMISSIONS.pod +++ b/doc/man3/ADMISSIONS.pod @@ -130,7 +130,7 @@ ADMISSION_SYNTAX_set0_contentsOfAdmissions() functions free any existing value and set the pointer to the specified value. The B type has an authority name, authority object, and a -stack of B items. +stack of B items. The ADMISSIONS_get0_admissionAuthority(), ADMISSIONS_get0_namingAuthority(), and ADMISSIONS_get0_professionInfos() functions return pointers to those values within the object. diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod index 42fc294..7cb9efa 100644 --- a/doc/man3/BIO_s_mem.pod +++ b/doc/man3/BIO_s_mem.pod @@ -109,7 +109,7 @@ Calling BIO_reset() on a read write memory BIO with BIO_FLAGS_NONCLEAR_RST flag set can have unexpected outcome when the reads and writes to the BIO are intertwined. As documented above the BIO will be reset to the state after the last completed write operation. The effects of reads -preceeding that write operation cannot be undone. +preceding that write operation cannot be undone. Calling BIO_get_mem_ptr() prior to a BIO_reset() call with BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation. diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 4c497fa..0f9c952 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -35,7 +35,7 @@ EVP_MD_CTX is freed). The digest B may be NULL if the signing algorithm supports it. -No B will be created by EVP_DigsetSignInit() if the passed B +No B will be created by EVP_DigestSignInit() if the passed B has already been assigned one via L. See also L. Only EVP_PKEY types that support signing can be used with these functions. This diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 9e2a045..97bb773 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -32,7 +32,7 @@ being passed to EVP_DigestVerifyInit() (which means the EVP_PKEY_CTX is created inside EVP_DigestVerifyInit() and it will be freed automatically when the EVP_MD_CTX is freed). -No B will be created by EVP_DigsetSignInit() if the passed B +No B will be created by EVP_DigestSignInit() if the passed B has already been assigned one via L. See also L. EVP_DigestVerifyUpdate() hashes B bytes of data at B into the diff --git a/doc/man3/EVP_MD_fetch.pod b/doc/man3/EVP_MD_fetch.pod index f229292..1e43b4f 100644 --- a/doc/man3/EVP_MD_fetch.pod +++ b/doc/man3/EVP_MD_fetch.pod @@ -140,7 +140,7 @@ See L. Where an application that previously used implicit fetch is converted to use explicit fetch care should be taken with the L function. -Specifically, this function returns the EVP_MD object orginally passed to +Specifically, this function returns the EVP_MD object originally passed to EVP_DigestInit_ex() (or other similar function). With implicit fetch the returned EVP_MD object is guaranteed to be available throughout the application lifetime. However, with explicit fetch EVP_MD objects are reference counted. @@ -199,7 +199,7 @@ implementation of whirlpool from it: EVP_MD_meth_free(md); Note that in the above example the property string "legacy=yes" is optional -since, assuming no other providers have been loaded, the only implmentation of +since, assuming no other providers have been loaded, the only implementation of the "whirlpool" algorithm is in the "legacy" provider. Also note that the default provider should be explicitly loaded if it is required in addition to other providers: diff --git a/doc/man3/EVP_md5.pod b/doc/man3/EVP_md5.pod index 01d7157..a0b127f 100644 --- a/doc/man3/EVP_md5.pod +++ b/doc/man3/EVP_md5.pod @@ -29,7 +29,7 @@ The MD5 algorithm which produces a 128-bit output from a given input. =item EVP_md5_sha1() -A hash algorithm of SSL v3 that combines MD5 with SHA-1 as decirbed in RFC +A hash algorithm of SSL v3 that combines MD5 with SHA-1 as described in RFC 6101. WARNING: this algorithm is not intended for non-SSL usage. diff --git a/doc/man3/OSSL_CRMF_pbmp_new.pod b/doc/man3/OSSL_CRMF_pbmp_new.pod index 877fee6..cdd30ff 100644 --- a/doc/man3/OSSL_CRMF_pbmp_new.pod +++ b/doc/man3/OSSL_CRMF_pbmp_new.pod @@ -22,7 +22,7 @@ OSSL_CRMF_pbmp_new OSSL_CRMF_pbm_new() generates a PBM (Password-Based MAC) based on given PBM parameters B, message B, and secret B, along with the respective -lengths B and B. On success writes the adddress of the newly +lengths B and B. On success writes the address of the newly allocated MAC via the B reference parameter and writes the length via the B reference parameter unless it its NULL. diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 6d19068..3aa6141 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -186,7 +186,7 @@ OSSL_PARAM_get_TYPE() retrieves a value of type B from the parameter B

. The value is copied to the address B. Type coercion takes place as discussed in the NOTES section. -OSSL_PARAM_set_TYPE() stores a value B of type B into the paramter +OSSL_PARAM_set_TYPE() stores a value B of type B into the parameter B

. Type coercion takes place as discussed in the NOTES section. @@ -194,7 +194,7 @@ OSSL_PARAM_get_BN() retrieves a BIGNUM from the parameter pointed to by B

. The BIGNUM referenced by B is updated and is allocated if B<*val> is B. -OSSL_PARAM_set_BN() stores the BIGNUM B into the paramater B

. +OSSL_PARAM_set_BN() stores the BIGNUM B into the parameter B

. OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter pointed to by B

. diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 0a4d2f7..101857d 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -95,7 +95,7 @@ manner possible according to the scheme the loader implements, it also takes a B and associated data, to be used any time something needs to be prompted for. Furthermore, this function is expected to initialize what needs to be -initialized, to create a privata data store (B, see +initialized, to create a private data store (B, see above), and to return it. If something goes wrong, this function is expected to return NULL. diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod index 05d6ea3..1a270c8 100644 --- a/doc/man3/OSSL_STORE_expect.pod +++ b/doc/man3/OSSL_STORE_expect.pod @@ -32,7 +32,7 @@ grained search of objects. OSSL_STORE_supports_search() checks if the loader of the given OSSL_STORE context supports the given search type. -See L for information on the +See L for information on the supported search criterion types. OSSL_STORE_expect() and OSSL_STORE_find I be called before the first diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod index 09a6ef1..695c190 100644 --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -111,7 +111,7 @@ and is being used. The derivation function is disabled during initialization by calling the RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. For more information on the derivation function and when it can be omitted, -see [NIST SP 800-90A Rev. 1]. Roughly speeking it can be omitted if the random +see [NIST SP 800-90A Rev. 1]. Roughly speaking it can be omitted if the random source has "full entropy", i.e., contains 8 bits of entropy per byte. Even if a nonce is required, the B() and B() diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod index 2780e99..1852405 100644 --- a/doc/man3/SSL_CTX_set_cipher_list.pod +++ b/doc/man3/SSL_CTX_set_cipher_list.pod @@ -36,7 +36,7 @@ B. SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for B. This is a simple colon (":") separated list of TLSv1.3 -ciphersuite names in order of perference. Valid TLSv1.3 ciphersuite names are: +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: =over 4 diff --git a/doc/man3/SSL_CTX_set_srp_password.pod b/doc/man3/SSL_CTX_set_srp_password.pod index 0936885..b8a5873 100644 --- a/doc/man3/SSL_CTX_set_srp_password.pod +++ b/doc/man3/SSL_CTX_set_srp_password.pod @@ -111,7 +111,7 @@ user salt, B the password verifier and B is the optional user info. The SSL_set_srp_server_param_pw() function sets all SRP parameters for the connection B by generating a random salt and a password verifier. -B is the username, B the password and B the SRP group paramters +B is the username, B the password and B the SRP group parameters identifier for L. The SSL_get_srp_g() function returns the SRP group generator for B, or from diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index f54a21d..5a0e769 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -6,7 +6,7 @@ SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected -- get and set SNI and ALPN data ssociated with a session +- get and set SNI and ALPN data associated with a session =head1 SYNOPSIS diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index b18c215..a1ceb20 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -125,7 +125,7 @@ of bytes of the file written to the TLS/SSL connection. =item E 0 The write operation was not successful, because either the connection was -closed, an error occured or action must be taken by the calling process. +closed, an error occurred or action must be taken by the calling process. Call SSL_get_error() with the return value to find out the reason. =back diff --git a/doc/man7/EVP_KDF_SS.pod b/doc/man7/EVP_KDF_SS.pod index 3702ffe..b3de26a 100644 --- a/doc/man7/EVP_KDF_SS.pod +++ b/doc/man7/EVP_KDF_SS.pod @@ -11,7 +11,7 @@ SSKDF derives a key using input such as a shared secret key (that was generated during the execution of a key establishment scheme) and fixedinfo. SSKDF is also informally referred to as 'Concat KDF'. -=head2 Auxilary function +=head2 Auxiliary function The implementation uses a selectable auxiliary function H, which can be one of: diff --git a/doc/man7/EVP_KDF_SSHKDF.pod b/doc/man7/EVP_KDF_SSHKDF.pod index 9c9734e..e233e86 100644 --- a/doc/man7/EVP_KDF_SSHKDF.pod +++ b/doc/man7/EVP_KDF_SSHKDF.pod @@ -68,12 +68,12 @@ Sets the type for the SSHHKDF operation. There are six supported types: =over 4 -=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV +=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV The Initial IV from client to server. A single char of value 65 (ASCII char 'A'). -=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_SRV_TO_CLI +=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI The Initial IV from server to client A single char of value 66 (ASCII char 'B'). @@ -103,7 +103,7 @@ A single char of value 70 (ASCII char 'F'). EVP_KDF_ctrl_str() type string: "type" The value is a string of length one character. The only valid values -are the numerical values of the ASCII caracters: "A" (65) to "F" (70). +are the numerical values of the ASCII characters: "A" (65) to "F" (70). =back @@ -142,7 +142,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate if (EVP_KDF_CTX_set1_sshkdf_session_id(kctx, session_id, 32) <= 0) /* Error */ if (EVP_KDF_CTX_set_sshkdf_type(kctx, - EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV) <= 0) + EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV) <= 0) /* Error */ if (EVP_KDF_derive(kctx, out, &outlen) <= 0) /* Error */ diff --git a/doc/man7/EVP_KDF_X963.pod b/doc/man7/EVP_KDF_X963.pod index 11789ae..eaea6da 100644 --- a/doc/man7/EVP_KDF_X963.pod +++ b/doc/man7/EVP_KDF_X963.pod @@ -71,7 +71,7 @@ decoded before being passed on as the control value. =head1 NOTES -X963KDF is very similar to the SSKDF that uses a digest as the auxilary function, +X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. A context for X963KDF can be obtained by calling: diff --git a/doc/man7/property.pod b/doc/man7/property.pod index a9b2a77..5b329ee 100644 --- a/doc/man7/property.pod +++ b/doc/man7/property.pod @@ -68,7 +68,7 @@ Matching such clauses is not a requirement, but any additional optional match counts in favor of the algorithm. More details about that in the B section. A I is a sequence of comma separated property query clauses. -The full syntax for property queries appears below, but the available syntatic +The full syntax for property queries appears below, but the available syntactic features are: =over 4 @@ -129,7 +129,7 @@ Where both the context and local queries include a clause with the same name, the local clause overrides the context clause. It is possible for a local property query to remove a clause in the context -property query by preceeding the property name with a '-'. +property query by preceding the property name with a '-'. For example, a context property query that contains "fips=yes" would normally result in implementations that have "fips=yes". diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index ac237cd..f51b501 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -59,7 +59,7 @@ struct driver_info_st { enum devcrypto_accelerated_t { DEVCRYPTO_NOT_ACCELERATED = -1, /* software implemented */ - DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support unkown */ + DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support unknown */ DEVCRYPTO_ACCELERATED = 1 /* hardware accelerated */ } accelerated; diff --git a/include/internal/property.h b/include/internal/property.h index d143263..a916be3 100644 --- a/include/internal/property.h +++ b/include/internal/property.h @@ -28,7 +28,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, const char *prop_query); -/* proeprty query cache functions */ +/* property query cache functions */ int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void **result); int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, int nid, diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h index 033e970..69a1754 100644 --- a/include/internal/thread_once.h +++ b/include/internal/thread_once.h @@ -72,9 +72,9 @@ * function defined via DEFINE_ONCE_STATIC where both functions use the same * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function * is used only one of the primary or the alternative initialiser function will - * ever be called - and that function will be called exactly once. Definitition + * ever be called - and that function will be called exactly once. Definition * of an alternative initialiser function MUST occur AFTER the definition of the - * primiary initialiser function. + * primary initialiser function. * * Typical usage might be: * diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h index 0fd2f3e..f8285b1 100644 --- a/include/internal/tsan_assist.h +++ b/include/internal/tsan_assist.h @@ -18,7 +18,7 @@ * if (var == NOT_YET_INITIALIZED) * var = function_returning_same_value(); * - * This does work provided that loads and stores are single-instuction + * This does work provided that loads and stores are single-instruction * operations (and integer ones are on *all* supported platforms), but * it upsets Thread Sanitizer. Suggested solution is * diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c index 3edc78d..a619b37 100644 --- a/test/asn1_time_test.c +++ b/test/asn1_time_test.c @@ -24,8 +24,8 @@ struct testdata { int expected_type; /* expected type after set/set_string_gmt */ int check_result; /* check result */ time_t t; /* expected time_t*/ - int cmp_result; /* compariston to baseline result */ - int convert_result; /* convertion result */ + int cmp_result; /* comparison to baseline result */ + int convert_result; /* conversion result */ }; static struct testdata tbl_testdata_pos[] = { diff --git a/test/drbgtest.c b/test/drbgtest.c index f75c432..9efdd87 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -332,7 +332,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) * Personalisation string tests */ - /* Test detection of too large personlisation string */ + /* Test detection of too large personalisation string */ if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0) goto err; diff --git a/test/dtlstest.c b/test/dtlstest.c index 98a23f8..2484862 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -96,7 +96,7 @@ static int test_dtls_unprocessed(int testidx) /* * Create the connection. We use "create_bare_ssl_connection" here so that - * we can force the connection to not do "SSL_read" once partly conencted. + * we can force the connection to not do "SSL_read" once partly connected. * We don't want to accidentally read the dummy records we injected because * they will fail to decrypt. */ diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 27ce98a..fc3d628 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1178,7 +1178,7 @@ static int test_EVP_MD_fetch(int tst) md = NULL; /* - * Explicitly asking for the default implementation should succeeed except + * Explicitly asking for the default implementation should succeed except * in test 4 where the default provider is not loaded. */ md = EVP_MD_fetch(ctx, "SHA256", "default=yes"); diff --git a/test/params_test.c b/test/params_test.c index 50beb17..339a516 100644 --- a/test/params_test.c +++ b/test/params_test.c @@ -46,13 +46,13 @@ struct object_st { double p2; /* * Documented as an arbitrarly large unsigned integer. - * The data size must be large enough to accomodate. + * The data size must be large enough to accommodate. * Assumed data type OSSL_PARAM_UNSIGNED_INTEGER */ BIGNUM *p3; /* * Documented as a C string. - * The data size must be large enough to accomodate. + * The data size must be large enough to accommodate. * Assumed data type OSSL_PARAM_UTF8_STRING */ char *p4; @@ -293,7 +293,7 @@ static const struct provider_dispatch_st provider_api = { /* In all our tests, these are variables that get manipulated as parameters * - * These arrays consistenly do nothing with the "p2" parameter, and + * These arrays consistently do nothing with the "p2" parameter, and * always include a "foo" parameter. This is to check that the * set_params and get_params calls ignore the lack of parameters that * the application isn't interested in, as well as ignore parameters diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 4cabc1f..67d8cd0 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -1036,7 +1036,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) /* * We attempt to read some data on the client side which we expect to fail. * This will ensure we have received the NewSessionTicket in TLSv1.3 where - * appropriate. We do this twice because there are 2 NewSesionTickets. + * appropriate. We do this twice because there are 2 NewSessionTickets. */ for (i = 0; i < 2; i++) { if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index 490e7c9..4756faa 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -17,7 +17,7 @@ #define KEYLEN 16 /* - * Based on the test vectors availble in: + * Based on the test vectors available in: * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06 */ diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 5d6e9d9..ee4c8eb 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -165,13 +165,13 @@ C takes some additional options OPTS that affect the subdirectory: =item B 0|1> -When set to 1 (or any value that perl preceives as true), the subdirectory +When set to 1 (or any value that perl perceives as true), the subdirectory will be created if it doesn't already exist. This happens before BLOCK is executed. =item B 0|1> -When set to 1 (or any value that perl preceives as true), the subdirectory +When set to 1 (or any value that perl perceives as true), the subdirectory will be cleaned out and removed. This happens both before and after BLOCK is executed. From builds at travis-ci.org Tue Jul 2 12:42:14 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 12:42:14 +0000 Subject: Still Failing: openssl/openssl#26202 (master - c2969ff) In-Reply-To: Message-ID: <5d1b5125d66d2_43fa42c3c68282480e3@0ab24e4b-e7c1-4159-8833-49fad1d2f980.mail> Build Update for openssl/openssl ------------------------------------- Build: #26202 Status: Still Failing Duration: 18 mins and 10 secs Commit: c2969ff (master) Author: Antoine C?ur Message: Fix Typos CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9288) View the changeset: https://github.com/openssl/openssl/compare/f663ddc7b00a...c2969ff6e70b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553268106?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 2 13:33:55 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jul 2019 13:33:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1562074435.975433.30443.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 19ea6b2b37 Fix a leak in evp_test 9a131ad747 Change RC5_32_set_key to return an int type 792cb4ee8d Ensure that rc5 doesn't try to use a key longer than 2040 bits 08607613d5 Only cache a method if we actually created one 68756b12f5 Fix Typos 3f1679b261 Add OIDs for kmac128, kmac256 and blake2. e955edcda6 Add a note in the contributing file about trivial commits. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 233 wallclock secs ( 1.73 usr 0.34 sys + 224.04 cusr 19.99 csys = 246.10 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 2 14:20:59 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jul 2019 14:20:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1562077259.676814.22560.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 19ea6b2b37 Fix a leak in evp_test 9a131ad747 Change RC5_32_set_key to return an int type 792cb4ee8d Ensure that rc5 doesn't try to use a key longer than 2040 bits 08607613d5 Only cache a method if we actually created one 68756b12f5 Fix Typos 3f1679b261 Add OIDs for kmac128, kmac256 and blake2. e955edcda6 Add a note in the contributing file about trivial commits. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 220 wallclock secs ( 1.59 usr 0.38 sys + 214.52 cusr 18.40 csys = 234.89 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Tue Jul 2 14:23:49 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 02 Jul 2019 14:23:49 +0000 Subject: [openssl] master update Message-ID: <1562077429.322583.13256.nullmailer@dev.openssl.org> The branch master has been updated via 94f4d58a87eac9c6fe4cb46b998656bd6d6f03a5 (commit) via 6335f837cfa7eaf1202f2557bf2ba148987226e7 (commit) from c2969ff6e70b10f71fbd97c1d0b0cffc92bd69df (commit) - Log ----------------------------------------------------------------- commit 94f4d58a87eac9c6fe4cb46b998656bd6d6f03a5 Author: Bernd Edlinger Date: Mon Jul 1 09:41:47 2019 +0200 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data The member value.ptr is undefined for those ASN1 types. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9278) commit 6335f837cfa7eaf1202f2557bf2ba148987226e7 Author: Bernd Edlinger Date: Mon Jul 1 09:06:02 2019 +0200 Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN BOOLEAN does not have valid data in the value.ptr member, thus don't use it here. Fixes #9276 [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9278) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_type.c | 8 ++++++-- crypto/x509/x509_att.c | 4 +++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 1584401..9b8810c 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -15,7 +15,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) { - if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) + if (a->type == V_ASN1_BOOLEAN + || a->type == V_ASN1_NULL + || a->value.ptr != NULL) return a->type; else return 0; @@ -23,7 +25,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { - if (a->value.ptr != NULL) { + if (a->type != V_ASN1_BOOLEAN + && a->type != V_ASN1_NULL + && a->value.ptr != NULL) { ASN1_TYPE **tmp_a = &a; asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); } diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index f1cd9df..317a45a4 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -314,7 +314,9 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, ttmp = X509_ATTRIBUTE_get0_type(attr, idx); if (!ttmp) return NULL; - if (atrtype != ASN1_TYPE_get(ttmp)) { + if (atrtype == V_ASN1_BOOLEAN + || atrtype == V_ASN1_NULL + || atrtype != ASN1_TYPE_get(ttmp)) { X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); return NULL; } From bernd.edlinger at hotmail.de Tue Jul 2 14:24:27 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 02 Jul 2019 14:24:27 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562077467.232960.14315.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 261ec72d58af64327214a78ca1c54b169ad93c28 (commit) from 3003d2dba996d16e47c8bc70a23c70b3d394fb7c (commit) - Log ----------------------------------------------------------------- commit 261ec72d58af64327214a78ca1c54b169ad93c28 Author: Bernd Edlinger Date: Mon Jul 1 09:06:02 2019 +0200 Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN BOOLEAN does not have valid data in the value.ptr member, thus don't use it here. Fixes #9276 [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9278) (cherry picked from commit 6335f837cfa7eaf1202f2557bf2ba148987226e7) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_type.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 0c7aebe..84e78df 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -15,7 +15,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) { - if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) + if (a->type == V_ASN1_BOOLEAN + || a->type == V_ASN1_NULL + || a->value.ptr != NULL) return a->type; else return 0; @@ -23,7 +25,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { - if (a->value.ptr != NULL) { + if (a->type != V_ASN1_BOOLEAN + && a->type != V_ASN1_NULL + && a->value.ptr != NULL) { ASN1_TYPE **tmp_a = &a; asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); } From bernd.edlinger at hotmail.de Tue Jul 2 14:25:14 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 02 Jul 2019 14:25:14 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562077514.541061.15284.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 42180a229e97b0bcbbe07aeadb3dcb7dc31cfdc4 (commit) from 261ec72d58af64327214a78ca1c54b169ad93c28 (commit) - Log ----------------------------------------------------------------- commit 42180a229e97b0bcbbe07aeadb3dcb7dc31cfdc4 Author: Bernd Edlinger Date: Mon Jul 1 09:41:47 2019 +0200 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data The member value.ptr is undefined for those ASN1 types. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9278) (cherry picked from commit 94f4d58a87eac9c6fe4cb46b998656bd6d6f03a5) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_att.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 63895ef..65daa49 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -314,7 +314,9 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, ttmp = X509_ATTRIBUTE_get0_type(attr, idx); if (!ttmp) return NULL; - if (atrtype != ASN1_TYPE_get(ttmp)) { + if (atrtype == V_ASN1_BOOLEAN + || atrtype == V_ASN1_NULL + || atrtype != ASN1_TYPE_get(ttmp)) { X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); return NULL; } From levitte at openssl.org Tue Jul 2 14:30:58 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jul 2019 14:30:58 +0000 Subject: [openssl] master update Message-ID: <1562077858.732181.19049.nullmailer@dev.openssl.org> The branch master has been updated via 7c95390ef021e18d6b834cea9009d0d26b4642d5 (commit) from 94f4d58a87eac9c6fe4cb46b998656bd6d6f03a5 (commit) - Log ----------------------------------------------------------------- commit 7c95390ef021e18d6b834cea9009d0d26b4642d5 Author: Richard Levitte Date: Tue Jul 2 14:57:36 2019 +0200 ossl_provider_upref to ossl_provider_up_ref Common pattern is that the routines to increment the reference count are called something_up_ref, not something_upref. Adapt ossl_provider_upref() accordingly. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9293) ----------------------------------------------------------------------- Summary of changes: crypto/evp/digest.c | 2 +- crypto/evp/evp_enc.c | 2 +- crypto/evp/evp_fetch.c | 6 +++--- crypto/evp/evp_locl.h | 2 +- crypto/provider_core.c | 8 ++++---- doc/internal/man3/evp_generic_fetch.pod | 12 ++++++------ doc/internal/man3/ossl_method_construct.pod | 2 +- doc/internal/man3/ossl_provider_new.pod | 8 ++++---- include/internal/provider.h | 2 +- 9 files changed, 22 insertions(+), 22 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index f26caed..65b12e3 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -660,7 +660,7 @@ static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, } md->prov = prov; if (prov != NULL) - ossl_provider_upref(prov); + ossl_provider_up_ref(prov); return md; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index e7bebdc..ebe7fa8 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1174,7 +1174,7 @@ static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns, } cipher->prov = prov; if (prov != NULL) - ossl_provider_upref(prov); + ossl_provider_up_ref(prov); return cipher; } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index e785474..0c25f0d 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -157,7 +157,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, const char *name, const char *properties, void *(*new_method)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), - int (*upref_method)(void *), + int (*up_ref_method)(void *), void (*free_method)(void *)) { OSSL_METHOD_STORE *store = get_default_method_store(libctx); @@ -203,7 +203,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, mcmdata.name = name; mcmdata.method_from_dispatch = new_method; mcmdata.destruct_method = free_method; - mcmdata.refcnt_up_method = upref_method; + mcmdata.refcnt_up_method = up_ref_method; mcmdata.destruct_method = free_method; if ((method = ossl_method_construct(libctx, operation_id, name, properties, 0 /* !force_cache */, @@ -219,7 +219,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, ossl_method_store_cache_set(store, methid, properties, method); } } else { - upref_method(method); + up_ref_method(method); } return method; diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 8876b06..fdafe4f 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -93,5 +93,5 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, const char *algorithm, const char *properties, void *(*new_method)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), - int (*upref_method)(void *), + int (*up_ref_method)(void *), void (*free_method)(void *)); diff --git a/crypto/provider_core.c b/crypto/provider_core.c index f1b3925..cb136c4 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -159,7 +159,7 @@ OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name) CRYPTO_THREAD_write_lock(store->lock); if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1 || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL - || !ossl_provider_upref(prov)) + || !ossl_provider_up_ref(prov)) prov = NULL; CRYPTO_THREAD_unlock(store->lock); } @@ -181,7 +181,7 @@ static OSSL_PROVIDER *provider_new(const char *name, #ifndef HAVE_ATOMICS || (prov->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL #endif - || !ossl_provider_upref(prov) /* +1 One reference to be returned */ + || !ossl_provider_up_ref(prov) /* +1 One reference to be returned */ || (prov->name = OPENSSL_strdup(name)) == NULL) { ossl_provider_free(prov); CRYPTOerr(CRYPTO_F_PROVIDER_NEW, ERR_R_MALLOC_FAILURE); @@ -192,7 +192,7 @@ static OSSL_PROVIDER *provider_new(const char *name, return prov; } -int ossl_provider_upref(OSSL_PROVIDER *prov) +int ossl_provider_up_ref(OSSL_PROVIDER *prov) { int ref = 0; @@ -223,7 +223,7 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, return NULL; CRYPTO_THREAD_write_lock(store->lock); - if (!ossl_provider_upref(prov)) { /* +1 One reference for the store */ + if (!ossl_provider_up_ref(prov)) { /* +1 One reference for the store */ ossl_provider_free(prov); /* -1 Reference that was to be returned */ prov = NULL; } else if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) { diff --git a/doc/internal/man3/evp_generic_fetch.pod b/doc/internal/man3/evp_generic_fetch.pod index 2679a7e..0688ac0 100644 --- a/doc/internal/man3/evp_generic_fetch.pod +++ b/doc/internal/man3/evp_generic_fetch.pod @@ -13,7 +13,7 @@ evp_generic_fetch - generic algorithm fetcher and method creator for EVP const char *name, const char *properties, void *(*new_method)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), - int (*upref_method)(void *), + int (*up_ref_method)(void *), void (*free_method)(void *)); =head1 DESCRIPTION @@ -21,7 +21,7 @@ evp_generic_fetch - generic algorithm fetcher and method creator for EVP evp_generic_fetch() calls ossl_method_construct() with the given C, C, C, and C and uses it to create an EVP method with the help of the functions -C, C, and C. +C, C, and C. The three functions are supposed to: @@ -32,7 +32,7 @@ The three functions are supposed to: creates an internal method from function pointers found in the dispatch table C. -=item upref_method() +=item up_ref_method() increments the reference counter for the given method, if there is one. @@ -116,7 +116,7 @@ And here's the implementation of the FOO method fetcher: } foo->prov = prov; if (prov) - ossl_provider_upref(prov); + ossl_provider_up_ref(prov); return foo; } @@ -137,7 +137,7 @@ And here's the implementation of the FOO method fetcher: return EVP_FOO_meth_from_dispatch(fns, prov); } - static int foo_upref(void *vfoo) + static int foo_up_ref(void *vfoo) { EVP_FOO *foo = vfoo; int ref = 0; @@ -157,7 +157,7 @@ And here's the implementation of the FOO method fetcher: { EVP_FOO *foo = evp_generic_fetch(ctx, OSSL_OP_FOO, name, properties, - foo_from_dispatch, foo_upref, foo_free); + foo_from_dispatch, foo_up_ref, foo_free); /* * If this method exists in legacy form, with a constant NID for the diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index c3c7319..9beb794 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -131,7 +131,7 @@ The associated provider object I is passed as well, to make it possible for the sub-system constructor to keep a reference, which is recommended. If such a reference is kept, the I reference counter -must be incremented, using ossl_provider_upref(). +must be incremented, using ossl_provider_up_ref(). This function is expected to set the method's reference count to 1. diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index b1018e2..cb40cb2 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -2,7 +2,7 @@ =head1 NAME -ossl_provider_find, ossl_provider_new, ossl_provider_upref, +ossl_provider_find, ossl_provider_new, ossl_provider_up_ref, ossl_provider_free, ossl_provider_set_fallback, ossl_provider_set_module_path, ossl_provider_add_parameter, @@ -22,7 +22,7 @@ ossl_provider_get_params, ossl_provider_query_operation OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name); OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, ossl_provider_init_fn *init_function); - int ossl_provider_upref(OSSL_PROVIDER *prov); + int ossl_provider_up_ref(OSSL_PROVIDER *prov); void ossl_provider_free(OSSL_PROVIDER *prov); /* Setters */ @@ -99,7 +99,7 @@ function. For further description of the initialisation function, see the description of ossl_provider_activate() below. -ossl_provider_upref() increments the provider object I's +ossl_provider_up_ref() increments the provider object I's reference count. ossl_provider_free() decrements the provider object I's @@ -220,7 +220,7 @@ of the built in macro B. ossl_provider_find() and ossl_provider_new() return a pointer to a provider object (I) on success, or NULL on error. -ossl_provider_upref() returns the value of the reference count after +ossl_provider_up_ref() returns the value of the reference count after it has been incremented. ossl_provider_free() doesn't return any value. diff --git a/include/internal/provider.h b/include/internal/provider.h index 7d50701..493fbde 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -29,7 +29,7 @@ extern "C" { OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name); OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, OSSL_provider_init_fn *init_function); -int ossl_provider_upref(OSSL_PROVIDER *prov); +int ossl_provider_up_ref(OSSL_PROVIDER *prov); void ossl_provider_free(OSSL_PROVIDER *prov); /* Setters */ From levitte at openssl.org Tue Jul 2 15:03:08 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jul 2019 15:03:08 +0000 Subject: [openssl] master update Message-ID: <1562079788.982822.27302.nullmailer@dev.openssl.org> The branch master has been updated via 6592ab81d21fc01e05a01cd5b96c84b069bf8acf (commit) via 6ebc2f56f04ac2738d3b9bfc732063ad8f51e75d (commit) from 7c95390ef021e18d6b834cea9009d0d26b4642d5 (commit) - Log ----------------------------------------------------------------- commit 6592ab81d21fc01e05a01cd5b96c84b069bf8acf Author: Richard Levitte Date: Tue Jun 18 11:39:13 2019 +0200 FIPS module: adapt for the changed error reporting methods The FIPS module inner provider doesn't need to deal with error reason strings or error library number, since it uses the outer provider's error reporting upcalls. We therefore disable that code in crypto/provider_core.c when building the FIPS module. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9174) commit 6ebc2f56f04ac2738d3b9bfc732063ad8f51e75d Author: Richard Levitte Date: Tue Jun 18 11:18:31 2019 +0200 Replumbing: re-implement error reporting for providers The idea is that providers should only have to report a reason code. The library code is considered to be libcrypto internal, and are allocated dynamically and automatically for providers on creation. We reserve the upper 8 bits of the reason code for internal OpenSSL use. This allows our own providers to report errors in form of a packed number that includes library number, function number and reason number. With this, a provider can potentially use any reason number it wants from 1 to 16777216, although the current error semantics really only allow 1 to 4095 (because only the lower 12 bits are currently considered an actual reason code by the ERR subsystem). A provider can provide a reason string table in form of an array of ERR_STRING_DATA, with each item containing just the reason code and the associated string, with the dispatch function numbered OSSL_FUNC_PROVIDER_GET_REASON_STRINGS matching the type OSSL_provider_get_reason_strings_fn. If available, libcrypto will call that function on provider activation. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9174) ----------------------------------------------------------------------- Summary of changes: crypto/provider_core.c | 127 ++++++++++++++++++++++++++++++++++++++++- include/openssl/core_numbers.h | 11 +++- providers/fips/fipsprov.c | 11 ++-- 3 files changed, 138 insertions(+), 11 deletions(-) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index cb136c4..5860448 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -49,6 +49,16 @@ struct ossl_provider_st { STACK_OF(INFOPAIR) *parameters; OPENSSL_CTX *libctx; /* The library context this instance is in */ struct provider_store_st *store; /* The store this instance belongs to */ +#ifndef FIPS_MODE + /* + * In the FIPS module inner provider, this isn't needed, since the + * error upcalls are always direct calls to the outer provider. + */ + int error_lib; /* ERR library number, one for each provider */ +# ifndef OPENSSL_NO_ERR + ERR_STRING_DATA *error_strings; /* Copy of what the provider gives us */ +# endif +#endif /* Provider side functions */ OSSL_provider_teardown_fn *teardown; @@ -123,6 +133,9 @@ static void *provider_store_new(OPENSSL_CTX *ctx) } prov->libctx = ctx; prov->store = store; +#ifndef FIPS_MODE + prov->error_lib = ERR_get_next_error_library(); +#endif if(p->is_fallback) ossl_provider_set_fallback(prov); } @@ -233,6 +246,9 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, } else { prov->libctx = libctx; prov->store = store; +#ifndef FIPS_MODE + prov->error_lib = ERR_get_next_error_library(); +#endif } CRYPTO_THREAD_unlock(store->lock); @@ -274,6 +290,15 @@ void ossl_provider_free(OSSL_PROVIDER *prov) #endif if (prov->teardown != NULL) prov->teardown(prov->provctx); +#ifndef OPENSSL_NO_ERR +# ifndef FIPS_MODE + if (prov->error_strings != NULL) { + ERR_unload_strings(prov->error_lib, prov->error_strings); + OPENSSL_free(prov->error_strings); + prov->error_strings = NULL; + } +# endif +#endif prov->flag_initialized = 0; } @@ -352,6 +377,11 @@ static const OSSL_DISPATCH *core_dispatch; /* Define further down */ static int provider_activate(OSSL_PROVIDER *prov) { const OSSL_DISPATCH *provider_dispatch = NULL; +#ifndef OPENSSL_NO_ERR +# ifndef FIPS_MODE + OSSL_provider_get_reason_strings_fn *p_get_reason_strings = NULL; +# endif +#endif if (prov->flag_initialized) return 1; @@ -435,9 +465,62 @@ static int provider_activate(OSSL_PROVIDER *prov) prov->query_operation = OSSL_get_provider_query_operation(provider_dispatch); break; +#ifndef OPENSSL_NO_ERR +# ifndef FIPS_MODE + case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: + p_get_reason_strings = + OSSL_get_provider_get_reason_strings(provider_dispatch); + break; +# endif +#endif } } +#ifndef OPENSSL_NO_ERR +# ifndef FIPS_MODE + if (p_get_reason_strings != NULL) { + const OSSL_ITEM *reasonstrings = p_get_reason_strings(prov->provctx); + size_t cnt, cnt2; + + /* + * ERR_load_strings() handles ERR_STRING_DATA rather than OSSL_ITEM, + * although they are essentially the same type. + * Furthermore, ERR_load_strings() patches the array's error number + * with the error library number, so we need to make a copy of that + * array either way. + */ + cnt = 1; /* One for the terminating item */ + while (reasonstrings[cnt].id != 0) { + if (ERR_GET_LIB(reasonstrings[cnt].id) != 0) + return 0; + cnt++; + } + + /* Allocate one extra item for the "library" name */ + prov->error_strings = + OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1)); + if (prov->error_strings == NULL) + return 0; + + /* + * Set the "library" name. + */ + prov->error_strings[0].error = ERR_PACK(prov->error_lib, 0, 0); + prov->error_strings[0].string = prov->name; + /* + * Copy reasonstrings item 0..cnt-1 to prov->error_trings positions + * 1..cnt. + */ + for (cnt2 = 1; cnt2 <= cnt; cnt2++) { + prov->error_strings[cnt2].error = (int)reasonstrings[cnt2-1].id; + prov->error_strings[cnt2].string = reasonstrings[cnt2-1].ptr; + } + + ERR_load_strings(prov->error_lib, prov->error_strings); + } +# endif +#endif + /* With this flag set, this provider has become fully "loaded". */ prov->flag_initialized = 1; @@ -675,13 +758,53 @@ static int core_thread_start(const OSSL_PROVIDER *prov, return ossl_init_thread_start(prov, prov->provctx, handfn); } +/* + * The FIPS module inner provider doesn't implement these. They aren't + * needed there, since the FIPS module upcalls are always the outer provider + * ones. + */ +#ifndef FIPS_MODE +static void core_put_error(const OSSL_PROVIDER *prov, + uint32_t reason, const char *file, int line) +{ + /* + * If the uppermost 8 bits are non-zero, it's an OpenSSL library + * error and will be treated as such. Otherwise, it's a new style + * provider error and will be treated as such. + */ + if (ERR_GET_LIB(reason) != 0) { + ERR_PUT_error(ERR_GET_LIB(reason), + ERR_GET_FUNC(reason), + ERR_GET_REASON(reason), + file, line); + } else { + ERR_PUT_error(prov->error_lib, 0, (int)reason, file, line); + } +} + +/* + * TODO(3.0) This, as well as core_put_error above, should use |prov| + * to select the proper library context to report in the correct error + * stack, at least if error stacks become tied to the library context. + * We cannot currently do that since there's no support for it in the + * ERR subsystem. + */ +static void core_add_error_vdata(const OSSL_PROVIDER *prov, + int num, va_list args) +{ + ERR_add_error_vdata(num, args); +} +#endif + static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_GET_PARAM_TYPES, (void (*)(void))core_get_param_types }, { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params }, { OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT, (void (*)(void))core_get_libctx }, { OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start }, - { OSSL_FUNC_CORE_PUT_ERROR, (void (*)(void))ERR_put_error }, - { OSSL_FUNC_CORE_ADD_ERROR_VDATA, (void (*)(void))ERR_add_error_vdata }, +#ifndef FIPS_MODE + { OSSL_FUNC_CORE_PUT_ERROR, (void (*)(void))core_put_error }, + { OSSL_FUNC_CORE_ADD_ERROR_VDATA, (void (*)(void))core_add_error_vdata }, +#endif { 0, NULL } }; static const OSSL_DISPATCH *core_dispatch = core_dispatch_; diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 8807942..ff50636 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -62,10 +62,12 @@ OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov, OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_PROVIDER *prov, OSSL_thread_stop_handler_fn handfn)) # define OSSL_FUNC_CORE_PUT_ERROR 4 -OSSL_CORE_MAKE_FUNC(void,core_put_error,(int lib, int func, int reason, - const char *file, int line)) +OSSL_CORE_MAKE_FUNC(void,core_put_error, + (const OSSL_PROVIDER *prov, + uint32_t reason, const char *file, int line)) # define OSSL_FUNC_CORE_ADD_ERROR_VDATA 5 -OSSL_CORE_MAKE_FUNC(void,core_add_error_vdata,(int num, va_list args)) +OSSL_CORE_MAKE_FUNC(void,core_add_error_vdata,(const OSSL_PROVIDER *prov, + int num, va_list args)) # define OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT 6 OSSL_CORE_MAKE_FUNC(OPENSSL_CTX *,core_get_library_context, (const OSSL_PROVIDER *prov)) @@ -83,6 +85,9 @@ OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, # define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, (void *provctx, int operation_id, const int *no_store)) +# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028 +OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, + (void *provctx)) /* Digests */ diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index b0196f0..eb2a0c4 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -378,12 +378,11 @@ int fips_intern_provider_init(const OSSL_PROVIDER *provider, void ERR_put_error(int lib, int func, int reason, const char *file, int line) { /* - * TODO(3.0): This works for the FIPS module because we're going to be - * using lib/func/reason codes that libcrypto already knows about. This - * won't work for third party providers that have their own error mechanisms, - * so we'll need to come up with something else for them. + * TODO(3.0) the first argument is currently NULL but is expected to + * be passed something else in the future, either an OSSL_PROVIDER or + * a OPENSSL_CTX pointer. */ - c_put_error(lib, func, reason, file, line); + c_put_error(NULL, ERR_PACK(lib, func, reason), file, line); ERR_add_error_data(1, "(in the FIPS module)"); } @@ -398,7 +397,7 @@ void ERR_add_error_data(int num, ...) void ERR_add_error_vdata(int num, va_list args) { - c_add_error_vdata(num, args); + c_add_error_vdata(NULL, num, args); } const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) From patrick.steuer at de.ibm.com Tue Jul 2 15:35:59 2019 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Tue, 02 Jul 2019 15:35:59 +0000 Subject: [openssl] master update Message-ID: <1562081759.819527.8989.nullmailer@dev.openssl.org> The branch master has been updated via f690ef151c0c3becc234daebf0418e04ff80580e (commit) from 6592ab81d21fc01e05a01cd5b96c84b069bf8acf (commit) - Log ----------------------------------------------------------------- commit f690ef151c0c3becc234daebf0418e04ff80580e Author: Patrick Steuer Date: Fri Jun 28 22:08:16 2019 +0200 s390x assembly pack: fix various aes modes performance regression which was introduced with 64adf9aac7. Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9271) ----------------------------------------------------------------------- Summary of changes: providers/common/ciphers/aes_basic.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c index 0f64296..619386c 100644 --- a/providers/common/ciphers/aes_basic.c +++ b/providers/common/ciphers/aes_basic.c @@ -606,9 +606,9 @@ static const PROV_AES_CIPHER aes_##mode = { \ }; \ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ { \ - if ((keylen == 128 && S390X_aes_128_##mode##_CAPABLE) \ - || (keylen == 192 && S390X_aes_192_##mode##_CAPABLE) \ - || (keylen == 256 && S390X_aes_256_##mode##_CAPABLE)) \ + if ((keylen == 16 && S390X_aes_128_##mode##_CAPABLE) \ + || (keylen == 24 && S390X_aes_192_##mode##_CAPABLE) \ + || (keylen == 32 && S390X_aes_256_##mode##_CAPABLE)) \ return &s390x_aes_##mode; \ \ return &aes_##mode; \ From builds at travis-ci.org Tue Jul 2 15:36:40 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 15:36:40 +0000 Subject: Still Failing: openssl/openssl#26206 (master - 94f4d58) In-Reply-To: Message-ID: <5d1b7a0829e44_43fa3c4841cbc1680bb@f6fd3163-7b60-4783-a0fe-224f4f67c6c2.mail> Build Update for openssl/openssl ------------------------------------- Build: #26206 Status: Still Failing Duration: 11 mins and 37 secs Commit: 94f4d58 (master) Author: Bernd Edlinger Message: Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data The member value.ptr is undefined for those ASN1 types. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9278) View the changeset: https://github.com/openssl/openssl/compare/c2969ff6e70b...94f4d58a87ea View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553319932?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Jul 2 15:55:53 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jul 2019 15:55:53 +0000 Subject: [openssl] master update Message-ID: <1562082953.488054.19813.nullmailer@dev.openssl.org> The branch master has been updated via eba3ebd7beaab865e92e4853881433aaa855392f (commit) via ee1d4f3db4e8963c6472420d0256c2bfd6525137 (commit) via 6694e51dbaecc7b331a6f0fa484d77008367c59c (commit) from f690ef151c0c3becc234daebf0418e04ff80580e (commit) - Log ----------------------------------------------------------------- commit eba3ebd7beaab865e92e4853881433aaa855392f Author: Matt Caswell Date: Wed Jun 19 15:20:03 2019 +0100 Add a dummy call to BN_rand_ex() in the FIPS provider The previous commit made BIGNUM RAND operations available from within the FIPS provider. We test this out by making a dummy call to check it completes successfully. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9193) commit ee1d4f3db4e8963c6472420d0256c2bfd6525137 Author: Matt Caswell Date: Fri Jun 28 11:24:51 2019 +0100 Make BIGNUM rand functions available within the FIPS module The BIGNUM rand functions were previously disabled for the FIPS module. We can now re-enable them. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9193) commit 6694e51dbaecc7b331a6f0fa484d77008367c59c Author: Matt Caswell Date: Fri Jun 28 11:23:46 2019 +0100 Provide rand_bytes_ex and rand_priv_bytes_ex We provider internal versions of RAND_bytes() and RAND_priv_bytes() which have the addition of taking an OPENSSL_CTX as a parameter. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9193) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_ctx.c | 2 + crypto/bn/bn_rand.c | 84 +++++++++++++++++-------------------- crypto/err/openssl.txt | 1 + crypto/include/internal/rand_int.h | 6 +++ crypto/rand/rand_err.c | 1 + crypto/rand/rand_lib.c | 37 ++++++++++++---- doc/internal/man3/rand_bytes_ex.pod | 41 ++++++++++++++++++ doc/man3/BN_rand.pod | 37 ++++++++++++---- include/openssl/bn.h | 4 ++ include/openssl/randerr.h | 1 + providers/fips/fipsprov.c | 3 ++ util/libcrypto.num | 4 ++ 12 files changed, 160 insertions(+), 61 deletions(-) create mode 100644 doc/internal/man3/rand_bytes_ex.pod diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 4762114..cc3c303 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -247,6 +247,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx) { + if (ctx == NULL) + return NULL; return ctx->libctx; } diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 6967627..a71e7d4 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" +#include "internal/rand_int.h" #include "bn_lcl.h" #include -#include #include #include @@ -20,10 +20,12 @@ typedef enum bnrand_flag_e { NORMAL, TESTING, PRIVATE } BNRAND_FLAG; -static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) +static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom, + BN_CTX *ctx) { unsigned char *buf = NULL; int b, ret = 0, bit, bytes, mask; + OPENSSL_CTX *libctx = bn_get_lib_ctx(ctx); if (bits == 0) { if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) @@ -45,16 +47,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) } /* make a random number and set the top and bottom bits */ - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#if defined(FIPS_MODE) - BNerr(BN_F_BNRAND, ERR_R_INTERNAL_ERROR); - goto err; -#else - b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes); -#endif + b = flag == NORMAL ? rand_bytes_ex(libctx, buf, bytes) + : rand_priv_bytes_ex(libctx, buf, bytes); if (b <= 0) goto err; @@ -66,14 +60,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#if !defined(FIPS_MODE) - if (RAND_bytes(&c, 1) <= 0) + if (rand_bytes_ex(libctx, &c, 1) <= 0) goto err; -#endif if (c >= 128 && i > 0) buf[i] = buf[i - 1]; else if (c < 42) @@ -111,23 +99,33 @@ toosmall: return 0; } +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) +{ + return bnrand(NORMAL, rnd, bits, top, bottom, ctx); +} int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(NORMAL, rnd, bits, top, bottom); + return bnrand(NORMAL, rnd, bits, top, bottom, NULL); } int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(TESTING, rnd, bits, top, bottom); + return bnrand(TESTING, rnd, bits, top, bottom, NULL); +} + +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) +{ + return bnrand(PRIVATE, rnd, bits, top, bottom, ctx); } int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(PRIVATE, rnd, bits, top, bottom); + return bnrand(PRIVATE, rnd, bits, top, bottom, NULL); } /* random number r: 0 <= r < range */ -static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) +static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range, + BN_CTX *ctx) { int n; int count = 100; @@ -149,7 +147,8 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) * than range */ do { - if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, + ctx)) return 0; /* @@ -176,7 +175,7 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) } else { do { /* range = 11..._2 or range = 101..._2 */ - if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) return 0; if (!--count) { @@ -191,14 +190,24 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) return 1; } +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) +{ + return bnrand_range(NORMAL, r, range, ctx); +} + int BN_rand_range(BIGNUM *r, const BIGNUM *range) { - return bnrand_range(NORMAL, r, range); + return bnrand_range(NORMAL, r, range, NULL); +} + +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) +{ + return bnrand_range(PRIVATE, r, range, ctx); } int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range) { - return bnrand_range(PRIVATE, r, range); + return bnrand_range(PRIVATE, r, range, NULL); } int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) @@ -237,18 +246,9 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, unsigned char *k_bytes = NULL; int ret = 0; EVP_MD *md = NULL; - OPENSSL_CTX *libctx = (ctx != NULL) ? bn_get_lib_ctx(ctx) : NULL; - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#ifdef FIPS_MODE - RAND_DRBG *privdrbg = NULL; -#else - RAND_DRBG *privdrbg = OPENSSL_CTX_get0_private_drbg(libctx); -#endif + OPENSSL_CTX *libctx = bn_get_lib_ctx(ctx); - if (mdctx == NULL || privdrbg == NULL) + if (mdctx == NULL) goto err; k_bytes = OPENSSL_malloc(num_k_bytes); @@ -275,14 +275,8 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, goto err; } for (done = 0; done < num_k_bytes;) { - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#if !defined(FIPS_MODE) - if (!RAND_DRBG_bytes(privdrbg, random_bytes, sizeof(random_bytes))) + if (!rand_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes))) goto err; -#endif if (!EVP_DigestInit_ex(mdctx, md, NULL) || !EVP_DigestUpdate(mdctx, &done, sizeof(done)) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 5a19bdc..4d717e3 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1140,6 +1140,7 @@ RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy RAND_F_DRBG_SETUP:117:drbg_setup RAND_F_GET_ENTROPY:106:get_entropy RAND_F_RAND_BYTES:100:RAND_bytes +RAND_F_RAND_BYTES_EX:126:rand_bytes_ex RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index c1e5e03..d964a1d 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -137,4 +137,10 @@ void rand_pool_cleanup(void); */ void rand_pool_keep_random_devices_open(int keep); +/* Equivalent of RAND_priv_bytes() but additionally taking an OPENSSL_CTX */ +int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + +/* Equivalent of RAND_bytes() but additionally taking an OPENSSL_CTX */ +int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + #endif diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index 5c0dc3d..d729441 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -20,6 +20,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = { {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES_EX, 0), "rand_bytes_ex"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0), "rand_drbg_enable_locking"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0), diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 07d2362..7768ade 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -749,16 +749,16 @@ void RAND_add(const void *buf, int num, double randomness) * the default method, then just call RAND_bytes(). Otherwise make * sure we're instantiated and use the private DRBG. */ -int RAND_priv_bytes(unsigned char *buf, int num) +int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) { RAND_DRBG *drbg; int ret; const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != RAND_OpenSSL()) - return RAND_bytes(buf, num); + return meth->bytes(buf, num); - drbg = RAND_DRBG_get0_private(); + drbg = OPENSSL_CTX_get0_private_drbg(ctx); if (drbg == NULL) return 0; @@ -766,14 +766,35 @@ int RAND_priv_bytes(unsigned char *buf, int num) return ret; } -int RAND_bytes(unsigned char *buf, int num) +int RAND_priv_bytes(unsigned char *buf, int num) { + return rand_priv_bytes_ex(NULL, buf, num); +} + +int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) +{ + RAND_DRBG *drbg; + int ret; const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->bytes != NULL) - return meth->bytes(buf, num); - RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); - return -1; + if (meth != RAND_OpenSSL()) { + if (meth->bytes != NULL) + return meth->bytes(buf, num); + RANDerr(RAND_F_RAND_BYTES_EX, RAND_R_FUNC_NOT_IMPLEMENTED); + return -1; + } + + drbg = OPENSSL_CTX_get0_public_drbg(ctx); + if (drbg == NULL) + return 0; + + ret = RAND_DRBG_bytes(drbg, buf, num); + return ret; +} + +int RAND_bytes(unsigned char *buf, int num) +{ + return rand_bytes_ex(NULL, buf, num); } #if !OPENSSL_API_1_1_0 && !defined(FIPS_MODE) diff --git a/doc/internal/man3/rand_bytes_ex.pod b/doc/internal/man3/rand_bytes_ex.pod new file mode 100644 index 0000000..7406073 --- /dev/null +++ b/doc/internal/man3/rand_bytes_ex.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +rand_bytes_ex, rand_priv_bytes_ex +- internal random number routines + +=head1 SYNOPSIS + + #include "internal/rand_int.h" + + int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + +=head1 DESCRIPTION + +rand_bytes_ex() and rand_priv_bytes_ex() are the equivalent of RAND_bytes() and +RAND_priv_bytes() in the public API except that they both take an additional +B parameter. +The DRBG used for the operation is the public or private DRBG associated with +the specified B. The parameter can be NULL, in which case +the default library ctx is used. +If the default RAND_METHOD has been changed then for compatibility reasons the +RAND_METHOD will be used in preference and the DRBG of the library context +ignored. + +=head1 RETURN VALUES + +rand_bytes_ex() and rand_bytes_priv_ex() return 0 or less on error or 1 on +success. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index 93e8c3f..fc41322 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -2,30 +2,37 @@ =head1 NAME -BN_rand, BN_priv_rand, BN_pseudo_rand, -BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range +BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, +BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, +BN_pseudo_rand_range - generate pseudo-random number =head1 SYNOPSIS #include + int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); int BN_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); =head1 DESCRIPTION -BN_rand() generates a cryptographically strong pseudo-random number of -B in length and stores it in B. +BN_rand_ex() generate a cryptographically strong pseudo-random +number of B in length and stores it in B using the random number +generator for the library context associated with B. The parameter B +may be NULL in which case the default library context is used. If B is less than zero, or too small to accommodate the requirements specified by the B and B parameters, an error is returned. @@ -40,11 +47,20 @@ If B is B, the number will be odd; if it is B it can be odd or even. If B is 1 then B cannot also be B. -BN_rand_range() generates a cryptographically strong pseudo-random -number B in the range 0 E= B E B. +BN_rand() is the same as BN_rand_ex() except that the default library context +is always used. -BN_priv_rand() and BN_priv_rand_range() have the same semantics as -BN_rand() and BN_rand_range() respectively. They are intended to be +BN_rand_range_ex() generates a cryptographically strong pseudo-random +number B in the range 0 E= B E B using the random number +generator for the library context associated with B. The parameter B +may be NULL in which case the default library context is used. + +BN_rand_range() is the same as BN_rand_range_ex() except that the default +library context is always used. + +BN_priv_rand_ex(), BN_priv_rand(), BN_priv_rand_rand_ex() and +BN_priv_rand_range() have the same semantics as BN_rand_ex(), BN_rand(), +BN_rand_range_ex() and BN_rand_range() respectively. They are intended to be used for generating values that should remain private, and mirror the same difference between L and L. @@ -85,6 +101,11 @@ a future release. The BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. +=item * + +The BN_rand_ex(), BN_priv_rand_ex(), BN_rand_range_ex() and +BN_priv_rand_range_ex() functions were added in OpenSSL 3.0. + =back =head1 COPYRIGHT diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 3770160..5c645d5 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -206,9 +206,13 @@ void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index bc1c063..28dd59a 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -29,6 +29,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_DRBG_SETUP 117 # define RAND_F_GET_ENTROPY 106 # define RAND_F_RAND_BYTES 100 +# define RAND_F_RAND_BYTES_EX 126 # define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 # define RAND_F_RAND_DRBG_GENERATE 107 # define RAND_F_RAND_DRBG_GET_ENTROPY 120 diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index eb2a0c4..0f0a962 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -120,6 +120,9 @@ static int dummy_evp_call(void *provctx) if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) goto err; + if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx)) + goto err; + ret = 1; err: BN_CTX_end(bnctx); diff --git a/util/libcrypto.num b/util/libcrypto.num index d003124..49d2f22 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4674,3 +4674,7 @@ OPENSSL_thread_stop_ex 4779 3_0_0 EXIST::FUNCTION: OSSL_PARAM_locate_const 4780 3_0_0 EXIST::FUNCTION: X509_REQ_set0_sm2_id 4781 3_0_0 EXIST::FUNCTION:SM2 X509_REQ_get0_sm2_id 4782 3_0_0 EXIST::FUNCTION:SM2 +BN_rand_ex 4783 3_0_0 EXIST::FUNCTION: +BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION: +BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION: +BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION: From no-reply at appveyor.com Tue Jul 2 17:15:36 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Jul 2019 17:15:36 +0000 Subject: Build failed: openssl master.25643 Message-ID: <20190702171536.1.6FD6EF4BE0892ECE@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 2 17:20:29 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 17:20:29 +0000 Subject: Still Failing: openssl/openssl#26210 (master - 7c95390) In-Reply-To: Message-ID: <5d1b925d25a87_43f90469ca688608354@8da30bcf-d2fd-408b-98c8-7879347d3f25.mail> Build Update for openssl/openssl ------------------------------------- Build: #26210 Status: Still Failing Duration: 19 mins and 22 secs Commit: 7c95390 (master) Author: Richard Levitte Message: ossl_provider_upref to ossl_provider_up_ref Common pattern is that the routines to increment the reference count are called something_up_ref, not something_upref. Adapt ossl_provider_upref() accordingly. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9293) View the changeset: https://github.com/openssl/openssl/compare/94f4d58a87ea...7c95390ef021 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553323590?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jul 2 18:09:32 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jul 2019 18:09:32 +0000 Subject: [openssl] master update Message-ID: <1562090972.193384.25202.nullmailer@dev.openssl.org> The branch master has been updated via bd01733fdd9a5a0acdc72cf5c6601d37e8ddd801 (commit) from eba3ebd7beaab865e92e4853881433aaa855392f (commit) - Log ----------------------------------------------------------------- commit bd01733fdd9a5a0acdc72cf5c6601d37e8ddd801 Author: Rich Salz Date: Tue Jul 2 07:53:19 2019 -0400 Fix comment; unchecked->checked Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9292) ----------------------------------------------------------------------- Summary of changes: include/openssl/des.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/des.h b/include/openssl/des.h index f74412b..84b65e0 100644 --- a/include/openssl/des.h +++ b/include/openssl/des.h @@ -145,7 +145,7 @@ int DES_check_key_parity(const_DES_cblock *key); int DES_is_weak_key(const_DES_cblock *key); /* * DES_set_key (= set_key = DES_key_sched = key_sched) calls - * DES_set_key_unchecked + * DES_set_key_checked */ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); From levitte at openssl.org Tue Jul 2 18:11:38 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jul 2019 18:11:38 +0000 Subject: [openssl] master update Message-ID: <1562091098.420360.26521.nullmailer@dev.openssl.org> The branch master has been updated via 7a2027240e1d01f7f5b209998d1de36af221b34b (commit) from bd01733fdd9a5a0acdc72cf5c6601d37e8ddd801 (commit) - Log ----------------------------------------------------------------- commit 7a2027240e1d01f7f5b209998d1de36af221b34b Author: Martin Peylo Date: Wed Aug 22 12:48:22 2018 +0300 Adding Test.pm with workaround for Perl abs2rel bug If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g. "./config ../openssl", then a bug in Perl's abs2rel may trigger that directory- rewriting in __cwd results in wrong entries in %directories under certain circumstances, e.g. when a test executes run(app(["openssl"]) after indir. There should not be any need to go to a higher directory from BLDDIR or SRCDIR, so it should be OK to use them in their absolute form, also resolving all possible symlinks, right from the start. Following the File::Spec::Functions bug description (reported to perl.org): When abs2rel gets a path argument with ..s that are crossing over the ..s trailing the base argument, the result is wrong. Example PATH: /home/goal/test/.. BASE: /home/goal/test/../../base Good result: ../goal Bad result: ../.. Bug verified with File::Spec versions - 3.6301 - 3.74 (latest) Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7031) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/Test.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index ee4c8eb..cf7502b 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -66,6 +66,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir rel2abs/; use File::Path 2.00 qw/rmtree mkpath/; use File::Basename; +use Cwd qw/abs_path/; my $level = 0; @@ -932,8 +933,8 @@ i.e. Some tests may only work in non FIPS mode. sub __env { (my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i; - $directories{SRCTOP} = $ENV{SRCTOP} || $ENV{TOP}; - $directories{BLDTOP} = $ENV{BLDTOP} || $ENV{TOP}; + $directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP}); + $directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP}); $directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps"); $directories{SRCAPPS} = __srctop_dir("apps"); $directories{BLDFUZZ} = __bldtop_dir("fuzz"); From levitte at openssl.org Tue Jul 2 18:12:43 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jul 2019 18:12:43 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562091163.228309.27570.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 374cab6390ba005d4a559a3dea2a034af9cb1c09 (commit) from 42180a229e97b0bcbbe07aeadb3dcb7dc31cfdc4 (commit) - Log ----------------------------------------------------------------- commit 374cab6390ba005d4a559a3dea2a034af9cb1c09 Author: Martin Peylo Date: Wed Aug 22 12:48:22 2018 +0300 Adding Test.pm with workaround for Perl abs2rel bug If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g. "./config ../openssl", then a bug in Perl's abs2rel may trigger that directory- rewriting in __cwd results in wrong entries in %directories under certain circumstances, e.g. when a test executes run(app(["openssl"]) after indir. There should not be any need to go to a higher directory from BLDDIR or SRCDIR, so it should be OK to use them in their absolute form, also resolving all possible symlinks, right from the start. Following the File::Spec::Functions bug description (reported to perl.org): When abs2rel gets a path argument with ..s that are crossing over the ..s trailing the base argument, the result is wrong. Example PATH: /home/goal/test/.. BASE: /home/goal/test/../../base Good result: ../goal Bad result: ../.. Bug verified with File::Spec versions - 3.6301 - 3.74 (latest) Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7031) (cherry picked from commit 7a2027240e1d01f7f5b209998d1de36af221b34b) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/Test.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 9564b26..43c4344 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -65,6 +65,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir rel2abs/; use File::Path 2.00 qw/rmtree mkpath/; use File::Basename; +use Cwd qw/abs_path/; my $level = 0; @@ -869,8 +870,8 @@ failures will result in a C at the end of its run. sub __env { (my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i; - $directories{SRCTOP} = $ENV{SRCTOP} || $ENV{TOP}; - $directories{BLDTOP} = $ENV{BLDTOP} || $ENV{TOP}; + $directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP}); + $directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP}); $directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps"); $directories{SRCAPPS} = __srctop_dir("apps"); $directories{BLDFUZZ} = __bldtop_dir("fuzz"); From builds at travis-ci.org Tue Jul 2 19:05:00 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 19:05:00 +0000 Subject: Still Failing: openssl/openssl#26215 (master - 6592ab8) In-Reply-To: Message-ID: <5d1baadbf36c5_43f903e1283c06445e3@8da30bcf-d2fd-408b-98c8-7879347d3f25.mail> Build Update for openssl/openssl ------------------------------------- Build: #26215 Status: Still Failing Duration: 23 mins and 31 secs Commit: 6592ab8 (master) Author: Richard Levitte Message: FIPS module: adapt for the changed error reporting methods The FIPS module inner provider doesn't need to deal with error reason strings or error library number, since it uses the outer provider's error reporting upcalls. We therefore disable that code in crypto/provider_core.c when building the FIPS module. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9174) View the changeset: https://github.com/openssl/openssl/compare/7c95390ef021...6592ab81d21f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553338576?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 2 22:00:40 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 22:00:40 +0000 Subject: Still Failing: openssl/openssl#26217 (master - f690ef1) In-Reply-To: Message-ID: <5d1bd4081c784_43fd86c924f582906d1@84215b85-5452-4af0-874a-1cc6b51793b0.mail> Build Update for openssl/openssl ------------------------------------- Build: #26217 Status: Still Failing Duration: 54 mins and 23 secs Commit: f690ef1 (master) Author: Patrick Steuer Message: s390x assembly pack: fix various aes modes performance regression which was introduced with 64adf9aac7. Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9271) View the changeset: https://github.com/openssl/openssl/compare/6592ab81d21f...f690ef151c0c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553352990?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 2 22:10:40 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jul 2019 22:10:40 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings Message-ID: <1562105440.923246.27611.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings Commit log since last time: 7a2027240e Adding Test.pm with workaround for Perl abs2rel bug bd01733fdd Fix comment; unchecked->checked eba3ebd7be Add a dummy call to BN_rand_ex() in the FIPS provider ee1d4f3db4 Make BIGNUM rand functions available within the FIPS module 6694e51dba Provide rand_bytes_ex and rand_priv_bytes_ex f690ef151c s390x assembly pack: fix various aes modes performance regression 6592ab81d2 FIPS module: adapt for the changed error reporting methods 6ebc2f56f0 Replumbing: re-implement error reporting for providers 7c95390ef0 ossl_provider_upref to ossl_provider_up_ref 94f4d58a87 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data 6335f837cf Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN c2969ff6e7 Fix Typos f663ddc7b0 test/p_test.c: silence -Wstringop-overflow 211da00b79 Remove EXPORT_VAR_AS_FUNC 66e2dbc01c Remove global-var/function macros b66a481888 Remove DES_check_key global 6b10d29c1a Remove NextStep support Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1645, 277 wallclock secs ( 3.18 usr 0.40 sys + 254.87 cusr 23.58 csys = 282.03 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Tue Jul 2 23:15:49 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jul 2019 23:15:49 +0000 Subject: Still Failing: openssl/openssl#26219 (master - eba3ebd) In-Reply-To: Message-ID: <5d1be5a4f38d8_43ff9c9e6bbc8818cd@ec450ffe-328e-4c78-bb2c-53dca94b9031.mail> Build Update for openssl/openssl ------------------------------------- Build: #26219 Status: Still Failing Duration: 1 hr, 14 mins, and 37 secs Commit: eba3ebd (master) Author: Matt Caswell Message: Add a dummy call to BN_rand_ex() in the FIPS provider The previous commit made BIGNUM RAND operations available from within the FIPS provider. We test this out by making a dummy call to check it completes successfully. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9193) View the changeset: https://github.com/openssl/openssl/compare/f690ef151c0c...eba3ebd7beaa View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553361064?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 3 00:02:32 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jul 2019 00:02:32 +0000 Subject: Build failed: openssl master.25662 Message-ID: <20190703000232.1.029335F7DECF6052@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 3 00:29:20 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jul 2019 00:29:20 +0000 Subject: Build completed: openssl master.25663 Message-ID: <20190703002920.1.5B59036291F9DD57@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 3 00:55:14 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jul 2019 00:55:14 +0000 Subject: Still Failing: openssl/openssl#26224 (master - bd01733) In-Reply-To: Message-ID: <5d1bfcf1b0511_43fd8668c4ce4338480@84215b85-5452-4af0-874a-1cc6b51793b0.mail> Build Update for openssl/openssl ------------------------------------- Build: #26224 Status: Still Failing Duration: 24 mins and 9 secs Commit: bd01733 (master) Author: Rich Salz Message: Fix comment; unchecked->checked Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9292) View the changeset: https://github.com/openssl/openssl/compare/eba3ebd7beaa...bd01733fdd9a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553409866?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 3 01:15:28 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jul 2019 01:15:28 +0000 Subject: Still Failing: openssl/openssl#26225 (master - 7a20272) In-Reply-To: Message-ID: <5d1c01afc2c7a_43f99e22a9b882895cc@95c7974d-894b-4536-97d6-a52abe5ccc9c.mail> Build Update for openssl/openssl ------------------------------------- Build: #26225 Status: Still Failing Duration: 27 mins and 19 secs Commit: 7a20272 (master) Author: Martin Peylo Message: Adding Test.pm with workaround for Perl abs2rel bug If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g. "./config ../openssl", then a bug in Perl's abs2rel may trigger that directory- rewriting in __cwd results in wrong entries in %directories under certain circumstances, e.g. when a test executes run(app(["openssl"]) after indir. There should not be any need to go to a higher directory from BLDDIR or SRCDIR, so it should be OK to use them in their absolute form, also resolving all possible symlinks, right from the start. Following the File::Spec::Functions bug description (reported to perl.org): When abs2rel gets a path argument with ..s that are crossing over the ..s trailing the base argument, the result is wrong. Example PATH: /home/goal/test/.. BASE: /home/goal/test/../../base Good result: ../goal Bad result: ../.. Bug verified with File::Spec versions - 3.6301 - 3.74 (latest) Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7031) View the changeset: https://github.com/openssl/openssl/compare/bd01733fdd9a...7a2027240e1d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/553410457?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 3 03:11:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jul 2019 03:11:42 +0000 Subject: Build failed: openssl master.25665 Message-ID: <20190703031142.1.BB58B52602E92F7F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 3 03:41:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jul 2019 03:41:42 +0000 Subject: Build failed: openssl master.25666 Message-ID: <20190703034142.1.F6705C3BEECC00F5@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 3 04:10:00 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jul 2019 04:10:00 +0000 Subject: Build completed: openssl master.25667 Message-ID: <20190703041000.1.BF9D02D06F1853E6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 3 10:22:36 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jul 2019 10:22:36 +0000 Subject: Build failed: openssl master.25671 Message-ID: <20190703102236.1.E19F56EB6A42CCD9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 3 11:09:44 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jul 2019 11:09:44 +0000 Subject: Build completed: openssl master.25672 Message-ID: <20190703110944.1.EFC85A2F7516D821@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 4 02:14:14 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jul 2019 02:14:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1562206454.339696.6017.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 7a2027240e Adding Test.pm with workaround for Perl abs2rel bug bd01733fdd Fix comment; unchecked->checked eba3ebd7be Add a dummy call to BN_rand_ex() in the FIPS provider ee1d4f3db4 Make BIGNUM rand functions available within the FIPS module 6694e51dba Provide rand_bytes_ex and rand_priv_bytes_ex f690ef151c s390x assembly pack: fix various aes modes performance regression 6592ab81d2 FIPS module: adapt for the changed error reporting methods 6ebc2f56f0 Replumbing: re-implement error reporting for providers 7c95390ef0 ossl_provider_upref to ossl_provider_up_ref 94f4d58a87 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data 6335f837cf Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN c2969ff6e7 Fix Typos f663ddc7b0 test/p_test.c: silence -Wstringop-overflow 211da00b79 Remove EXPORT_VAR_AS_FUNC 66e2dbc01c Remove global-var/function macros b66a481888 Remove DES_check_key global 6b10d29c1a Remove NextStep support Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 253 wallclock secs ( 3.00 usr 0.46 sys + 241.08 cusr 22.80 csys = 267.34 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 4 06:05:24 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jul 2019 06:05:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1562220324.543789.23878.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 7a2027240e Adding Test.pm with workaround for Perl abs2rel bug bd01733fdd Fix comment; unchecked->checked eba3ebd7be Add a dummy call to BN_rand_ex() in the FIPS provider ee1d4f3db4 Make BIGNUM rand functions available within the FIPS module 6694e51dba Provide rand_bytes_ex and rand_priv_bytes_ex f690ef151c s390x assembly pack: fix various aes modes performance regression 6592ab81d2 FIPS module: adapt for the changed error reporting methods 6ebc2f56f0 Replumbing: re-implement error reporting for providers 7c95390ef0 ossl_provider_upref to ossl_provider_up_ref 94f4d58a87 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data 6335f837cf Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN c2969ff6e7 Fix Typos f663ddc7b0 test/p_test.c: silence -Wstringop-overflow 211da00b79 Remove EXPORT_VAR_AS_FUNC 66e2dbc01c Remove global-var/function macros b66a481888 Remove DES_check_key global 6b10d29c1a Remove NextStep support Build log ended with (last 100 lines): providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_absorb': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:176: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:170: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:202: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:209: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:200: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:281: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:285: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:289: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:295: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:298: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:348: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:72: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:365: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:368: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:377: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:381: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:414: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:146: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:149: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:151: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:155: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:243: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7081: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Thu Jul 4 08:00:02 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Jul 2019 08:00:02 +0000 Subject: Build failed: openssl master.25684 Message-ID: <20190704080002.1.7FE13A003553A999@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 4 10:07:26 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 04 Jul 2019 10:07:26 +0000 Subject: [openssl] master update Message-ID: <1562234846.730396.8205.nullmailer@dev.openssl.org> The branch master has been updated via 7e47db5b5645cf6728d8fe13f930bad026c64689 (commit) from 7a2027240e1d01f7f5b209998d1de36af221b34b (commit) - Log ----------------------------------------------------------------- commit 7e47db5b5645cf6728d8fe13f930bad026c64689 Author: Richard Levitte Date: Wed Jul 3 19:11:36 2019 +0200 test/recipes/02_test_errstr.t: Make it less fragile Change it to split the error string returned by `openssl errstr` in a more robust manner, and ensure it's the reason code we look at. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9304) ----------------------------------------------------------------------- Summary of changes: test/recipes/02-test_errstr.t | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t index 3498b81..76e0bba 100644 --- a/test/recipes/02-test_errstr.t +++ b/test/recipes/02-test_errstr.t @@ -104,18 +104,31 @@ foreach my $errname (@posix_errors) { my @oerr = run(app([ qw(openssl errstr), sprintf("2%06x", $errnum) ]), capture => 1); $oerr[0] =~ s|\R$||; - $oerr[0] =~ s|.*system library:||g; # The actual message is last - - ok($oerr[0] eq $perr, "($errnum) '$oerr[0]' == '$perr'"); + @oerr = split_error($oerr[0]); + ok($oerr[3] eq $perr, "($errnum) '$oerr[3]' == '$perr'"); } } my @after = run(app([ qw(openssl errstr 2000080) ]), capture => 1); $after[0] =~ s|\R$||; -$after[0] =~ s|.*system library:||g; -ok($after[0] eq "reason(128)", "(128) '$after[0]' == 'reason(128)'"); + at after = split_error($after[0]); +ok($after[3] eq "reason(128)", "(128) '$after[3]' == 'reason(128)'"); my @zero = run(app([ qw(openssl errstr 2000000) ]), capture => 1); $zero[0] =~ s|\R$||; -$zero[0] =~ s|.*system library:||g; -ok($zero[0] eq "system library", "(0) '$zero[0]' == 'system library'"); + at zero = split_error($zero[0]); +ok($zero[3] eq "system library", "(0) '$zero[3]' == 'system library'"); + +# For an error string "error:xxxxxxxx:lib:func:reason", this returns +# the following array: +# +# ( "xxxxxxxx", "lib", "func", "reason" ) +sub split_error { + # Limit to 5 items, in case the reason contains a colon + my @erritems = split /:/, $_[0], 5; + + # Remove the first item, which is always "error" + shift @erritems; + + return @erritems; +} From builds at travis-ci.org Thu Jul 4 10:28:06 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Jul 2019 10:28:06 +0000 Subject: Still Failing: openssl/openssl#26260 (master - 7e47db5) In-Reply-To: Message-ID: <5d1dd4b681f0e_43f8878b3408010263e@6eb284f3-bad2-48d3-86dc-b9d56ef1e84b.mail> Build Update for openssl/openssl ------------------------------------- Build: #26260 Status: Still Failing Duration: 19 mins and 54 secs Commit: 7e47db5 (master) Author: Richard Levitte Message: test/recipes/02_test_errstr.t: Make it less fragile Change it to split the error string returned by `openssl errstr` in a more robust manner, and ensure it's the reason code we look at. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9304) View the changeset: https://github.com/openssl/openssl/compare/7a2027240e1d...7e47db5b5645 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/554175486?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 4 13:17:18 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jul 2019 13:17:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1562246238.798765.18119.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 7a2027240e Adding Test.pm with workaround for Perl abs2rel bug bd01733fdd Fix comment; unchecked->checked eba3ebd7be Add a dummy call to BN_rand_ex() in the FIPS provider ee1d4f3db4 Make BIGNUM rand functions available within the FIPS module 6694e51dba Provide rand_bytes_ex and rand_priv_bytes_ex f690ef151c s390x assembly pack: fix various aes modes performance regression 6592ab81d2 FIPS module: adapt for the changed error reporting methods 6ebc2f56f0 Replumbing: re-implement error reporting for providers 7c95390ef0 ossl_provider_upref to ossl_provider_up_ref 94f4d58a87 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data 6335f837cf Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN c2969ff6e7 Fix Typos f663ddc7b0 test/p_test.c: silence -Wstringop-overflow 211da00b79 Remove EXPORT_VAR_AS_FUNC 66e2dbc01c Remove global-var/function macros b66a481888 Remove DES_check_key global 6b10d29c1a Remove NextStep support Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 221 wallclock secs ( 1.55 usr 0.38 sys + 216.05 cusr 16.78 csys = 234.76 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 4 14:03:48 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jul 2019 14:03:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1562249028.216891.10282.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 7a2027240e Adding Test.pm with workaround for Perl abs2rel bug bd01733fdd Fix comment; unchecked->checked eba3ebd7be Add a dummy call to BN_rand_ex() in the FIPS provider ee1d4f3db4 Make BIGNUM rand functions available within the FIPS module 6694e51dba Provide rand_bytes_ex and rand_priv_bytes_ex f690ef151c s390x assembly pack: fix various aes modes performance regression 6592ab81d2 FIPS module: adapt for the changed error reporting methods 6ebc2f56f0 Replumbing: re-implement error reporting for providers 7c95390ef0 ossl_provider_upref to ossl_provider_up_ref 94f4d58a87 Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data 6335f837cf Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN c2969ff6e7 Fix Typos f663ddc7b0 test/p_test.c: silence -Wstringop-overflow 211da00b79 Remove EXPORT_VAR_AS_FUNC 66e2dbc01c Remove global-var/function macros b66a481888 Remove DES_check_key global 6b10d29c1a Remove NextStep support Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 222 wallclock secs ( 1.57 usr 0.31 sys + 218.20 cusr 15.62 csys = 235.70 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Thu Jul 4 14:11:59 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 04 Jul 2019 14:11:59 +0000 Subject: [openssl] master update Message-ID: <1562249519.629620.2803.nullmailer@dev.openssl.org> The branch master has been updated via 2b43b747d6897405e0fe7492ba11928bf18645db (commit) from 7e47db5b5645cf6728d8fe13f930bad026c64689 (commit) - Log ----------------------------------------------------------------- commit 2b43b747d6897405e0fe7492ba11928bf18645db Author: Bernd Edlinger Date: Tue Jul 2 21:33:42 2019 +0200 Fix a typo and a syntax error in opensslconf.h Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9298) ----------------------------------------------------------------------- Summary of changes: include/openssl/opensslconf.h.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 6c6b4f3..b0d339a 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -85,7 +85,7 @@ extern "C" { /* In case someone defined both */ # if defined(OPENSSL_API_COMPAT) && defined(OPENSSL_API_LEVEL) -# error "Disallowed to defined both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL" +# error "Disallowed to define both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL" # endif # ifndef OPENSSL_API_COMPAT @@ -100,7 +100,7 @@ extern "C" { # elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10100000L # define OPENSSL_API_LEVEL 2 # else -/ * Major number 3 to 15 */ + /* Major number 3 to 15 */ # define OPENSSL_API_LEVEL ((OPENSSL_API_COMPAT >> 28) & 0xF) # endif # endif From builds at travis-ci.org Thu Jul 4 14:33:46 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Jul 2019 14:33:46 +0000 Subject: Still Failing: openssl/openssl#26263 (master - 2b43b74) In-Reply-To: Message-ID: <5d1e0e4a11cd4_43fdb5a23e9282339a2@4a47fe70-bff4-43b2-8464-efda257367e2.mail> Build Update for openssl/openssl ------------------------------------- Build: #26263 Status: Still Failing Duration: 21 mins and 5 secs Commit: 2b43b74 (master) Author: Bernd Edlinger Message: Fix a typo and a syntax error in opensslconf.h Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9298) View the changeset: https://github.com/openssl/openssl/compare/7e47db5b5645...2b43b747d689 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/554273127?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Thu Jul 4 15:02:11 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Thu, 04 Jul 2019 15:02:11 +0000 Subject: [openssl] master update Message-ID: <1562252531.027090.24707.nullmailer@dev.openssl.org> The branch master has been updated via e6716f2bb4d9588044820f29a7ced0f06789d6ef (commit) from 2b43b747d6897405e0fe7492ba11928bf18645db (commit) - Log ----------------------------------------------------------------- commit e6716f2bb4d9588044820f29a7ced0f06789d6ef Author: Tomas Mraz Date: Tue Jul 2 13:32:29 2019 +0200 Clarify documentation of SSL_CTX_set_verify client side behavior Fixes #9259 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9291) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_verify.pod | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index 7c151a5..b72227c 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -102,7 +102,7 @@ B if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with SSL_VERIFY_PEER. -B ignored +B ignored (see BUGS) =item SSL_VERIFY_CLIENT_ONCE @@ -112,7 +112,7 @@ renegotiation or post-authentication if a certificate was requested during the initial handshake. This flag must be used together with SSL_VERIFY_PEER. -B ignored +B ignored (see BUGS) =item SSL_VERIFY_POST_HANDSHAKE @@ -123,7 +123,7 @@ to be configured for post-handshake peer verification before the handshake occurs. This flag must be used together with SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections. -B ignored +B ignored (see BUGS) =back @@ -203,8 +203,8 @@ message is sent to the client. =head1 BUGS In client mode, it is not checked whether the SSL_VERIFY_PEER flag -is set, but whether any flags are set. This can lead to -unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as +is set, but whether any flags other than SSL_VERIFY_NONE are set. This can +lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as required. =head1 RETURN VALUES From tmraz at fedoraproject.org Thu Jul 4 15:02:30 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Thu, 04 Jul 2019 15:02:30 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562252550.519135.26165.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 78af3f6f95cb8327fb423a609586c3c2b0d9c5f9 (commit) from 374cab6390ba005d4a559a3dea2a034af9cb1c09 (commit) - Log ----------------------------------------------------------------- commit 78af3f6f95cb8327fb423a609586c3c2b0d9c5f9 Author: Tomas Mraz Date: Tue Jul 2 13:32:29 2019 +0200 Clarify documentation of SSL_CTX_set_verify client side behavior Fixes #9259 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9291) (cherry picked from commit e6716f2bb4d9588044820f29a7ced0f06789d6ef) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_verify.pod | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index 21d9ae1..2e5ee79 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -102,7 +102,7 @@ B if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with SSL_VERIFY_PEER. -B ignored +B ignored (see BUGS) =item SSL_VERIFY_CLIENT_ONCE @@ -112,7 +112,7 @@ renegotiation or post-authentication if a certificate was requested during the initial handshake. This flag must be used together with SSL_VERIFY_PEER. -B ignored +B ignored (see BUGS) =item SSL_VERIFY_POST_HANDSHAKE @@ -123,7 +123,7 @@ to be configured for post-handshake peer verification before the handshake occurs. This flag must be used together with SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections. -B ignored +B ignored (see BUGS) =back @@ -203,8 +203,8 @@ message is sent to the client. =head1 BUGS In client mode, it is not checked whether the SSL_VERIFY_PEER flag -is set, but whether any flags are set. This can lead to -unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as +is set, but whether any flags other than SSL_VERIFY_NONE are set. This can +lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as required. =head1 RETURN VALUES From builds at travis-ci.org Thu Jul 4 15:22:03 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Jul 2019 15:22:03 +0000 Subject: Still Failing: openssl/openssl#26265 (master - e6716f2) In-Reply-To: Message-ID: <5d1e199b120c1_43fd8d4579558330870@848b5253-10df-4761-b8bd-d8b1de42d582.mail> Build Update for openssl/openssl ------------------------------------- Build: #26265 Status: Still Failing Duration: 19 mins and 19 secs Commit: e6716f2 (master) Author: Tomas Mraz Message: Clarify documentation of SSL_CTX_set_verify client side behavior Fixes #9259 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9291) View the changeset: https://github.com/openssl/openssl/compare/2b43b747d689...e6716f2bb4d9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/554295935?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Jul 4 15:32:56 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Jul 2019 15:32:56 +0000 Subject: Broken: openssl/openssl#26266 (OpenSSL_1_1_1-stable - 78af3f6) In-Reply-To: Message-ID: <5d1e1c28627b_43fb28b06da74245052@7f524d08-f2cb-497a-8e7e-3a80a050011a.mail> Build Update for openssl/openssl ------------------------------------- Build: #26266 Status: Broken Duration: 23 mins and 45 secs Commit: 78af3f6 (OpenSSL_1_1_1-stable) Author: Tomas Mraz Message: Clarify documentation of SSL_CTX_set_verify client side behavior Fixes #9259 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9291) (cherry picked from commit e6716f2bb4d9588044820f29a7ced0f06789d6ef) View the changeset: https://github.com/openssl/openssl/compare/374cab6390ba...78af3f6f95cb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/554296079?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Jul 4 16:18:45 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jul 2019 16:18:45 +0000 Subject: [openssl] master update Message-ID: <1562257125.350124.13997.nullmailer@dev.openssl.org> The branch master has been updated via 2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852 (commit) from e6716f2bb4d9588044820f29a7ced0f06789d6ef (commit) - Log ----------------------------------------------------------------- commit 2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852 Author: Matt Caswell Date: Thu Jul 4 10:21:53 2019 +0100 Prevent the use of RUN_ONCE inside the FIPS module FIPS module code *always* runs within the scope of an associated OPENSSL_CTX. When the module is loaded the OPENSSL_CTX gets created, and when the module is unloaded the OPENSSL_CX gets freed. A module may be loaded multiple times within the scope of different OPENSSL_CTX objects. "Global" data should always be stored within the OPENSSL_CTX. In this way it will always get cleaned up properly when the module is unloaded. All current code within the FIPS module works this way. To avoid "accidents" we disabled the RUN_ONCE code inside the FIPS module. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9308) ----------------------------------------------------------------------- Summary of changes: include/internal/thread_once.h | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h index 69a1754..0b38ade 100644 --- a/include/internal/thread_once.h +++ b/include/internal/thread_once.h @@ -10,6 +10,13 @@ #include /* + * Initialisation of global data should never happen via "RUN_ONCE" inside the + * FIPS module. Global data should instead always be associated with a specific + * OPENSSL_CTX object. In this way data will get cleaned up correctly when the + * module gets unloaded. + */ +#ifndef FIPS_MODE +/* * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly * once. It takes no arguments and returns and int result (1 for success or * 0 for failure). Typical usage might be: @@ -23,7 +30,7 @@ * return 0; * } */ -#define DEFINE_RUN_ONCE(init) \ +# define DEFINE_RUN_ONCE(init) \ static int init(void); \ int init##_ossl_ret_ = 0; \ void init##_ossl_(void) \ @@ -36,7 +43,7 @@ * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly * once that has been defined in another file via DEFINE_RUN_ONCE(). */ -#define DECLARE_RUN_ONCE(init) \ +# define DECLARE_RUN_ONCE(init) \ extern int init##_ossl_ret_; \ void init##_ossl_(void); @@ -55,7 +62,7 @@ * return 0; * } */ -#define DEFINE_RUN_ONCE_STATIC(init) \ +# define DEFINE_RUN_ONCE_STATIC(init) \ static int init(void); \ static int init##_ossl_ret_ = 0; \ static void init##_ossl_(void) \ @@ -96,7 +103,7 @@ * return 0; * } */ -#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ +# define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ static int initalt(void); \ static void initalt##_ossl_(void) \ { \ @@ -115,7 +122,7 @@ * * (*) by convention, since the init function must return 1 on success. */ -#define RUN_ONCE(once, init) \ +# define RUN_ONCE(once, init) \ (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) /* @@ -133,5 +140,7 @@ * * (*) by convention, since the init function must return 1 on success. */ -#define RUN_ONCE_ALT(once, initalt, init) \ +# define RUN_ONCE_ALT(once, initalt, init) \ (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0) + +#endif /* FIPS_MODE */ From builds at travis-ci.org Thu Jul 4 16:45:35 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Jul 2019 16:45:35 +0000 Subject: Still Failing: openssl/openssl#26271 (master - 2a1e2fe) In-Reply-To: Message-ID: <5d1e2d2f78a28_43fb2818eb764264635@7f524d08-f2cb-497a-8e7e-3a80a050011a.mail> Build Update for openssl/openssl ------------------------------------- Build: #26271 Status: Still Failing Duration: 25 mins and 31 secs Commit: 2a1e2fe (master) Author: Matt Caswell Message: Prevent the use of RUN_ONCE inside the FIPS module FIPS module code *always* runs within the scope of an associated OPENSSL_CTX. When the module is loaded the OPENSSL_CTX gets created, and when the module is unloaded the OPENSSL_CX gets freed. A module may be loaded multiple times within the scope of different OPENSSL_CTX objects. "Global" data should always be stored within the OPENSSL_CTX. In this way it will always get cleaned up properly when the module is unloaded. All current code within the FIPS module works this way. To avoid "accidents" we disabled the RUN_ONCE code inside the FIPS module. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9308) View the changeset: https://github.com/openssl/openssl/compare/e6716f2bb4d9...2a1e2fe145c6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/554329082?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 4 17:59:43 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Jul 2019 17:59:43 +0000 Subject: Build failed: openssl master.25697 Message-ID: <20190704175943.1.6C952E6D56900E17@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 4 19:29:26 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Jul 2019 19:29:26 +0000 Subject: Build failed: openssl master.25701 Message-ID: <20190704192926.1.F0437E4BD3B0CDDE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 4 22:10:03 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jul 2019 22:10:03 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings Message-ID: <1562278203.706930.15938.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings Commit log since last time: 2a1e2fe145 Prevent the use of RUN_ONCE inside the FIPS module e6716f2bb4 Clarify documentation of SSL_CTX_set_verify client side behavior 2b43b747d6 Fix a typo and a syntax error in opensslconf.h 7e47db5b56 test/recipes/02_test_errstr.t: Make it less fragile From openssl at openssl.org Fri Jul 5 02:21:38 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jul 2019 02:21:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1562293298.825298.6223.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 2a1e2fe145 Prevent the use of RUN_ONCE inside the FIPS module e6716f2bb4 Clarify documentation of SSL_CTX_set_verify client side behavior 2b43b747d6 Fix a typo and a syntax error in opensslconf.h 7e47db5b56 test/recipes/02_test_errstr.t: Make it less fragile Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 236 wallclock secs ( 2.67 usr 0.34 sys + 227.67 cusr 19.06 csys = 249.74 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 5 03:52:57 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 03:52:57 +0000 Subject: Build failed: openssl master.25716 Message-ID: <20190705035257.1.634568F45B22EFC5@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 5 04:19:29 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 04:19:29 +0000 Subject: Build completed: openssl master.25717 Message-ID: <20190705041929.1.2EEB866B139A64D8@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 5 06:08:59 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jul 2019 06:08:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1562306939.354731.24429.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 2a1e2fe145 Prevent the use of RUN_ONCE inside the FIPS module e6716f2bb4 Clarify documentation of SSL_CTX_set_verify client side behavior 2b43b747d6 Fix a typo and a syntax error in opensslconf.h 7e47db5b56 test/recipes/02_test_errstr.t: Make it less fragile Build log ended with (last 100 lines): providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_absorb': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:176: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:170: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:202: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:209: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:200: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:281: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:285: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:289: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:295: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:298: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:348: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:72: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:365: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:368: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:377: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:381: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:414: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:146: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:149: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:151: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:155: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:243: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7081: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Fri Jul 5 07:05:09 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 07:05:09 +0000 Subject: Build failed: openssl master.25719 Message-ID: <20190705070509.1.6BB119D3A8D7FE65@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 5 08:34:50 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 08:34:50 +0000 Subject: Build completed: openssl master.25720 Message-ID: <20190705083450.1.BC908BECAA8AFA71@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 5 09:44:43 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 09:44:43 +0000 Subject: Build failed: openssl master.25722 Message-ID: <20190705094443.1.554E52A0F7E9FE2A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 5 10:17:59 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 10:17:59 +0000 Subject: Build failed: openssl master.25723 Message-ID: <20190705101759.1.638AF6577907319F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 5 11:47:45 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 11:47:45 +0000 Subject: Build completed: openssl master.25724 Message-ID: <20190705114745.1.4C0D972C6CA25AED@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 5 13:11:20 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jul 2019 13:11:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1562332280.610183.18288.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 2a1e2fe145 Prevent the use of RUN_ONCE inside the FIPS module e6716f2bb4 Clarify documentation of SSL_CTX_set_verify client side behavior 2b43b747d6 Fix a typo and a syntax error in opensslconf.h 7e47db5b56 test/recipes/02_test_errstr.t: Make it less fragile Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 218 wallclock secs ( 1.81 usr 0.29 sys + 213.53 cusr 16.38 csys = 232.01 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 5 13:18:44 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 13:18:44 +0000 Subject: Build failed: openssl master.25725 Message-ID: <20190705131844.1.1E97FF6C6296F013@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 5 13:57:35 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jul 2019 13:57:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1562335055.006198.9272.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 2a1e2fe145 Prevent the use of RUN_ONCE inside the FIPS module e6716f2bb4 Clarify documentation of SSL_CTX_set_verify client side behavior 2b43b747d6 Fix a typo and a syntax error in opensslconf.h 7e47db5b56 test/recipes/02_test_errstr.t: Make it less fragile Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 215 wallclock secs ( 1.55 usr 0.30 sys + 210.70 cusr 17.02 csys = 229.57 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 5 14:29:58 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jul 2019 14:29:58 +0000 Subject: Build completed: openssl master.25726 Message-ID: <20190705142958.1.151D449C9F80D24B@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Sat Jul 6 06:33:00 2019 From: levitte at openssl.org (Richard Levitte) Date: Sat, 06 Jul 2019 06:33:00 +0000 Subject: [web] master update Message-ID: <1562394780.107127.3066.nullmailer@dev.openssl.org> The branch master has been updated via 3b00096bd14d8a86ec486dcb132fe3055fc170df (commit) from dd74209e0beb5fdcb99aa967aec90b1d9b95c322 (commit) - Log ----------------------------------------------------------------- commit 3b00096bd14d8a86ec486dcb132fe3055fc170df Author: Richard Levitte Date: Sat Jun 22 09:44:24 2019 +0200 When producing HTML man-pages, include the original base name For OpenSSL 1.1.0 and on, this isn't relevant any more, since all pod names should be one of the names in the NAME section. However, 1.0.2 pages were written differently, and people still refer to the original base name to look up documentation. Fixes openssl/openssl#9189 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/132) ----------------------------------------------------------------------- Summary of changes: bin/mk-manpages | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/bin/mk-manpages b/bin/mk-manpages index efc95b1..6b57ead 100755 --- a/bin/mk-manpages +++ b/bin/mk-manpages @@ -64,9 +64,17 @@ sub main { print $fh $out or $class->die("Can't print $outinc: $!"); close($fh) or $class->die("Can't close $outinc: $!"); - foreach my $htmlname ( - map { (my $x = $_) =~ s|/|-|g; $x } - @{$data{names}}) { + my @htmlnames = + map { (my $x = $_) =~ s|/|-|g; $x } @{$data{names}}; + # Older OpenSSL pods have file names that do not correspond + # to any of the names in the NAME section. + # Strictly speaking, we shouldn't use that name, but HTML + # pages with that name have been produced in the past, so + # we keep doing so as long as it's relevant. + if (! grep { $_ eq $origbase } @htmlnames) { + push @htmlnames, $origbase; + } + foreach my $htmlname (@htmlnames) { my $htmlfile = File::Spec->catdir( "man$data{sectnum}", "$htmlname.html" ); my $outhtml = File::Spec->catfile( $wwwdir, $htmlfile ); From no-reply at appveyor.com Sat Jul 6 22:05:55 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 06 Jul 2019 22:05:55 +0000 Subject: Build failed: openssl master.25736 Message-ID: <20190706220555.1.513D02B6B7A90F34@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 7 03:47:07 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 07 Jul 2019 03:47:07 +0000 Subject: Build completed: openssl master.25737 Message-ID: <20190707034707.1.4142AB48F278AADB@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Sun Jul 7 06:06:57 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 07 Jul 2019 06:06:57 +0000 Subject: [openssl] master update Message-ID: <1562479617.202470.29343.nullmailer@dev.openssl.org> The branch master has been updated via 291f616ced45c924d639d97fc9ca2cbeaad096cf (commit) from 2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852 (commit) - Log ----------------------------------------------------------------- commit 291f616ced45c924d639d97fc9ca2cbeaad096cf Author: Bernd Edlinger Date: Thu Jul 4 17:56:23 2019 +0200 Fix an endless loop in BN_generate_prime_ex Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9311) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_prime.c | 8 ++++++-- test/bntest.c | 47 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 46 insertions(+), 9 deletions(-) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 03402c2..47e2f23 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -98,8 +98,12 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, /* There are no prime numbers this small. */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; - } else if (bits == 2 && safe) { - /* The smallest safe prime (7) is three bits. */ + } else if (add == NULL && safe && bits < 6 && bits != 3) { + /* + * The smallest safe prime (7) is three bits. + * But the following two safe primes with less than 6 bits (11, 23) + * are unreachable for BN_rand with BN_RAND_TOP_TWO. + */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; } diff --git a/test/bntest.c b/test/bntest.c index 8df6e0f..1e50210 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2249,18 +2249,50 @@ static int test_expmodone(void) return ret; } -static int test_smallprime(void) +static int test_smallprime(int kBits) { - static const int kBits = 10; BIGNUM *r; int st = 0; - if (!TEST_ptr(r = BN_new()) - || !TEST_true(BN_generate_prime_ex(r, (int)kBits, 0, - NULL, NULL, NULL)) - || !TEST_int_eq(BN_num_bits(r), kBits)) + if (!TEST_ptr(r = BN_new())) + goto err; + + if (kBits <= 1) { + if (!TEST_false(BN_generate_prime_ex(r, kBits, 0, + NULL, NULL, NULL))) + goto err; + } else { + if (!TEST_true(BN_generate_prime_ex(r, kBits, 0, + NULL, NULL, NULL)) + || !TEST_int_eq(BN_num_bits(r), kBits)) + goto err; + } + + st = 1; + err: + BN_free(r); + return st; +} + +static int test_smallsafeprime(int kBits) +{ + BIGNUM *r; + int st = 0; + + if (!TEST_ptr(r = BN_new())) goto err; + if (kBits <= 5 && kBits != 3) { + if (!TEST_false(BN_generate_prime_ex(r, kBits, 1, + NULL, NULL, NULL))) + goto err; + } else { + if (!TEST_true(BN_generate_prime_ex(r, kBits, 1, + NULL, NULL, NULL)) + || !TEST_int_eq(BN_num_bits(r), kBits)) + goto err; + } + st = 1; err: BN_free(r); @@ -2518,7 +2550,8 @@ int setup_tests(void) ADD_TEST(test_badmod); ADD_TEST(test_expmodzero); ADD_TEST(test_expmodone); - ADD_TEST(test_smallprime); + ADD_ALL_TESTS(test_smallprime, 16); + ADD_ALL_TESTS(test_smallsafeprime, 16); ADD_TEST(test_swap); ADD_TEST(test_ctx_consttime_flag); #ifndef OPENSSL_NO_EC2M From bernd.edlinger at hotmail.de Sun Jul 7 06:07:41 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 07 Jul 2019 06:07:41 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562479661.774424.31049.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 9fd44200fe39542c31188de6f3469b438acf39b2 (commit) from 78af3f6f95cb8327fb423a609586c3c2b0d9c5f9 (commit) - Log ----------------------------------------------------------------- commit 9fd44200fe39542c31188de6f3469b438acf39b2 Author: Bernd Edlinger Date: Thu Jul 4 17:56:23 2019 +0200 Fix an endless loop in BN_generate_prime_ex Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9311) (cherry picked from commit 291f616ced45c924d639d97fc9ca2cbeaad096cf) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_prime.c | 8 ++++++-- test/bntest.c | 47 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 46 insertions(+), 9 deletions(-) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 4bbd7c8..19b081f 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -63,8 +63,12 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, /* There are no prime numbers this small. */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; - } else if (bits == 2 && safe) { - /* The smallest safe prime (7) is three bits. */ + } else if (add == NULL && safe && bits < 6 && bits != 3) { + /* + * The smallest safe prime (7) is three bits. + * But the following two safe primes with less than 6 bits (11, 23) + * are unreachable for BN_rand with BN_RAND_TOP_TWO. + */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; } diff --git a/test/bntest.c b/test/bntest.c index c68d7f6..0bd9a06 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2169,18 +2169,50 @@ static int test_expmodone(void) return ret; } -static int test_smallprime(void) +static int test_smallprime(int kBits) { - static const int kBits = 10; BIGNUM *r; int st = 0; - if (!TEST_ptr(r = BN_new()) - || !TEST_true(BN_generate_prime_ex(r, (int)kBits, 0, - NULL, NULL, NULL)) - || !TEST_int_eq(BN_num_bits(r), kBits)) + if (!TEST_ptr(r = BN_new())) + goto err; + + if (kBits <= 1) { + if (!TEST_false(BN_generate_prime_ex(r, kBits, 0, + NULL, NULL, NULL))) + goto err; + } else { + if (!TEST_true(BN_generate_prime_ex(r, kBits, 0, + NULL, NULL, NULL)) + || !TEST_int_eq(BN_num_bits(r), kBits)) + goto err; + } + + st = 1; + err: + BN_free(r); + return st; +} + +static int test_smallsafeprime(int kBits) +{ + BIGNUM *r; + int st = 0; + + if (!TEST_ptr(r = BN_new())) goto err; + if (kBits <= 5 && kBits != 3) { + if (!TEST_false(BN_generate_prime_ex(r, kBits, 1, + NULL, NULL, NULL))) + goto err; + } else { + if (!TEST_true(BN_generate_prime_ex(r, kBits, 1, + NULL, NULL, NULL)) + || !TEST_int_eq(BN_num_bits(r), kBits)) + goto err; + } + st = 1; err: BN_free(r); @@ -2405,7 +2437,8 @@ int setup_tests(void) ADD_TEST(test_badmod); ADD_TEST(test_expmodzero); ADD_TEST(test_expmodone); - ADD_TEST(test_smallprime); + ADD_ALL_TESTS(test_smallprime, 16); + ADD_ALL_TESTS(test_smallsafeprime, 16); ADD_TEST(test_swap); ADD_TEST(test_ctx_consttime_flag); #ifndef OPENSSL_NO_EC2M From builds at travis-ci.org Sun Jul 7 06:26:11 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 07 Jul 2019 06:26:11 +0000 Subject: Still Failing: openssl/openssl#26309 (master - 291f616) In-Reply-To: Message-ID: <5d219083a3ca2_43ffab4c3a50c19113e@bb009c02-eb26-4073-8a6d-d2c567409816.mail> Build Update for openssl/openssl ------------------------------------- Build: #26309 Status: Still Failing Duration: 18 mins and 30 secs Commit: 291f616 (master) Author: Bernd Edlinger Message: Fix an endless loop in BN_generate_prime_ex Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9311) View the changeset: https://github.com/openssl/openssl/compare/2a1e2fe145c6...291f616ced45 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555193414?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sun Jul 7 06:38:41 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 07 Jul 2019 06:38:41 +0000 Subject: Fixed: openssl/openssl#26310 (OpenSSL_1_1_1-stable - 9fd4420) In-Reply-To: Message-ID: <5d21937171505_43f8151410908381336@ae98f7d4-b20f-49b8-9f1d-aa12e235b01e.mail> Build Update for openssl/openssl ------------------------------------- Build: #26310 Status: Fixed Duration: 25 mins and 3 secs Commit: 9fd4420 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix an endless loop in BN_generate_prime_ex Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9311) (cherry picked from commit 291f616ced45c924d639d97fc9ca2cbeaad096cf) View the changeset: https://github.com/openssl/openssl/compare/78af3f6f95cb...9fd44200fe39 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555193519?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Sun Jul 7 17:35:34 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 07 Jul 2019 17:35:34 +0000 Subject: [openssl] master update Message-ID: <1562520934.844720.5208.nullmailer@dev.openssl.org> The branch master has been updated via 933a73b9144397a5690a75c69694123a00d3590d (commit) from 291f616ced45c924d639d97fc9ca2cbeaad096cf (commit) - Log ----------------------------------------------------------------- commit 933a73b9144397a5690a75c69694123a00d3590d Author: Dr. Matthias St. Pierre Date: Fri May 31 09:06:28 2019 +0200 man: fix typo in OPENSSL_fork_prepare.pod Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9318) ----------------------------------------------------------------------- Summary of changes: doc/man3/OPENSSL_fork_prepare.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/OPENSSL_fork_prepare.pod b/doc/man3/OPENSSL_fork_prepare.pod index 4f5380a..d028a55 100644 --- a/doc/man3/OPENSSL_fork_prepare.pod +++ b/doc/man3/OPENSSL_fork_prepare.pod @@ -24,7 +24,7 @@ The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() functions are used to reset this internal state. Platforms without fork(2) will probably not need to use these functions. -Platforms with fork(2) but without pthreads_atfork(3) will probably need +Platforms with fork(2) but without pthread_atfork(3) will probably need to call them manually, as described in the following paragraph. Platforms such as Linux that have both functions will normally not need to call these functions as the OpenSSL library will do so automatically. @@ -32,7 +32,7 @@ functions as the OpenSSL library will do so automatically. L will register these functions with the appropriate handler, when the B flag is used. For other applications, these functions can be called directly. They should be used -according to the calling sequence described by the pthreads_atfork(3) +according to the calling sequence described by the pthread_atfork(3) documentation, which is summarized here. OPENSSL_fork_prepare() should be called before a fork() is done. After the fork() returns, the parent process should call OPENSSL_fork_parent() and the child process should From matthias.st.pierre at ncp-e.com Sun Jul 7 17:36:17 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 07 Jul 2019 17:36:17 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562520977.947858.29253.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 576344937307ea7661ab0f1b6682feda087048a1 (commit) from 9fd44200fe39542c31188de6f3469b438acf39b2 (commit) - Log ----------------------------------------------------------------- commit 576344937307ea7661ab0f1b6682feda087048a1 Author: Dr. Matthias St. Pierre Date: Fri May 31 09:06:28 2019 +0200 man: fix typo in OPENSSL_fork_prepare.pod Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9318) (cherry picked from commit 933a73b9144397a5690a75c69694123a00d3590d) ----------------------------------------------------------------------- Summary of changes: doc/man3/OPENSSL_fork_prepare.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/OPENSSL_fork_prepare.pod b/doc/man3/OPENSSL_fork_prepare.pod index 7c4eb1d..8fdcefb 100644 --- a/doc/man3/OPENSSL_fork_prepare.pod +++ b/doc/man3/OPENSSL_fork_prepare.pod @@ -24,7 +24,7 @@ The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() functions are used to reset this internal state. Platforms without fork(2) will probably not need to use these functions. -Platforms with fork(2) but without pthreads_atfork(3) will probably need +Platforms with fork(2) but without pthread_atfork(3) will probably need to call them manually, as described in the following paragraph. Platforms such as Linux that have both functions will normally not need to call these functions as the OpenSSL library will do so automatically. @@ -32,7 +32,7 @@ functions as the OpenSSL library will do so automatically. L will register these functions with the appropriate handler, when the B flag is used. For other applications, these functions can be called directly. They should be used -according to the calling sequence described by the pthreads_atfork(3) +according to the calling sequence described by the pthread_atfork(3) documentation, which is summarized here. OPENSSL_fork_prepare() should be called before a fork() is done. After the fork() returns, the parent process should call OPENSSL_fork_parent() and the child process should From builds at travis-ci.org Sun Jul 7 17:54:30 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 07 Jul 2019 17:54:30 +0000 Subject: Still Failing: openssl/openssl#26314 (master - 933a73b) In-Reply-To: Message-ID: <5d2231d63c4ad_43fb379fccdb4143947@745cee50-77c3-4eac-a959-2f89e1d56846.mail> Build Update for openssl/openssl ------------------------------------- Build: #26314 Status: Still Failing Duration: 18 mins and 15 secs Commit: 933a73b (master) Author: Dr. Matthias St. Pierre Message: man: fix typo in OPENSSL_fork_prepare.pod Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9318) View the changeset: https://github.com/openssl/openssl/compare/291f616ced45...933a73b91443 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555401092?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Sun Jul 7 21:47:40 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 07 Jul 2019 21:47:40 +0000 Subject: [web] master update Message-ID: <1562536060.463629.16616.nullmailer@dev.openssl.org> The branch master has been updated via e784301605e11bb68c60d0f8c8e0c0ce5520eb17 (commit) from 3b00096bd14d8a86ec486dcb132fe3055fc170df (commit) - Log ----------------------------------------------------------------- commit e784301605e11bb68c60d0f8c8e0c0ce5520eb17 Author: Pauli Date: Mon Jul 8 07:47:18 2019 +1000 Include description of a trivial commit. Trivial submissions are mentioned but not defined. ----------------------------------------------------------------------- Summary of changes: policies/cla.html | 23 ++++++++++++++++++++--- policies/committers.html | 6 +++--- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/policies/cla.html b/policies/cla.html index efe0445..51876e4 100644 --- a/policies/cla.html +++ b/policies/cla.html @@ -12,7 +12,7 @@

Contributor Agreements

- Every non-trival contribution to be + Every non-trivial contribution to be covered by a signed Contributor License Agreement (CLA). We have modelled our policy based on the practice of @@ -31,10 +31,27 @@ the terms under which intellectual property has been contributed to OpenSSL and thereby allow us to defend the project should there be a legal dispute regarding the software at some future - time.

+ time. +

+ +

+ A submission is trivial if it is considered trivial under copyright + law. Since we are not lawyers, we place the bar for trivial + contributions very high. For example: corrections of grammatical or + typographical errors (including misspelled function names in manual + pages), simple whitespace changes and in some cases one-line + bugfixes might be accepted as trivial without requiring a CLA. +

+ +

+ In practice, it is required that the author (in the git commit + message) and all approving team members (in the pull request thread) + agree that a change is trivial. The reviewers will normally post + a statement to the effect of "I agree that it is a trivial change." +

- Please make sure that the email + When filling in the CLA, please make sure that the email address matches the one that you use for the "Author" in your git commits. List multiple email addresses if necessary.

diff --git a/policies/committers.html b/policies/committers.html index 80e31c8..46e2b74 100644 --- a/policies/committers.html +++ b/policies/committers.html @@ -123,9 +123,9 @@

A note on CLAs

All authors, including committers, must have current CLAs on file. A CLA is not required for trivial contributions (e.g. the - fix of a spelling mistake). If all reviewers as well as the - original author agree that the submission is trivial, the commit - text should include "CLA: trivial."

+ fix of a spelling mistake). Refer to the + CLA page for further details. +

From openssl at openssl.org Mon Jul 8 02:19:17 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jul 2019 02:19:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1562552357.078805.14393.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 933a73b914 man: fix typo in OPENSSL_fork_prepare.pod 291f616ced Fix an endless loop in BN_generate_prime_ex Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 244 wallclock secs ( 2.83 usr 0.33 sys + 235.85 cusr 19.09 csys = 258.10 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 8 06:06:48 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jul 2019 06:06:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1562566008.622378.32514.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 933a73b914 man: fix typo in OPENSSL_fork_prepare.pod 291f616ced Fix an endless loop in BN_generate_prime_ex Build log ended with (last 100 lines): providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_absorb': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:176: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:170: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:202: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:209: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:200: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:281: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:285: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:289: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:295: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:298: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:348: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:72: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:365: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:368: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:377: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:381: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:414: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:146: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:149: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:151: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:155: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:243: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7081: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Mon Jul 8 08:53:11 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 08 Jul 2019 08:53:11 +0000 Subject: [openssl] master update Message-ID: <1562575991.921758.31877.nullmailer@dev.openssl.org> The branch master has been updated via 7b0fceed21c8929e0c6694f57018aa1dbba03e15 (commit) from 933a73b9144397a5690a75c69694123a00d3590d (commit) - Log ----------------------------------------------------------------- commit 7b0fceed21c8929e0c6694f57018aa1dbba03e15 Author: Lei Maohui Date: Thu Jun 13 12:17:30 2019 +0900 Fix build error for aarch64 big endian. Modified rev to rev64, because rev only takes integer registers. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827 Otherwise, the following error will occur. Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b' CLA: trivial Signed-off-by: Lei Maohui Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9151) ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/keccak1600-armv8.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl index dc72f18..6620690 100755 --- a/crypto/sha/asm/keccak1600-armv8.pl +++ b/crypto/sha/asm/keccak1600-armv8.pl @@ -731,7 +731,7 @@ $code.=<<___; blo .Lprocess_block_ce ldr d31,[$inp],#8 // *inp++ #ifdef __AARCH64EB__ - rev v31.16b,v31.16b + rev64 v31.16b,v31.16b #endif eor $A[$j/5][$j%5],$A[$j/5][$j%5],v31.16b beq .Lprocess_block_ce @@ -740,7 +740,7 @@ ___ $code.=<<___; ldr d31,[$inp],#8 // *inp++ #ifdef __AARCH64EB__ - rev v31.16b,v31.16b + rev64 v31.16b,v31.16b #endif eor $A[4][4],$A[4][4],v31.16b From levitte at openssl.org Mon Jul 8 08:55:07 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 08 Jul 2019 08:55:07 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562576107.310255.2649.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5a63e155ff115f9684a43d8d6034e63e189436d3 (commit) from 576344937307ea7661ab0f1b6682feda087048a1 (commit) - Log ----------------------------------------------------------------- commit 5a63e155ff115f9684a43d8d6034e63e189436d3 Author: Lei Maohui Date: Thu Jun 13 12:17:30 2019 +0900 Fix build error for aarch64 big endian. Modified rev to rev64, because rev only takes integer registers. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827 Otherwise, the following error will occur. Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b' CLA: trivial Signed-off-by: Lei Maohui Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9151) (cherry picked from commit 7b0fceed21c8929e0c6694f57018aa1dbba03e15) ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/keccak1600-armv8.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl index a3117bd..3173c77 100755 --- a/crypto/sha/asm/keccak1600-armv8.pl +++ b/crypto/sha/asm/keccak1600-armv8.pl @@ -738,7 +738,7 @@ $code.=<<___; blo .Lprocess_block_ce ldr d31,[$inp],#8 // *inp++ #ifdef __AARCH64EB__ - rev v31.16b,v31.16b + rev64 v31.16b,v31.16b #endif eor $A[$j/5][$j%5],$A[$j/5][$j%5],v31.16b beq .Lprocess_block_ce @@ -747,7 +747,7 @@ ___ $code.=<<___; ldr d31,[$inp],#8 // *inp++ #ifdef __AARCH64EB__ - rev v31.16b,v31.16b + rev64 v31.16b,v31.16b #endif eor $A[4][4],$A[4][4],v31.16b From levitte at openssl.org Mon Jul 8 08:56:57 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 08 Jul 2019 08:56:57 +0000 Subject: [openssl] master update Message-ID: <1562576217.710579.6156.nullmailer@dev.openssl.org> The branch master has been updated via 53fd220c8fc953b603dd13257d6b2e2d1e7eb864 (commit) from 7b0fceed21c8929e0c6694f57018aa1dbba03e15 (commit) - Log ----------------------------------------------------------------- commit 53fd220c8fc953b603dd13257d6b2e2d1e7eb864 Author: John Schember Date: Tue Jul 2 15:05:27 2019 -0400 iOS build: Replace %20 with space in config script CLA: trivial Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9297) ----------------------------------------------------------------------- Summary of changes: config | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config b/config index 755d538..058421c 100755 --- a/config +++ b/config @@ -487,12 +487,12 @@ case "$GUESSOS" in OUT="darwin64-x86_64-cc" fi ;; armv6+7-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7" + __CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7" OUT="iphoneos-cross" ;; *-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}" + __CNF_CFLAGS="$__CNF_CFLAGS -arch ${MACHINE}" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch ${MACHINE}" OUT="iphoneos-cross" ;; arm64-*-iphoneos|*-*-ios64) OUT="ios64-cross" ;; From levitte at openssl.org Mon Jul 8 08:57:35 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 08 Jul 2019 08:57:35 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562576255.751032.7829.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7b031c206228ae1f48bdd9e271fc101f91f817e1 (commit) from 5a63e155ff115f9684a43d8d6034e63e189436d3 (commit) - Log ----------------------------------------------------------------- commit 7b031c206228ae1f48bdd9e271fc101f91f817e1 Author: John Schember Date: Tue Jul 2 15:05:27 2019 -0400 iOS build: Replace %20 with space in config script CLA: trivial Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9297) (cherry picked from commit 53fd220c8fc953b603dd13257d6b2e2d1e7eb864) ----------------------------------------------------------------------- Summary of changes: config | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config b/config index d0e31b6..c1a94d4 100755 --- a/config +++ b/config @@ -498,12 +498,12 @@ case "$GUESSOS" in OUT="darwin64-x86_64-cc" fi ;; armv6+7-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7" + __CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7" OUT="iphoneos-cross" ;; *-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}" + __CNF_CFLAGS="$__CNF_CFLAGS -arch ${MACHINE}" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch ${MACHINE}" OUT="iphoneos-cross" ;; arm64-*-iphoneos|*-*-ios64) OUT="ios64-cross" ;; From builds at travis-ci.org Mon Jul 8 09:12:00 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Jul 2019 09:12:00 +0000 Subject: Errored: openssl/openssl#26324 (master - 7b0fcee) In-Reply-To: Message-ID: <5d2308e02f90b_43fb371f8956c264565@745cee50-77c3-4eac-a959-2f89e1d56846.mail> Build Update for openssl/openssl ------------------------------------- Build: #26324 Status: Errored Duration: 18 mins and 5 secs Commit: 7b0fcee (master) Author: Lei Maohui Message: Fix build error for aarch64 big endian. Modified rev to rev64, because rev only takes integer registers. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827 Otherwise, the following error will occur. Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b' CLA: trivial Signed-off-by: Lei Maohui Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9151) View the changeset: https://github.com/openssl/openssl/compare/933a73b91443...7b0fceed21c8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555667645?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 8 09:33:50 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Jul 2019 09:33:50 +0000 Subject: Still Failing: openssl/openssl#26326 (master - 53fd220) In-Reply-To: Message-ID: <5d230dfdcb7d3_43fb37742eb442685e9@745cee50-77c3-4eac-a959-2f89e1d56846.mail> Build Update for openssl/openssl ------------------------------------- Build: #26326 Status: Still Failing Duration: 23 mins and 22 secs Commit: 53fd220 (master) Author: John Schember Message: iOS build: Replace %20 with space in config script CLA: trivial Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9297) View the changeset: https://github.com/openssl/openssl/compare/7b0fceed21c8...53fd220c8fc9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555668986?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon Jul 8 10:09:54 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Jul 2019 10:09:54 +0000 Subject: [openssl] master update Message-ID: <1562580594.987280.24004.nullmailer@dev.openssl.org> The branch master has been updated via b97a28b19d606d6782622a14ae06831b231c94a4 (commit) from 53fd220c8fc953b603dd13257d6b2e2d1e7eb864 (commit) - Log ----------------------------------------------------------------- commit b97a28b19d606d6782622a14ae06831b231c94a4 Author: Dmitry Belyavskiy Date: Mon Jul 8 20:09:13 2019 +1000 A very brief explanation of how to add custom functions to OpenSSL. Inspired by Rich Salz's letter to openssl-users@ [edited to remove non-ASCII characters and end of line white space] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9267) ----------------------------------------------------------------------- Summary of changes: HACKING | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 HACKING diff --git a/HACKING b/HACKING new file mode 100644 index 0000000..a9e39d0 --- /dev/null +++ b/HACKING @@ -0,0 +1,26 @@ + MODIFYING OPENSSL SOURCE + ------------------------ + This document describes the way to add custom modifications to OpenSSL sources. + + If you are adding new public functions to the custom library build, you need to + either add a prototype in one of the existing OpenSSL header files; + or provide a new header file and edit Configurations/unix-Makefile.tmpl to pick up that file. + + After that perform the following steps: + + ./config -Werror --strict-warnings [your-options] + make update + make + make test + + "make update" ensures that your functions declarations are added to util/libcrypto.num or util/libssl.num + If you plan to submit the changes you made to OpenSSL (see CONTRIBUTING), it's worth running: + + make doc-nits + + after running "make update" to ensure that documentation has correct format. + + "make update" also generates files related to OIDs (in the crypto/objects/ folder) and errors. + If a merge error occurs in one of these generated files then the generated files need to be removed + and regenerated using "make update". + To aid in this process the generated files can be committed separately so they can be removed easily. From pauli at openssl.org Mon Jul 8 10:15:16 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Jul 2019 10:15:16 +0000 Subject: [openssl] master update Message-ID: <1562580916.617665.306.nullmailer@dev.openssl.org> The branch master has been updated via 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623 (commit) from b97a28b19d606d6782622a14ae06831b231c94a4 (commit) - Log ----------------------------------------------------------------- commit 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623 Author: Dmitry Belyavskiy Date: Mon Jul 8 20:14:50 2019 +1000 Avoid NULL pointer dereference. Fixes #9043. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9059) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 14 ++++++++++++-- crypto/err/openssl.txt | 1 + crypto/x509/t_req.c | 4 ++++ crypto/x509/x509_err.c | 2 ++ include/openssl/x509err.h | 1 + 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/apps/req.c b/apps/req.c index ae420d3..f11d341 100644 --- a/apps/req.c +++ b/apps/req.c @@ -933,9 +933,19 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, get_nameopt(), reqflag); + ret = X509_print_ex(out, x509ss, get_nameopt(), reqflag); else - X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + + if (ret == 0) { + if (x509) + BIO_printf(bio_err, "Error printing certificate\n"); + else + BIO_printf(bio_err, "Error printing certificate request\n"); + + ERR_print_errors(bio_err); + goto end; + } } if (subject) { diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 4d717e3..f1567c2 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -3221,6 +3221,7 @@ X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table X509_R_CRL_ALREADY_DELTA:127:crl already delta X509_R_CRL_VERIFY_FAILURE:131:crl verify failure X509_R_IDP_MISMATCH:128:idp mismatch +X509_R_INVALID_ATTRIBUTES:138:invalid attributes X509_R_INVALID_DIRECTORY:113:invalid directory X509_R_INVALID_FIELD_NAME:119:invalid field name X509_R_INVALID_TRUST:123:invalid trust diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 28157de..8af6510 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -127,6 +127,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { ii = 0; count = X509_ATTRIBUTE_count(a); + if (count == 0) { + X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES); + return 0; + } get_next: at = X509_ATTRIBUTE_get0_type(a, ii); type = at->type; diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index c87d74d..1d0c518 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -129,6 +129,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES), + "invalid attributes"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), "invalid field name"}, diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index e796bf1..f04db92 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -102,6 +102,7 @@ int ERR_load_X509_strings(void); # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 # define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 # define X509_R_INVALID_DIRECTORY 113 # define X509_R_INVALID_FIELD_NAME 119 # define X509_R_INVALID_TRUST 123 From pauli at openssl.org Mon Jul 8 10:18:23 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Jul 2019 10:18:23 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1562581103.705737.7072.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a48cd0c5b9fef42321fc16ea6a40c30c0e1712d4 (commit) from 7b031c206228ae1f48bdd9e271fc101f91f817e1 (commit) - Log ----------------------------------------------------------------- commit a48cd0c5b9fef42321fc16ea6a40c30c0e1712d4 Author: Dmitry Belyavskiy Date: Mon Jul 8 20:14:50 2019 +1000 Avoid NULL pointer dereference. Fixes #9043. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9059) (cherry picked from commit 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 14 ++++++++++++-- crypto/err/openssl.txt | 1 + crypto/x509/t_req.c | 4 ++++ crypto/x509/x509_err.c | 2 ++ include/openssl/x509err.h | 1 + 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/apps/req.c b/apps/req.c index 6fd28a2..6dd119b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -881,9 +881,19 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, get_nameopt(), reqflag); + ret = X509_print_ex(out, x509ss, get_nameopt(), reqflag); else - X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + + if (ret == 0) { + if (x509) + BIO_printf(bio_err, "Error printing certificate\n"); + else + BIO_printf(bio_err, "Error printing certificate request\n"); + + ERR_print_errors(bio_err); + goto end; + } } if (subject) { diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 655bfb6..907eeaa 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -3011,6 +3011,7 @@ X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table X509_R_CRL_ALREADY_DELTA:127:crl already delta X509_R_CRL_VERIFY_FAILURE:131:crl verify failure X509_R_IDP_MISMATCH:128:idp mismatch +X509_R_INVALID_ATTRIBUTES:138:invalid attributes X509_R_INVALID_DIRECTORY:113:invalid directory X509_R_INVALID_FIELD_NAME:119:invalid field name X509_R_INVALID_TRUST:123:invalid trust diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 2d4c591..f315447 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -127,6 +127,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { ii = 0; count = X509_ATTRIBUTE_count(a); + if (count == 0) { + X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES); + return 0; + } get_next: at = X509_ATTRIBUTE_get0_type(a, ii); type = at->type; diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 739708e..7ef9714 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -123,6 +123,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES), + "invalid attributes"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), "invalid field name"}, diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index 7d9622c..0273853 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -97,6 +97,7 @@ int ERR_load_X509_strings(void); # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 # define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 # define X509_R_INVALID_DIRECTORY 113 # define X509_R_INVALID_FIELD_NAME 119 # define X509_R_INVALID_TRUST 123 From builds at travis-ci.org Mon Jul 8 10:29:28 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Jul 2019 10:29:28 +0000 Subject: Errored: openssl/openssl#26328 (master - b97a28b) In-Reply-To: Message-ID: <5d231b082affd_43fa4e363415c1296d7@5217e395-79b9-48e7-86c5-e646d68509c5.mail> Build Update for openssl/openssl ------------------------------------- Build: #26328 Status: Errored Duration: 18 mins and 58 secs Commit: b97a28b (master) Author: Dmitry Belyavskiy Message: A very brief explanation of how to add custom functions to OpenSSL. Inspired by Rich Salz's letter to openssl-users@ [edited to remove non-ASCII characters and end of line white space] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9267) View the changeset: https://github.com/openssl/openssl/compare/53fd220c8fc9...b97a28b19d60 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555697331?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 8 10:44:40 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Jul 2019 10:44:40 +0000 Subject: Still Failing: openssl/openssl#26329 (master - 9fd6f7d) In-Reply-To: Message-ID: <5d231e987d372_43ffd75574c18151148@119f926e-98be-49f2-8886-c7b030aa8736.mail> Build Update for openssl/openssl ------------------------------------- Build: #26329 Status: Still Failing Duration: 28 mins and 48 secs Commit: 9fd6f7d (master) Author: Dmitry Belyavskiy Message: Avoid NULL pointer dereference. Fixes #9043. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9059) View the changeset: https://github.com/openssl/openssl/compare/b97a28b19d60...9fd6f7d1cd2a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555699528?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 8 10:54:45 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Jul 2019 10:54:45 +0000 Subject: Errored: openssl/openssl#26330 (OpenSSL_1_1_1-stable - a48cd0c) In-Reply-To: Message-ID: <5d2320f491c75_43ffd7adcfd2c154336@119f926e-98be-49f2-8886-c7b030aa8736.mail> Build Update for openssl/openssl ------------------------------------- Build: #26330 Status: Errored Duration: 24 mins and 53 secs Commit: a48cd0c (OpenSSL_1_1_1-stable) Author: Dmitry Belyavskiy Message: Avoid NULL pointer dereference. Fixes #9043. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9059) (cherry picked from commit 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623) View the changeset: https://github.com/openssl/openssl/compare/7b031c206228...a48cd0c5b9fe View the full build log and details: https://travis-ci.org/openssl/openssl/builds/555700614?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 8 13:02:10 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jul 2019 13:02:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1562590930.705034.26603.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 933a73b914 man: fix typo in OPENSSL_fork_prepare.pod 291f616ced Fix an endless loop in BN_generate_prime_ex Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 214 wallclock secs ( 1.65 usr 0.27 sys + 210.77 cusr 16.44 csys = 229.13 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 8 13:47:48 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jul 2019 13:47:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1562593668.190309.18200.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 933a73b914 man: fix typo in OPENSSL_fork_prepare.pod 291f616ced Fix an endless loop in BN_generate_prime_ex Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 217 wallclock secs ( 1.51 usr 0.35 sys + 211.77 cusr 16.49 csys = 230.12 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 8 19:05:11 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Jul 2019 19:05:11 +0000 Subject: Build failed: openssl master.25766 Message-ID: <20190708190511.1.EAA8320CFDBD966D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 8 21:18:12 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Jul 2019 21:18:12 +0000 Subject: Build completed: openssl master.25767 Message-ID: <20190708211812.1.4BB1F0537C788E40@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Mon Jul 8 23:07:20 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 08 Jul 2019 23:07:20 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5d23cca813a89_5b182ad3791d4f5885d9@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0MMaX6iEdIuEHRJZ-2BzqmrWGmtaCSG4BK0tdcnwDMVPUaqNG1ZCco70LrfCqFRk-2FUMbY1FwM3jvRdEtD3I8SAgSS4N3mCO6EpapflToCOfNxUC6nUABclMEI3fIK4x6tJpxMDsyjvdhEL5CC9mu2dw6wy-2FxRI0nQqAhHncUNlfsIaiIeoBYX-2BPiRECv5UzoZ4I-3D Build ID: 263661 Analysis Summary: New defects found: 0 Defects eliminated: 0 From shane.lontis at oracle.com Mon Jul 8 23:40:28 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 08 Jul 2019 23:40:28 +0000 Subject: [openssl] master update Message-ID: <1562629228.801844.3296.nullmailer@dev.openssl.org> The branch master has been updated via 1aec7716c1c5fccf605a46252a46ea468e684454 (commit) from 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623 (commit) - Log ----------------------------------------------------------------- commit 1aec7716c1c5fccf605a46252a46ea468e684454 Author: Shane Lontis Date: Tue Jul 9 09:33:18 2019 +1000 Add X9.42 KDF. Move the KDF code for CMS DH key agreement into an EVP_KDF object. There are 2 specifications for X9.42 KDF. This implementation uses DER for otherinfo which embeds the KDF loop counter inside the DER object. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8898) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_kdf.c | 160 ++-------- crypto/err/openssl.txt | 10 + crypto/evp/c_allkdf.c | 3 + crypto/include/internal/evp_int.h | 1 + crypto/kdf/build.info | 2 +- crypto/kdf/kdf_err.c | 11 + crypto/kdf/x942kdf.c | 407 ++++++++++++++++++++++++ crypto/objects/obj_dat.h | 9 +- crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 2 + doc/man3/EVP_KDF_CTX.pod | 1 + doc/man7/{EVP_KDF_X963.pod => EVP_KDF_X942.pod} | 74 +++-- include/openssl/kdf.h | 11 +- include/openssl/kdferr.h | 10 + include/openssl/obj_mac.h | 4 + test/evp_kdf_test.c | 34 ++ test/evp_test.c | 18 +- test/recipes/30-test_evp_data/evpkdf.txt | 15 + 18 files changed, 604 insertions(+), 169 deletions(-) create mode 100644 crypto/kdf/x942kdf.c copy doc/man7/{EVP_KDF_X963.pod => EVP_KDF_X942.pod} (54%) diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 2a01bfc..03b1e4e 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,141 +10,43 @@ #include "e_os.h" #ifndef OPENSSL_NO_CMS -#include -#include -#include -#include -#include - - -/* Key derivation from X9.42/RFC2631 */ -/* Uses CMS functions, hence the #ifdef wrapper. */ - -#define DH_KDF_MAX (1L << 30) - -/* Skip past an ASN1 structure: for OBJECT skip content octets too */ - -static int skip_asn1(unsigned char **pp, long *plen, int exptag) -{ - const unsigned char *q = *pp; - int i, tag, xclass; - long tmplen; - i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen); - if (i & 0x80) - return 0; - if (tag != exptag || xclass != V_ASN1_UNIVERSAL) - return 0; - if (tag == V_ASN1_OBJECT) - q += tmplen; - *plen -= q - *pp; - *pp = (unsigned char *)q; - return 1; -} - -/* - * Encode the DH shared info structure, return an offset to the counter value - * so we can update the structure without reencoding it. - */ - -static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr, - ASN1_OBJECT *key_oid, size_t outlen, - const unsigned char *ukm, size_t ukmlen) -{ - unsigned char *p; - int derlen; - long tlen; - /* "magic" value to check offset is sane */ - static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 }; - X509_ALGOR atmp; - ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct; - ASN1_TYPE ctr_atype; - if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX) - return 0; - ctr_oct.data = ctr; - ctr_oct.length = 4; - ctr_oct.flags = 0; - ctr_oct.type = V_ASN1_OCTET_STRING; - ctr_atype.type = V_ASN1_OCTET_STRING; - ctr_atype.value.octet_string = &ctr_oct; - atmp.algorithm = key_oid; - atmp.parameter = &ctr_atype; - if (ukm) { - ukm_oct.type = V_ASN1_OCTET_STRING; - ukm_oct.flags = 0; - ukm_oct.data = (unsigned char *)ukm; - ukm_oct.length = ukmlen; - pukm_oct = &ukm_oct; - } else - pukm_oct = NULL; - derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen); - if (derlen <= 0) - return 0; - p = *pder; - tlen = derlen; - if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) - return 0; - if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) - return 0; - if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT)) - return 0; - if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING)) - return 0; - if (CRYPTO_memcmp(p, ctr, 4)) - return 0; - *pctr = p; - return derlen; -} +# include +# include +# include +# include +# include int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { - EVP_MD_CTX *mctx = NULL; - int rv = 0; - unsigned int i; - size_t mdlen; - unsigned char *der = NULL, *ctr; - int derlen; - if (Zlen > DH_KDF_MAX) + int ret = 0, nid; + EVP_KDF_CTX *kctx = NULL; + const EVP_KDF *kdf = NULL; + const char *oid_sn; + + nid = OBJ_obj2nid(key_oid); + if (nid == NID_undef) return 0; - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) + oid_sn = OBJ_nid2sn(nid); + if (oid_sn == NULL) return 0; - mdlen = EVP_MD_size(md); - derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); - if (derlen == 0) + + kdf = EVP_get_kdfbyname(SN_x942kdf); + if (kdf == NULL) goto err; - for (i = 1;; i++) { - unsigned char mtmp[EVP_MAX_MD_SIZE]; - if (!EVP_DigestInit_ex(mctx, md, NULL) - || !EVP_DigestUpdate(mctx, Z, Zlen)) - goto err; - ctr[3] = i & 0xFF; - ctr[2] = (i >> 8) & 0xFF; - ctr[1] = (i >> 16) & 0xFF; - ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(mctx, der, derlen)) - goto err; - if (outlen >= mdlen) { - if (!EVP_DigestFinal(mctx, out, NULL)) - goto err; - outlen -= mdlen; - if (outlen == 0) - break; - out += mdlen; - } else { - if (!EVP_DigestFinal(mctx, mtmp, NULL)) - goto err; - memcpy(out, mtmp, outlen); - OPENSSL_cleanse(mtmp, mdlen); - break; - } - } - rv = 1; - err: - OPENSSL_free(der); - EVP_MD_CTX_free(mctx); - return rv; + kctx = EVP_KDF_CTX_new(kdf); + ret = + kctx != NULL + && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) > 0 + && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, Z, Zlen) > 0 + && (ukm == NULL + || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, ukmlen) > 0) + && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, oid_sn) > 0 + && EVP_KDF_derive(kctx, out, outlen) > 0; +err: + EVP_KDF_CTX_free(kctx); + return ret; } -#endif +#endif /* OPENSSL_NO_CMS */ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index f1567c2..ddff08c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -935,6 +935,11 @@ KDF_F_SSKDF_MAC2CTRL:136:sskdf_mac2ctrl KDF_F_SSKDF_NEW:137:sskdf_new KDF_F_SSKDF_SIZE:138:sskdf_size KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg +KDF_F_X942KDF_CTRL:142:x942kdf_ctrl +KDF_F_X942KDF_DERIVE:143:x942kdf_derive +KDF_F_X942KDF_HASH_KDM:144:x942kdf_hash_kdm +KDF_F_X942KDF_NEW:145:x942kdf_new +KDF_F_X942KDF_SIZE:146:x942kdf_size KDF_F_X963KDF_DERIVE:139:x963kdf_derive OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid @@ -2469,11 +2474,15 @@ EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys +KDF_R_BAD_ENCODING:122:bad encoding +KDF_R_BAD_LENGTH:123:bad length +KDF_R_INAVLID_UKM_LEN:124:inavlid ukm len KDF_R_INVALID_DIGEST:100:invalid digest KDF_R_INVALID_ITERATION_COUNT:119:invalid iteration count KDF_R_INVALID_KEY_LEN:120:invalid key len KDF_R_INVALID_MAC_TYPE:116:invalid mac type KDF_R_INVALID_SALT_LEN:121:invalid salt len +KDF_R_MISSING_CEK_ALG:125:missing cek alg KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count KDF_R_MISSING_KEY:104:missing key KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest @@ -2487,6 +2496,7 @@ KDF_R_MISSING_TYPE:114:missing type KDF_R_MISSING_XCGHASH:115:missing xcghash KDF_R_NOT_SUPPORTED:118:not supported KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type +KDF_R_UNSUPPORTED_CEK_ALG:126:unsupported cek alg KDF_R_UNSUPPORTED_MAC_TYPE:117:unsupported mac type KDF_R_VALUE_ERROR:108:value error KDF_R_VALUE_MISSING:102:value missing diff --git a/crypto/evp/c_allkdf.c b/crypto/evp/c_allkdf.c index 2233fd9..860c11c 100644 --- a/crypto/evp/c_allkdf.c +++ b/crypto/evp/c_allkdf.c @@ -21,4 +21,7 @@ void openssl_add_all_kdfs_int(void) EVP_add_kdf(&sshkdf_kdf_meth); EVP_add_kdf(&ss_kdf_meth); EVP_add_kdf(&x963_kdf_meth); +#ifndef OPENSSL_NO_CMS + EVP_add_kdf(&x942_kdf_meth); +#endif } diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 183fc42..732fad8 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -173,6 +173,7 @@ extern const EVP_KDF hkdf_kdf_meth; extern const EVP_KDF sshkdf_kdf_meth; extern const EVP_KDF ss_kdf_meth; extern const EVP_KDF x963_kdf_meth; +extern const EVP_KDF x942_kdf_meth; struct evp_md_st { /* nid */ diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info index 52e40a4..4fdaccd 100644 --- a/crypto/kdf/build.info +++ b/crypto/kdf/build.info @@ -1,4 +1,4 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c \ - sskdf.c + sskdf.c x942kdf.c diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c index 98dc271..1b6e784 100644 --- a/crypto/kdf/kdf_err.c +++ b/crypto/kdf/kdf_err.c @@ -67,17 +67,26 @@ static const ERR_STRING_DATA KDF_str_functs[] = { {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_NEW, 0), "sskdf_new"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_SIZE, 0), "sskdf_size"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_CTRL, 0), "x942kdf_ctrl"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_DERIVE, 0), "x942kdf_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_HASH_KDM, 0), "x942kdf_hash_kdm"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_NEW, 0), "x942kdf_new"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_SIZE, 0), "x942kdf_size"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_X963KDF_DERIVE, 0), "x963kdf_derive"}, {0, NULL} }; static const ERR_STRING_DATA KDF_str_reasons[] = { + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_BAD_ENCODING), "bad encoding"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_BAD_LENGTH), "bad length"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INAVLID_UKM_LEN), "inavlid ukm len"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_ITERATION_COUNT), "invalid iteration count"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_KEY_LEN), "invalid key len"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_MAC_TYPE), "invalid mac type"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_SALT_LEN), "invalid salt len"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_CEK_ALG), "missing cek alg"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT), "missing iteration count"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"}, @@ -94,6 +103,8 @@ static const ERR_STRING_DATA KDF_str_reasons[] = { {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_NOT_SUPPORTED), "not supported"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE), "unknown parameter type"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNSUPPORTED_CEK_ALG), + "unsupported cek alg"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNSUPPORTED_MAC_TYPE), "unsupported mac type"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, diff --git a/crypto/kdf/x942kdf.c b/crypto/kdf/x942kdf.c new file mode 100644 index 0000000..ce9ad61 --- /dev/null +++ b/crypto/kdf/x942kdf.c @@ -0,0 +1,407 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" + +#ifndef OPENSSL_NO_CMS + +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include "internal/cryptlib.h" +# include "internal/evp_int.h" +# include "kdf_local.h" + +# define X942KDF_MAX_INLEN (1 << 30) + +struct evp_kdf_impl_st { + const EVP_MD *md; + unsigned char *secret; + size_t secret_len; + int cek_nid; + unsigned char *ukm; + size_t ukm_len; + size_t dkm_len; +}; + +/* A table of allowed wrapping algorithms and the associated output lengths */ +static const struct { + int nid; + size_t keklen; /* size in bytes */ +} kek_algs[] = { + { NID_id_smime_alg_CMS3DESwrap, 24 }, + { NID_id_smime_alg_CMSRC2wrap, 16 }, + { NID_id_aes128_wrap, 16 }, + { NID_id_aes192_wrap, 24 }, + { NID_id_aes256_wrap, 32 }, + { NID_id_camellia128_wrap, 16 }, + { NID_id_camellia192_wrap, 24 }, + { NID_id_camellia256_wrap, 32 } +}; + +/* Skip past an ASN1 structure: for OBJECT skip content octets too */ +static int skip_asn1(unsigned char **pp, long *plen, int exptag) +{ + int i, tag, xclass; + long tmplen; + const unsigned char *q = *pp; + + i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen); + if ((i & 0x80) != 0 || tag != exptag || xclass != V_ASN1_UNIVERSAL) + return 0; + if (tag == V_ASN1_OBJECT) + q += tmplen; + *pp = (unsigned char *)q; + *plen -= q - *pp; + return 1; +} + +/* + * Encode the other info structure. + * + * RFC2631 Section 2.1.2 Contains the following definition for otherinfo + * + * OtherInfo ::= SEQUENCE { + * keyInfo KeySpecificInfo, + * partyAInfo [0] OCTET STRING OPTIONAL, + * suppPubInfo [2] OCTET STRING + * } + * + * KeySpecificInfo ::= SEQUENCE { + * algorithm OBJECT IDENTIFIER, + * counter OCTET STRING SIZE (4..4) + * } + * + * |nid| is the algorithm object identifier. + * |keylen| is the length (in bytes) of the generated KEK. It is stored into + * suppPubInfo (in bits). + * |ukm| is the optional user keying material that is stored into partyAInfo. It + * can be NULL. + * |ukmlen| is the user keying material length (in bytes). + * |der| is the returned encoded data. It must be freed by the caller. + * |der_len| is the returned size of the encoded data. + * |out_ctr| returns a pointer to the counter data which is embedded inside the + * encoded data. This allows the counter bytes to be updated without re-encoding. + * + * Returns: 1 if successfully encoded, or 0 otherwise. + * Assumptions: |der|, |der_len| & |out_ctr| are not NULL. + */ +static int x942_encode_otherinfo(int nid, size_t keylen, + const unsigned char *ukm, size_t ukmlen, + unsigned char **der, size_t *der_len, + unsigned char **out_ctr) +{ + unsigned char *p, *encoded = NULL; + int ret = 0, encoded_len; + long tlen; + /* "magic" value to check offset is sane */ + static unsigned char ctr[4] = { 0x00, 0x00, 0x00, 0x01 }; + X509_ALGOR *ksi = NULL; + ASN1_OBJECT *alg_oid = NULL; + ASN1_OCTET_STRING *ctr_oct = NULL, *ukm_oct = NULL; + + /* set the KeySpecificInfo - which contains an algorithm oid and counter */ + ksi = X509_ALGOR_new(); + alg_oid = OBJ_dup(OBJ_nid2obj(nid)); + ctr_oct = ASN1_OCTET_STRING_new(); + if (ksi == NULL + || alg_oid == NULL + || ctr_oct == NULL + || !ASN1_OCTET_STRING_set(ctr_oct, ctr, sizeof(ctr)) + || !X509_ALGOR_set0(ksi, alg_oid, V_ASN1_OCTET_STRING, ctr_oct)) + goto err; + /* NULL these as they now belong to ksi */ + alg_oid = NULL; + ctr_oct = NULL; + + /* Set the optional partyAInfo */ + if (ukm != NULL) { + ukm_oct = ASN1_OCTET_STRING_new(); + if (ukm_oct == NULL) + goto err; + ASN1_OCTET_STRING_set(ukm_oct, (unsigned char *)ukm, ukmlen); + } + /* Generate the OtherInfo DER data */ + encoded_len = CMS_SharedInfo_encode(&encoded, ksi, ukm_oct, keylen); + if (encoded_len <= 0) + goto err; + + /* Parse the encoded data to find the offset of the counter data */ + p = encoded; + tlen = (long)encoded_len; + if (skip_asn1(&p, &tlen, V_ASN1_SEQUENCE) + && skip_asn1(&p, &tlen, V_ASN1_SEQUENCE) + && skip_asn1(&p, &tlen, V_ASN1_OBJECT) + && skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING) + && CRYPTO_memcmp(p, ctr, 4) == 0) { + *out_ctr = p; + *der = encoded; + *der_len = (size_t)encoded_len; + ret = 1; + } +err: + if (ret != 1) + OPENSSL_free(encoded); + ASN1_OCTET_STRING_free(ctr_oct); + ASN1_OCTET_STRING_free(ukm_oct); + ASN1_OBJECT_free(alg_oid); + X509_ALGOR_free(ksi); + return ret; +} + +static int x942kdf_hash_kdm(const EVP_MD *kdf_md, + const unsigned char *z, size_t z_len, + const unsigned char *other, size_t other_len, + unsigned char *ctr, + unsigned char *derived_key, size_t derived_key_len) +{ + int ret = 0, hlen; + size_t counter, out_len, len = derived_key_len; + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned char *out = derived_key; + EVP_MD_CTX *ctx = NULL, *ctx_init = NULL; + + if (z_len > X942KDF_MAX_INLEN || other_len > X942KDF_MAX_INLEN + || derived_key_len > X942KDF_MAX_INLEN + || derived_key_len == 0) { + KDFerr(KDF_F_X942KDF_HASH_KDM, KDF_R_BAD_LENGTH); + return 0; + } + + hlen = EVP_MD_size(kdf_md); + if (hlen <= 0) + return 0; + out_len = (size_t)hlen; + + ctx = EVP_MD_CTX_create(); + ctx_init = EVP_MD_CTX_create(); + if (ctx == NULL || ctx_init == NULL) + goto end; + + if (!EVP_DigestInit(ctx_init, kdf_md)) + goto end; + + for (counter = 1;; counter++) { + /* updating the ctr modifies 4 bytes in the 'other' buffer */ + ctr[0] = (unsigned char)((counter >> 24) & 0xff); + ctr[1] = (unsigned char)((counter >> 16) & 0xff); + ctr[2] = (unsigned char)((counter >> 8) & 0xff); + ctr[3] = (unsigned char)(counter & 0xff); + + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init) + || !EVP_DigestUpdate(ctx, z, z_len) + || !EVP_DigestUpdate(ctx, other, other_len)) + goto end; + if (len >= out_len) { + if (!EVP_DigestFinal_ex(ctx, out, NULL)) + goto end; + out += out_len; + len -= out_len; + if (len == 0) + break; + } else { + if (!EVP_DigestFinal_ex(ctx, mac, NULL)) + goto end; + memcpy(out, mac, len); + break; + } + } + ret = 1; +end: + EVP_MD_CTX_free(ctx); + EVP_MD_CTX_free(ctx_init); + OPENSSL_cleanse(mac, sizeof(mac)); + return ret; +} + +static EVP_KDF_IMPL *x942kdf_new(void) +{ + EVP_KDF_IMPL *impl; + + if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) + KDFerr(KDF_F_X942KDF_NEW, ERR_R_MALLOC_FAILURE); + return impl; +} + +static void x942kdf_reset(EVP_KDF_IMPL *impl) +{ + OPENSSL_clear_free(impl->secret, impl->secret_len); + OPENSSL_clear_free(impl->ukm, impl->ukm_len); + memset(impl, 0, sizeof(*impl)); +} + +static void x942kdf_free(EVP_KDF_IMPL *impl) +{ + x942kdf_reset(impl); + OPENSSL_free(impl); +} + +static int x942kdf_set_buffer(va_list args, unsigned char **out, size_t *out_len) +{ + const unsigned char *p; + size_t len; + + p = va_arg(args, const unsigned char *); + len = va_arg(args, size_t); + if (len == 0 || p == NULL) + return 1; + + OPENSSL_free(*out); + *out = OPENSSL_memdup(p, len); + if (*out == NULL) + return 0; + + *out_len = len; + return 1; +} + +static int x942kdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) +{ + const EVP_MD *md; + char *alg_str = NULL; + size_t i; + + switch (cmd) { + case EVP_KDF_CTRL_SET_MD: + md = va_arg(args, const EVP_MD *); + if (md == NULL) + return 0; + + impl->md = md; + return 1; + + case EVP_KDF_CTRL_SET_KEY: + return x942kdf_set_buffer(args, &impl->secret, &impl->secret_len); + + case EVP_KDF_CTRL_SET_UKM: + return x942kdf_set_buffer(args, &impl->ukm, &impl->ukm_len); + + case EVP_KDF_CTRL_SET_CEK_ALG: + alg_str = va_arg(args, char *); + if (alg_str == NULL) + return 0; + impl->cek_nid = OBJ_sn2nid(alg_str); + for (i = 0; i < (size_t)OSSL_NELEM(kek_algs); ++i) { + if (kek_algs[i].nid == impl->cek_nid) { + impl->dkm_len = kek_algs[i].keklen; + return 1; + } + } + KDFerr(KDF_F_X942KDF_CTRL, KDF_R_UNSUPPORTED_CEK_ALG); + return 0; + + default: + return -2; + } +} + +static int x942kdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, + const char *value) +{ + if (strcmp(type, "digest") == 0) + return kdf_md2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_MD, value); + + if (strcmp(type, "secret") == 0 || strcmp(type, "key") == 0) + return kdf_str2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_KEY, + value); + + if (strcmp(type, "hexsecret") == 0 || strcmp(type, "hexkey") == 0) + return kdf_hex2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_KEY, + value); + + if (strcmp(type, "ukm") == 0) + return kdf_str2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_UKM, + value); + + if (strcmp(type, "hexukm") == 0) + return kdf_hex2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_UKM, + value); + + if (strcmp(type, "cekalg") == 0) + return kdf_str2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_CEK_ALG, + value); + + return -2; +} + +static size_t x942kdf_size(EVP_KDF_IMPL *impl) +{ + int len; + + if (impl->md == NULL) { + KDFerr(KDF_F_X942KDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); + return 0; + } + len = EVP_MD_size(impl->md); + return (len <= 0) ? 0 : (size_t)len; +} + +static int x942kdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) +{ + int ret = 0; + unsigned char *ctr; + unsigned char *der = NULL; + size_t der_len = 0; + + if (impl->secret == NULL) { + KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_SECRET); + return 0; + } + if (impl->md == NULL) { + KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + return 0; + } + if (impl->cek_nid == NID_undef) { + KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_CEK_ALG); + return 0; + } + if (impl->ukm != NULL && impl->ukm_len >= X942KDF_MAX_INLEN) { + /* + * Note the ukm length MUST be 512 bits. + * For backwards compatibility the old check is being done. + */ + KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_INAVLID_UKM_LEN); + return 0; + } + if (keylen != impl->dkm_len) { + KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_CEK_ALG); + return 0; + } + /* generate the otherinfo der */ + if (!x942_encode_otherinfo(impl->cek_nid, impl->dkm_len, + impl->ukm, impl->ukm_len, + &der, &der_len, &ctr)) { + KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_BAD_ENCODING); + return 0; + } + ret = x942kdf_hash_kdm(impl->md, impl->secret, impl->secret_len, + der, der_len, ctr, key, keylen); + OPENSSL_free(der); + return ret; +} + +const EVP_KDF x942_kdf_meth = { + EVP_KDF_X942, + x942kdf_new, + x942kdf_free, + x942kdf_reset, + x942kdf_ctrl, + x942kdf_ctrl_str, + x942kdf_size, + x942kdf_derive +}; + +#endif /* OPENSSL_NO_CMS */ diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 5c47d6b..0beeacf 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1084,7 +1084,7 @@ static const unsigned char so[7813] = { 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7804] OBJ_SM2_with_SM3 */ }; -#define NUM_NID 1207 +#define NUM_NID 1208 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2293,9 +2293,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7804]}, {"SSKDF", "sskdf", NID_sskdf}, {"X963KDF", "x963kdf", NID_x963kdf}, + {"X942KDF", "x942kdf", NID_x942kdf}, }; -#define NUM_SN 1198 +#define NUM_SN 1199 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2596,6 +2597,7 @@ static const unsigned int sn_objs[NUM_SN] = { 378, /* "X500algorithms" */ 12, /* "X509" */ 184, /* "X9-57" */ + 1207, /* "X942KDF" */ 1206, /* "X963KDF" */ 185, /* "X9cm" */ 125, /* "ZLIB" */ @@ -3497,7 +3499,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1198 +#define NUM_LN 1199 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -4695,6 +4697,7 @@ static const unsigned int ln_objs[NUM_LN] = { 503, /* "x500UniqueIdentifier" */ 158, /* "x509Certificate" */ 160, /* "x509Crl" */ + 1207, /* "x942kdf" */ 1206, /* "x963kdf" */ 125, /* "zlib compression" */ }; diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index e0969fe..022e642 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1204,3 +1204,4 @@ sshkdf 1203 SM2_with_SM3 1204 sskdf 1205 x963kdf 1206 +x942kdf 1207 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index dcdfa90..47cf2f1 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1616,6 +1616,8 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme # NID for SSKDF : SSKDF : sskdf +# NID for X942KDF + : X942KDF : x942kdf # NID for X963-2001 KDF : X963KDF : x963kdf diff --git a/doc/man3/EVP_KDF_CTX.pod b/doc/man3/EVP_KDF_CTX.pod index 342807f..3899361 100644 --- a/doc/man3/EVP_KDF_CTX.pod +++ b/doc/man3/EVP_KDF_CTX.pod @@ -278,6 +278,7 @@ L L L L +L =head1 HISTORY diff --git a/doc/man7/EVP_KDF_X963.pod b/doc/man7/EVP_KDF_X942.pod similarity index 54% copy from doc/man7/EVP_KDF_X963.pod copy to doc/man7/EVP_KDF_X942.pod index eaea6da..306ab2e 100644 --- a/doc/man7/EVP_KDF_X963.pod +++ b/doc/man7/EVP_KDF_X942.pod @@ -2,17 +2,18 @@ =head1 NAME -EVP_KDF_X963 - The X9.63-2001 EVP_KDF implementation +EVP_KDF_X942 - The X9.42-2001 asn1 EVP_KDF implementation =head1 DESCRIPTION -The EVP_KDF_X963 algorithm implements the key derivation function (X963KDF). -X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to -derive a key using input such as a shared secret key and shared info. +The EVP_KDF_X942 algorithm implements the key derivation function (X942KDF). +X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to +derive a key using input such as a shared secret key and other info. The other +info is DER encoded data that contains a 32 bit counter. =head2 Numeric identity -B is the numeric identity for this implementation; it +B is the numeric identity for this implementation; it can be used with the EVP_KDF_CTX_new_id() function. =head2 Supported controls @@ -46,69 +47,82 @@ decoded before being passed on as the control value. =back -=item B +=item B -This control expects two arguments: C, C +This control expects two arguments: C, C -An optional value for shared info. This control sets the shared info. +An optional random string that is provided by the sender called "partyAInfo". +In CMS this is the user keying material. EVP_KDF_ctrl_str() takes two type strings for this control: =over 4 -=item "info" +=item "ukm" The value string is used as is. -=item "hexinfo" +=item "hexukm" The value string is expected to be a hexadecimal number, which will be decoded before being passed on as the control value. =back +=item B + +This control expects one argument: C + +The CEK wrapping algorithm name. + +EVP_KDF_ctrl_str() type string: "cekalg" + +The value string is used as is. + =back =head1 NOTES -X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, -X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. +A context for X942KDF can be obtained by calling: -A context for X963KDF can be obtained by calling: +EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942); -EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963); - -The output length of an X963KDF is specified via the C +The output length of an X942KDF is specified via the C parameter to the L function. =head1 EXAMPLE -This example derives 10 bytes, with the secret key "secret" and sharedinfo -value "label": +This example derives 24 bytes, with the secret key "secret" and a random user +keying material: EVP_KDF_CTX *kctx; - unsigned char out[10]; + unsigned char out[192/8]; + unsignred char ukm[64]; + + if (RAND_bytes(ukm, sizeof(ukm)) <= 0) + error("RAND_bytes"); - kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963); + kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942); + if (kctx == NULL) + error("EVP_KDF_CTX_new_id"); - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { + if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) error("EVP_KDF_CTRL_SET_MD"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { + if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) error("EVP_KDF_CTRL_SET_KEY"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, "label", (size_t)5) <= 0) { - error("EVP_KDF_CTRL_SET_SHARED_INFO"); - } - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, sizeof(ukm)) <= 0) + error("EVP_KDF_CTRL_SET_UKM"); + if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, + SN_id_smime_alg_CMS3DESwrap) <= 0) + error("EVP_KDF_CTRL_SET_CEK_ALG"); + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) error("EVP_KDF_derive"); - } EVP_KDF_CTX_free(kctx); =head1 CONFORMING TO -"SEC 1: Elliptic Curve Cryptography" +RFC 2631 =head1 SEE ALSO diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 960098d..300cf76 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -25,6 +25,7 @@ extern "C" { # define EVP_KDF_SSHKDF NID_sshkdf # define EVP_KDF_SS NID_sskdf # define EVP_KDF_X963 NID_x963kdf +# define EVP_KDF_X942 NID_x942kdf EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); @@ -66,18 +67,20 @@ const EVP_KDF *EVP_get_kdfbyname(const char *name); # define EVP_KDF_CTRL_SET_MAC_SIZE 0x14 /* size_t */ # define EVP_KDF_CTRL_SET_SSKDF_INFO 0x15 /* unsigned char *, size_t */ # define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x16 /* int */ +# define EVP_KDF_CTRL_SET_UKM 0x17 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_CEK_ALG 0x18 /* char * */ # define EVP_KDF_CTRL_SET_SHARED_INFO EVP_KDF_CTRL_SET_SSKDF_INFO # define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 -#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 -#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 -#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 -#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 /**** The legacy PKEY-based KDF API follows. ****/ diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h index 2899955..335bdf3 100644 --- a/include/openssl/kdferr.h +++ b/include/openssl/kdferr.h @@ -64,16 +64,25 @@ int ERR_load_KDF_strings(void); # define KDF_F_SSKDF_NEW 137 # define KDF_F_SSKDF_SIZE 138 # define KDF_F_TLS1_PRF_ALG 111 +# define KDF_F_X942KDF_CTRL 142 +# define KDF_F_X942KDF_DERIVE 143 +# define KDF_F_X942KDF_HASH_KDM 144 +# define KDF_F_X942KDF_NEW 145 +# define KDF_F_X942KDF_SIZE 146 # define KDF_F_X963KDF_DERIVE 139 /* * KDF reason codes. */ +# define KDF_R_BAD_ENCODING 122 +# define KDF_R_BAD_LENGTH 123 +# define KDF_R_INAVLID_UKM_LEN 124 # define KDF_R_INVALID_DIGEST 100 # define KDF_R_INVALID_ITERATION_COUNT 119 # define KDF_R_INVALID_KEY_LEN 120 # define KDF_R_INVALID_MAC_TYPE 116 # define KDF_R_INVALID_SALT_LEN 121 +# define KDF_R_MISSING_CEK_ALG 125 # define KDF_R_MISSING_ITERATION_COUNT 109 # define KDF_R_MISSING_KEY 104 # define KDF_R_MISSING_MESSAGE_DIGEST 105 @@ -87,6 +96,7 @@ int ERR_load_KDF_strings(void); # define KDF_R_MISSING_XCGHASH 115 # define KDF_R_NOT_SUPPORTED 118 # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_UNSUPPORTED_CEK_ALG 126 # define KDF_R_UNSUPPORTED_MAC_TYPE 117 # define KDF_R_VALUE_ERROR 108 # define KDF_R_VALUE_MISSING 102 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 3657f43..930a7a9 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -5008,6 +5008,10 @@ #define LN_sskdf "sskdf" #define NID_sskdf 1205 +#define SN_x942kdf "X942KDF" +#define LN_x942kdf "x942kdf" +#define NID_x942kdf 1207 + #define SN_x963kdf "X963KDF" #define LN_x963kdf "x963kdf" #define NID_x963kdf 1206 diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 3b515f9..e7c1381 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -407,6 +407,37 @@ static int test_kdf_get_kdf(void) && TEST_ptr_eq(kdf1, kdf2); } +#ifndef OPENSSL_NO_CMS +static int test_kdf_x942_asn1(void) +{ + int ret; + EVP_KDF_CTX *kctx = NULL; + unsigned char out[24]; + /* RFC2631 Section 2.1.6 Test data */ + static const unsigned char z[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d, + 0x0e,0x0f,0x10,0x11,0x12,0x13 + }; + static const unsigned char expected[sizeof(out)] = { + 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04, + 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46, + 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb + }; + + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942)) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha1()), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, + SN_id_smime_alg_CMS3DESwrap), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + + EVP_KDF_CTX_free(kctx); + return ret; +} +#endif /* OPENSSL_NO_CMS */ + int setup_tests(void) { ADD_TEST(test_kdf_get_kdf); @@ -421,5 +452,8 @@ int setup_tests(void) ADD_TEST(test_kdf_ss_kmac); ADD_TEST(test_kdf_sshkdf); ADD_TEST(test_kdf_x963); +#ifndef OPENSSL_NO_CMS + ADD_TEST(test_kdf_x942_asn1); +#endif return 1; } diff --git a/test/evp_test.c b/test/evp_test.c index b70b4ea..0489bbe 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1965,7 +1965,14 @@ static int kdf_test_init(EVP_TEST *t, const char *name) t->skip = 1; return 1; } -#endif +#endif /* OPENSSL_NO_SCRYPT */ + +#ifdef OPENSSL_NO_CMS + if (strcmp(name, "X942KDF") == 0) { + t->skip = 1; + return 1; + } +#endif /* OPENSSL_NO_CMS */ kdf = EVP_get_kdfbyname(name); if (kdf == NULL) @@ -2097,7 +2104,14 @@ static int pkey_kdf_test_init(EVP_TEST *t, const char *name) t->skip = 1; return 1; } -#endif +#endif /* OPENSSL_NO_SCRYPT */ + +#ifdef OPENSSL_NO_CMS + if (strcmp(name, "X942KDF") == 0) { + t->skip = 1; + return 1; + } +#endif /* OPENSSL_NO_CMS */ if (kdf_nid == NID_undef) kdf_nid = OBJ_ln2nid(name); diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt index 991c574..6f7270b 100644 --- a/test/recipes/30-test_evp_data/evpkdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf.txt @@ -6488,3 +6488,18 @@ Ctrl.digest = digest:SHA512 Ctrl.hexsecret = hexsecret:0037cd001a0ad87f35ddf58ab355d6144ba2ed0749a7435dab548ba0bfbe723c047e2396b4eef99653412a92c8db74bb5c03063f2eb0525ae87356750ae3676faa86 Ctrl.hexinfo = hexinfo:eb17da8851c41c7ac6710b1c49f324f8 Output = 829a28b81f9e95b5f306604067499c07d5944ca034ed130d513951f7143e4e162bad8adb2833e53b8235c293cd2a809659ac7f7e392cba6a543660e5d95070c0c9e6a9cdc38123e22da61bb4cbb6ad6d1a58a069e934fc231bd9fe39a24afcbf322ccea385f0418f3b01c1edd6e7124593a1cefe3e48fcd95daaf72cfd973c59 + +Title = X9.42 KDF tests (from RFC2631 test vectors) + +KDF = X942KDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213 +Ctrl.cekalg = cekalg:id-smime-alg-CMS3DESwrap +Output = a09661392376f7044d9052a397883246b67f5f1ef63eb5fb + +KDF = X942KDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213 +Ctrl.cekalg = cekalg:id-smime-alg-CMSRC2wrap +Ctrl.hexukm = hexukm:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201 +Output = 48950c46e0530075403cce72889604e0 From pauli at openssl.org Mon Jul 8 23:45:43 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Jul 2019 23:45:43 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1562629543.404737.3201.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 04151456b9d896a7825a5ac77c0310c97fa5f650 (commit) from d9b6a51e926bfd1f86eac9de5dcbc28541fcf99f (commit) - Log ----------------------------------------------------------------- commit 04151456b9d896a7825a5ac77c0310c97fa5f650 Author: Pauli Date: Mon Jul 8 13:39:20 2019 +1000 Avoid NULL pointer dereference. [manual merge from #9059 to 1.1.0] Fixes: #9043 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/9322) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 14 ++++++++++++-- crypto/x509/t_req.c | 4 ++++ crypto/x509/x509_err.c | 3 ++- include/openssl/x509.h | 1 + 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/apps/req.c b/apps/req.c index a20e7c1..863c287 100644 --- a/apps/req.c +++ b/apps/req.c @@ -743,9 +743,19 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, nmflag, reqflag); + ret = X509_print_ex(out, x509ss, nmflag, reqflag); else - X509_REQ_print_ex(out, req, nmflag, reqflag); + ret = X509_REQ_print_ex(out, req, nmflag, reqflag); + + if (ret == 0) { + if (x509) + BIO_printf(bio_err, "Error printing certificate\n"); + else + BIO_printf(bio_err, "Error printing certificate request\n"); + + ERR_print_errors(bio_err); + goto end; + } } if (subject) { diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 77ce810..3207dfa 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -125,6 +125,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { ii = 0; count = X509_ATTRIBUTE_count(a); + if (count == 0) { + X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES); + return 0; + } get_next: at = X509_ATTRIBUTE_get0_type(a, ii); type = at->type; diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 9f91188..e1a3364 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -97,6 +97,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"}, {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_REASON(X509_R_INVALID_ATTRIBUTES), "invalid attributes"}, {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"}, diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 780386d..75b39d1 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1092,6 +1092,7 @@ int ERR_load_X509_strings(void); # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 # define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 135 # define X509_R_INVALID_DIRECTORY 113 # define X509_R_INVALID_FIELD_NAME 119 # define X509_R_INVALID_TRUST 123 From builds at travis-ci.org Tue Jul 9 00:00:08 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Jul 2019 00:00:08 +0000 Subject: Still Failing: openssl/openssl#26341 (master - 1aec771) In-Reply-To: Message-ID: <5d23d907a6a7a_43fe392efd9583453be@a22f1d36-51ed-470e-a23e-d7c19e3e932f.mail> Build Update for openssl/openssl ------------------------------------- Build: #26341 Status: Still Failing Duration: 18 mins and 57 secs Commit: 1aec771 (master) Author: Shane Lontis Message: Add X9.42 KDF. Move the KDF code for CMS DH key agreement into an EVP_KDF object. There are 2 specifications for X9.42 KDF. This implementation uses DER for otherinfo which embeds the KDF loop counter inside the DER object. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8898) View the changeset: https://github.com/openssl/openssl/compare/9fd6f7d1cd2a...1aec7716c1c5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/556051113?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Tue Jul 9 00:57:44 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 09 Jul 2019 00:57:44 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5d23e68872893_c702ad3791d4f58852c@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2H6ivlU5kOUZTtKAD-2BYBdZhggUxrUXUQqanSarra44mq7ztuq650g7ts1VSTrR1JqY7-2BFPbm7R-2FzBX3afiscSI-2Bl6zt-2Fz2uO82sJN-2FPhBOGm0rr8Gp0fTr79keQg5kzuqroMiWfPogVS6itdhZUGLFbJtlF590Ppt-2F7vXX4oL65egmHaDBwRBOoiyULLa53YA-3D Build ID: 263748 Analysis Summary: New defects found: 0 Defects eliminated: 0 From openssl at openssl.org Tue Jul 9 02:21:46 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jul 2019 02:21:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1562638906.060871.14803.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 9fd6f7d1cd Avoid NULL pointer dereference. Fixes #9043. b97a28b19d A very brief explanation of how to add custom functions to OpenSSL. 53fd220c8f iOS build: Replace %20 with space in config script 7b0fceed21 Fix build error for aarch64 big endian. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 243 wallclock secs ( 2.57 usr 0.46 sys + 233.18 cusr 19.45 csys = 255.66 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue Jul 9 05:47:08 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 09 Jul 2019 05:47:08 +0000 Subject: Build failed: openssl master.25775 Message-ID: <20190709054708.1.D3A65BC60B12A2B8@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 9 06:10:39 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jul 2019 06:10:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1562652639.136431.848.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 9fd6f7d1cd Avoid NULL pointer dereference. Fixes #9043. b97a28b19d A very brief explanation of how to add custom functions to OpenSSL. 53fd220c8f iOS build: Replace %20 with space in config script 7b0fceed21 Fix build error for aarch64 big endian. Build log ended with (last 100 lines): providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_absorb': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:176: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:170: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:202: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:209: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:200: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:281: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:285: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:289: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:295: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:298: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:348: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:72: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:365: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:368: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:377: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:381: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:414: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:146: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:149: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:151: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:155: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:243: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7081: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Tue Jul 9 10:45:33 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 09 Jul 2019 10:45:33 +0000 Subject: Build completed: openssl master.25776 Message-ID: <20190709104533.1.672A1F42F33DA933@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Tue Jul 9 12:05:53 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 09 Jul 2019 12:05:53 +0000 Subject: [openssl] master update Message-ID: <1562673953.765158.17182.nullmailer@dev.openssl.org> The branch master has been updated via 7a228c391e0a35e1dc1223e3af3371968376857b (commit) from 1aec7716c1c5fccf605a46252a46ea468e684454 (commit) - Log ----------------------------------------------------------------- commit 7a228c391e0a35e1dc1223e3af3371968376857b Author: Bernd Edlinger Date: Mon Jul 8 09:49:33 2019 +0200 Replace long dash characters with normal ascii minus Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9321) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_key.c | 2 +- crypto/kdf/sskdf.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 76aea4f..47ccfd0 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -303,7 +303,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) * See SP800-56A R3 Section 5.6.2.3.3 (Part 2) * i.e. * - If q = odd prime p: Verify that xQ and yQ are integers in the - * interval[0, p ? 1], OR + * interval[0, p - 1], OR * - If q = 2m: Verify that xQ and yQ are bit strings of length m bits. * Returns 1 if the public key has a valid range, otherwise it returns 0. */ diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c index 31a1c10..62372a5 100644 --- a/crypto/kdf/sskdf.c +++ b/crypto/kdf/sskdf.c @@ -17,7 +17,7 @@ * Result(0) = empty bit string (i.e., the null string). * For i = 1 to reps, do the following: * Increment counter by 1. - * Result(i) = Result(i ? 1) || H(counter || Z || FixedInfo). + * Result(i) = Result(i - 1) || H(counter || Z || FixedInfo). * DKM = LeftmostBits(Result(reps), L)) * * NOTES: From builds at travis-ci.org Tue Jul 9 12:25:45 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Jul 2019 12:25:45 +0000 Subject: Still Failing: openssl/openssl#26349 (master - 7a228c3) In-Reply-To: Message-ID: <5d2487c8e9a4e_43f8d12412e5c11018c@3dfeae7d-249f-4859-a2aa-053155499292.mail> Build Update for openssl/openssl ------------------------------------- Build: #26349 Status: Still Failing Duration: 19 mins and 9 secs Commit: 7a228c3 (master) Author: Bernd Edlinger Message: Replace long dash characters with normal ascii minus Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9321) View the changeset: https://github.com/openssl/openssl/compare/1aec7716c1c5...7a228c391e0a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/556268979?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 9 13:13:35 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jul 2019 13:13:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1562678015.758132.26993.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 9fd6f7d1cd Avoid NULL pointer dereference. Fixes #9043. b97a28b19d A very brief explanation of how to add custom functions to OpenSSL. 53fd220c8f iOS build: Replace %20 with space in config script 7b0fceed21 Fix build error for aarch64 big endian. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 218 wallclock secs ( 1.66 usr 0.32 sys + 213.44 cusr 16.93 csys = 232.35 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 9 13:59:56 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jul 2019 13:59:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1562680796.051577.18087.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 9fd6f7d1cd Avoid NULL pointer dereference. Fixes #9043. b97a28b19d A very brief explanation of how to add custom functions to OpenSSL. 53fd220c8f iOS build: Replace %20 with space in config script 7b0fceed21 Fix build error for aarch64 big endian. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 222 wallclock secs ( 1.62 usr 0.35 sys + 216.29 cusr 17.19 csys = 235.45 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jul 10 02:22:14 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jul 2019 02:22:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1562725334.731430.15287.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 7a228c391e Replace long dash characters with normal ascii minus 1aec7716c1 Add X9.42 KDF. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 250 wallclock secs ( 2.94 usr 0.40 sys + 237.33 cusr 22.42 csys = 263.09 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jul 10 06:11:48 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jul 2019 06:11:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1562739108.926112.1710.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 7a228c391e Replace long dash characters with normal ascii minus 1aec7716c1 Add X9.42 KDF. Build log ended with (last 100 lines): providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `shake_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:276: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_128_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:277: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `keccak_kmac_256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:278: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_absorb': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:103: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha3_prov.o: In function `generic_sha3_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:159: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:176: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:170: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:202: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:209: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:200: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:281: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:285: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:278: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:289: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:295: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:298: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:348: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:353: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:72: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:365: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:368: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:377: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:381: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:393: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:401: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:414: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:48: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:136: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:141: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:146: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:149: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:151: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:155: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:243: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7089: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Wed Jul 10 08:12:16 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Jul 2019 08:12:16 +0000 Subject: Build failed: openssl master.25788 Message-ID: <20190710081216.1.905720B8F5136A26@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 10 13:16:00 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jul 2019 13:16:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1562764560.898088.28921.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 7a228c391e Replace long dash characters with normal ascii minus 1aec7716c1 Add X9.42 KDF. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 225 wallclock secs ( 1.81 usr 0.31 sys + 217.27 cusr 19.52 csys = 238.91 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jul 10 14:02:41 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jul 2019 14:02:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1562767361.960722.21267.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 7a228c391e Replace long dash characters with normal ascii minus 1aec7716c1 Add X9.42 KDF. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 224 wallclock secs ( 1.73 usr 0.32 sys + 216.87 cusr 19.68 csys = 238.60 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jul 10 16:56:11 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Jul 2019 16:56:11 +0000 Subject: Build failed: openssl master.25798 Message-ID: <20190710165611.1.7279898D298F9D50@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 10 17:25:29 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Jul 2019 17:25:29 +0000 Subject: Build completed: openssl master.25799 Message-ID: <20190710172529.1.EF3A3B2CB4861989@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 11 00:12:59 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jul 2019 00:12:59 +0000 Subject: Build failed: openssl master.25811 Message-ID: <20190711001259.1.8C69026CB8267A09@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 11 02:29:23 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jul 2019 02:29:23 +0000 Subject: Build failed: openssl master.25814 Message-ID: <20190711022923.1.7CBD3A94FEA923D5@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 11 04:49:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jul 2019 04:49:48 +0000 Subject: Build completed: openssl master.25815 Message-ID: <20190711044948.1.66DEF9C6D27BBDF9@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 11 05:27:12 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 11 Jul 2019 05:27:12 +0000 Subject: [openssl] master update Message-ID: <1562822832.745107.29496.nullmailer@dev.openssl.org> The branch master has been updated via 06c8331c51797f43881e5262b4c114aacc6d0ca0 (commit) via 13273237a65d46186b6bea0b51aec90670d4598a (commit) via 80942379c9fc66076b784cba6318ed6ca85ca3ea (commit) via 48ebde226d4bd66556f25d0c4b3679478890974d (commit) from 7a228c391e0a35e1dc1223e3af3371968376857b (commit) - Log ----------------------------------------------------------------- commit 06c8331c51797f43881e5262b4c114aacc6d0ca0 Author: Richard Levitte Date: Tue Jul 9 12:03:00 2019 +0200 Adapt the provider AES for more use of OSSL_PARAM The cipher context IV was a bit interesting. EVP_CIPHER_CTX_iv() returns a pointer to the live IV, while EVP_CIPHER_CTX_ctrl() with the type EVP_CTRL_GET_IV gets a copy of the live IV. To support both, we support getting it with both the OSSL_PARAM_OCTET_STRING and OSSL_PARAM_OCTET_PTR datatypes. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9328) commit 13273237a65d46186b6bea0b51aec90670d4598a Author: Richard Levitte Date: Tue Jul 9 07:32:16 2019 +0200 Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9328) commit 80942379c9fc66076b784cba6318ed6ca85ca3ea Author: Richard Levitte Date: Tue Jul 9 07:27:27 2019 +0200 Make more use of OSSL_PARAM for ciphers A lot of the different numbers associated with ciphers are really algorithm parameters. Key length, block size, IV length, that sort of thing. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9328) commit 48ebde226d4bd66556f25d0c4b3679478890974d Author: Richard Levitte Date: Mon Jul 8 20:36:29 2019 +0200 test/evp_test.c: [ciphers] Test that we get back the same IV we gave Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9328) ----------------------------------------------------------------------- Summary of changes: crypto/evp/build.info | 2 +- crypto/evp/evp_enc.c | 77 ++++++------ crypto/evp/evp_lib.c | 112 +++++++++-------- crypto/evp/evp_locl.h | 37 ++++++ crypto/evp/evp_utils.c | 78 ++++++++++++ crypto/include/internal/evp_int.h | 3 - include/openssl/core_names.h | 6 + include/openssl/core_numbers.h | 12 +- include/openssl/evp.h | 2 +- providers/common/ciphers/aes.c | 246 ++++++++++++++++++++------------------ test/evp_test.c | 8 ++ 11 files changed, 360 insertions(+), 223 deletions(-) create mode 100644 crypto/evp/evp_utils.c diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 26be4d9..fa49f2e 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -1,5 +1,5 @@ LIBS=../../libcrypto -$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c +$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c SOURCE[../../libcrypto]=$COMMON\ encode.c evp_key.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index ebe7fa8..3b83d11 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -920,6 +920,14 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { + int ok = evp_do_param(c->cipher, &keylen, sizeof(keylen), + OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, + evp_do_ciph_ctx_setparams, c->provctx); + + if (ok != -2) + return ok; + + /* TODO(3.0) legacy code follows */ if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); if (EVP_CIPHER_CTX_key_length(c) == keylen) @@ -934,40 +942,51 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) { + int ok; + if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; else ctx->flags |= EVP_CIPH_NO_PADDING; - if (ctx->cipher != NULL && ctx->cipher->prov != NULL) { - OSSL_PARAM params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), - OSSL_PARAM_END - }; - - params[0].data = &pad; - - if (ctx->cipher->ctx_set_params == NULL) { - EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - if (!ctx->cipher->ctx_set_params(ctx->provctx, params)) - return 0; - } - - return 1; + ok = evp_do_param(ctx->cipher, &pad, sizeof(pad), + OSSL_CIPHER_PARAM_PADDING, OSSL_PARAM_INTEGER, + evp_do_ciph_ctx_setparams, ctx->provctx); + return ok != 0; } int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { - int ret; + int ret = -2; /* Unsupported */ if (!ctx->cipher) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); return 0; } + if (ctx->cipher->prov == NULL) + goto legacy; + + switch (type) { + case EVP_CTRL_SET_KEY_LENGTH: + ret = evp_do_param(ctx->cipher, &arg, sizeof(arg), + OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, + evp_do_ciph_ctx_setparams, ctx->provctx); + break; + case EVP_CTRL_GET_IV: + ret = evp_do_param(ctx->cipher, ptr, arg, + OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_STRING, + evp_do_ciph_ctx_getparams, ctx->provctx); + break; + case EVP_CTRL_RAND_KEY: /* Used by DES */ + case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ + case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */ + ret = -2; /* Unsupported */ + break; + } + return ret; + + legacy: if (!ctx->cipher->ctrl) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); return 0; @@ -1123,21 +1142,6 @@ static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns, break; cipher->dupctx = OSSL_get_OP_cipher_dupctx(fns); break; - case OSSL_FUNC_CIPHER_KEY_LENGTH: - if (cipher->key_length != NULL) - break; - cipher->key_length = OSSL_get_OP_cipher_key_length(fns); - break; - case OSSL_FUNC_CIPHER_IV_LENGTH: - if (cipher->iv_length != NULL) - break; - cipher->iv_length = OSSL_get_OP_cipher_iv_length(fns); - break; - case OSSL_FUNC_CIPHER_BLOCK_SIZE: - if (cipher->blocksize != NULL) - break; - cipher->blocksize = OSSL_get_OP_cipher_block_size(fns); - break; case OSSL_FUNC_CIPHER_GET_PARAMS: if (cipher->get_params != NULL) break; @@ -1157,10 +1161,7 @@ static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns, } if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) || (fnciphcnt == 0 && cipher->ccipher == NULL) - || fnctxcnt != 2 - || cipher->blocksize == NULL - || cipher->iv_length == NULL - || cipher->key_length == NULL) { + || fnctxcnt != 2) { /* * In order to be a consistent set of functions we must have at least * a complete set of "encrypt" functions, or a complete set of "decrypt" diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 8ed39cb..9d1d197 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -217,13 +217,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { - if (cipher->prov != NULL) { - if (cipher->blocksize != NULL) - return cipher->blocksize(); - /* We default to a block size of 1 */ - return 1; - } - return cipher->block_size; + int v = cipher->block_size; + int ok = evp_do_param(cipher, &v, sizeof(v), + OSSL_CIPHER_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, + evp_do_ciph_getparams, NULL); + + return ok != 0 ? v : -1; } int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) @@ -266,7 +265,12 @@ int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) { - return cipher->flags; + unsigned long v = cipher->flags; + int ok = evp_do_param(cipher, &v, sizeof(v), + OSSL_CIPHER_PARAM_FLAGS, OSSL_PARAM_UNSIGNED_INTEGER, + evp_do_ciph_getparams, NULL); + + return ok != 0 ? v : 0; } void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) @@ -296,13 +300,12 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { - if (cipher->prov != NULL) { - if (cipher->iv_length != NULL) - return (int)cipher->iv_length(); - return 0; - } + int v = cipher->iv_len; + int ok = evp_do_param(cipher, &v, sizeof(v), + OSSL_CIPHER_PARAM_IVLEN, OSSL_PARAM_UNSIGNED_INTEGER, + evp_do_ciph_getparams, NULL); - return cipher->iv_len; + return ok != 0 ? v: -1; } int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) @@ -315,14 +318,27 @@ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) return ctx->oiv; } +/* + * OSSL_PARAM_OCTET_PTR gets us the pointer to the running IV in the provider + */ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) { - return ctx->iv; + const unsigned char *v = ctx->iv; + int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv), + OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR, + evp_do_ciph_ctx_getparams, ctx->provctx); + + return ok != 0 ? v: NULL; } unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) { - return ctx->iv; + unsigned char *v = ctx->iv; + int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv), + OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR, + evp_do_ciph_ctx_getparams, ctx->provctx); + + return ok != 0 ? v: NULL; } unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) @@ -332,34 +348,42 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) { - return ctx->num; + int v = ctx->num; + int ok = evp_do_param(ctx->cipher, &v, sizeof(v), + OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER, + evp_do_ciph_ctx_getparams, ctx->provctx); + + return ok != 0 ? v: -1; } -void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) +int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) { + int ok = evp_do_param(ctx->cipher, &num, sizeof(num), + OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER, + evp_do_ciph_ctx_setparams, ctx->provctx); + ctx->num = num; + return ok != 0; } int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { - if (cipher->prov != NULL) { - if (cipher->key_length != NULL) - return (int)cipher->key_length(); - return -1; - } + int v = cipher->key_len; + int ok = evp_do_param(cipher, &v, sizeof(v), + OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, + evp_do_ciph_getparams, NULL); - return cipher->key_len; + return ok != 0 ? v: -1; } int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) { - /* - * TODO(3.0): This may need to change if/when we introduce variable length - * key ciphers into the providers. - */ - if (ctx->cipher != NULL && ctx->cipher->prov != NULL) - return EVP_CIPHER_key_length(ctx->cipher); - return ctx->key_len; + int v = ctx->key_len; + int ok = evp_do_param(ctx->cipher, &v, sizeof(v), + OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, + evp_do_ciph_ctx_getparams, ctx->provctx); + + return ok != 0 ? v: -1; } int EVP_CIPHER_nid(const EVP_CIPHER *cipher) @@ -374,28 +398,12 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_mode(const EVP_CIPHER *cipher) { - if (cipher->prov != NULL) { - int mode; + int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; + int ok = evp_do_param(cipher, &v, sizeof(v), + OSSL_CIPHER_PARAM_MODE, OSSL_PARAM_INTEGER, + evp_do_ciph_getparams, NULL); - /* Cipher comes from a provider - so ask the provider for the mode */ - OSSL_PARAM params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL), - OSSL_PARAM_END - }; - - params[0].data = &mode; - - if (cipher->get_params == NULL) { - EVPerr(EVP_F_EVP_CIPHER_MODE, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - if (!cipher->get_params(params)) - return 0; - - return mode; - } - return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; + return ok != 0 ? v: 0; } diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index fdafe4f..54f9e08 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -95,3 +95,40 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, OSSL_PROVIDER *prov), int (*up_ref_method)(void *), void (*free_method)(void *)); + +/* Helper functions to avoid duplicating code */ + +/* + * The callbacks implement different ways to pass a params array to the + * provider. They will return one of these values: + * + * -2 if the method doesn't come from a provider + * (evp_do_param will return this to the called) + * -1 if the provider doesn't offer the desired function + * (evp_do_param will raise an error and return 0) + * or the return value from the desired function + * (evp_do_param will return it to the caller) + */ +int evp_do_ciph_getparams(const void *vciph, void *ignored, + OSSL_PARAM params[]); +int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx, + OSSL_PARAM params[]); +int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx, + OSSL_PARAM params[]); + +/*- + * prepares a singular parameter, then calls the callback to execute. + * + * |method| points to the method used by the callback. + * EVP_CIPHER, EVP_MD, ... + * |ptr| points at the data to transfer. + * |sz| is the size of the data to transfer. + * |key| is the name of the parameter to pass. + * |datatype| is the data type of the parameter to pass. + * |cb| is the callback that actually performs the parameter passing + * |cb_ctx| is the cipher context + */ +int evp_do_param(const void *method, void *ptr, size_t sz, const char *key, + int datatype, + int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]), + void *cb_ctx); diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c new file mode 100644 index 0000000..48f548c --- /dev/null +++ b/crypto/evp/evp_utils.c @@ -0,0 +1,78 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal EVP utility functions */ + +#include +#include +#include +#include /* evp_locl.h needs it */ +#include /* evp_locl.h needs it */ +#include "internal/evp_int.h" /* evp_locl.h needs it */ +#include "evp_locl.h" + +int evp_do_ciph_getparams(const void *vciph, void *ignored, + OSSL_PARAM params[]) +{ + const EVP_CIPHER *ciph = vciph; + + if (ciph->prov == NULL) + return -2; + if (ciph->get_params == NULL) + return -1; + return ciph->get_params(params); +} + +int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx, + OSSL_PARAM params[]) +{ + const EVP_CIPHER *ciph = vciph; + + if (ciph->prov == NULL) + return -2; + if (ciph->ctx_get_params == NULL) + return -1; + return ciph->ctx_get_params(provctx, params); +} + +int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx, + OSSL_PARAM params[]) +{ + const EVP_CIPHER *ciph = vciph; + + if (ciph->prov == NULL) + return -2; + if (ciph->ctx_set_params == NULL) + return -1; + return ciph->ctx_set_params(provctx, params); +} + +int evp_do_param(const void *method, void *ptr, size_t sz, const char *key, + int datatype, + int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]), + void *cb_ctx) +{ + OSSL_PARAM params[2] = { + OSSL_PARAM_END, + OSSL_PARAM_END + }; + int ret; + + params[0].key = key; + params[0].data_type = datatype; + params[0].data = ptr; + params[0].data_size = sz; + + ret = cb(method, cb_ctx, params); + if (ret == -1) { + EVPerr(0, EVP_R_CTRL_NOT_IMPLEMENTED); + ret = 0; + } + return ret; +} diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 732fad8..da4ae0f 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -257,9 +257,6 @@ struct evp_cipher_st { OSSL_OP_cipher_cipher_fn *ccipher; OSSL_OP_cipher_freectx_fn *freectx; OSSL_OP_cipher_dupctx_fn *dupctx; - OSSL_OP_cipher_key_length_fn *key_length; - OSSL_OP_cipher_iv_length_fn *iv_length; - OSSL_OP_cipher_block_size_fn *blocksize; OSSL_OP_cipher_get_params_fn *get_params; OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params; OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params; diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index a9a3b44..e4dd733 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -39,6 +39,12 @@ extern "C" { #define OSSL_CIPHER_PARAM_PADDING "padding" #define OSSL_CIPHER_PARAM_MODE "mode" +#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* OSSL_PARAM_INTEGER */ +#define OSSL_CIPHER_PARAM_FLAGS "flags" /* OSSL_PARAM_UNSIGNED_INTEGER */ +#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* OSSL_PARAM_INTEGER */ +#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* OSSL_PARAM_INTEGER */ +#define OSSL_CIPHER_PARAM_IV "iv" /* OSSL_PARAM_OCTET_PTR */ +#define OSSL_CIPHER_PARAM_NUM "num" /* OSSL_PARAM_INTEGER */ /* digest parameters */ #define OSSL_DIGEST_PARAM_XOFLEN "xoflen" diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index ff50636..0901ed3 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -139,12 +139,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params, # define OSSL_FUNC_CIPHER_CIPHER 6 # define OSSL_FUNC_CIPHER_FREECTX 7 # define OSSL_FUNC_CIPHER_DUPCTX 8 -# define OSSL_FUNC_CIPHER_KEY_LENGTH 9 -# define OSSL_FUNC_CIPHER_IV_LENGTH 10 -# define OSSL_FUNC_CIPHER_BLOCK_SIZE 11 -# define OSSL_FUNC_CIPHER_GET_PARAMS 12 -# define OSSL_FUNC_CIPHER_CTX_GET_PARAMS 13 -# define OSSL_FUNC_CIPHER_CTX_SET_PARAMS 14 +# define OSSL_FUNC_CIPHER_GET_PARAMS 9 +# define OSSL_FUNC_CIPHER_CTX_GET_PARAMS 10 +# define OSSL_FUNC_CIPHER_CTX_SET_PARAMS 11 OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *cctx, @@ -170,9 +167,6 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *cctx)) OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *cctx)) -OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void)) -OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_iv_length, (void)) -OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_block_size, (void)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, OSSL_PARAM params[])) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 2fb5fe2..e781ebe 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -490,7 +490,7 @@ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); -void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index be769e8..a151a8b 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -27,13 +27,6 @@ static OSSL_OP_cipher_final_fn aes_stream_final; static OSSL_OP_cipher_cipher_fn aes_cipher; static OSSL_OP_cipher_freectx_fn aes_freectx; static OSSL_OP_cipher_dupctx_fn aes_dupctx; -static OSSL_OP_cipher_key_length_fn key_length_256; -static OSSL_OP_cipher_key_length_fn key_length_192; -static OSSL_OP_cipher_key_length_fn key_length_128; -static OSSL_OP_cipher_iv_length_fn iv_length_16; -static OSSL_OP_cipher_iv_length_fn iv_length_0; -static OSSL_OP_cipher_block_size_fn block_size_16; -static OSSL_OP_cipher_block_size_fn block_size_1; static OSSL_OP_cipher_ctx_get_params_fn aes_ctx_get_params; static OSSL_OP_cipher_ctx_set_params_fn aes_ctx_set_params; @@ -255,69 +248,82 @@ static int aes_cipher(void *vctx, return 1; } -#define IMPLEMENT_new_params(lcmode, UCMODE) \ - static OSSL_OP_cipher_get_params_fn aes_##lcmode##_get_params; \ - static int aes_##lcmode##_get_params(OSSL_PARAM params[]) \ +#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \ + static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ + static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ OSSL_PARAM *p; \ - \ - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); \ - if (p != NULL && !OSSL_PARAM_set_int(p, EVP_CIPH_##UCMODE##_MODE)) \ - return 0; \ + \ + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); \ + if (p != NULL) { \ + if (!OSSL_PARAM_set_int(p, EVP_CIPH_##UCMODE##_MODE)) \ + return 0; \ + } \ + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); \ + if (p != NULL) { \ + if (!OSSL_PARAM_set_ulong(p, (flags))) \ + return 0; \ + } \ + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); \ + if (p != NULL) { \ + if (!OSSL_PARAM_set_int(p, (kbits) / 8)) \ + return 0; \ + } \ + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); \ + if (p != NULL) { \ + if (!OSSL_PARAM_set_int(p, (blkbits) / 8)) \ + return 0; \ + } \ + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); \ + if (p != NULL) { \ + if (!OSSL_PARAM_set_int(p, (ivbits) / 8)) \ + return 0; \ + } \ \ return 1; \ - } - -#define IMPLEMENT_new_ctx(lcmode, UCMODE, len) \ - static OSSL_OP_cipher_newctx_fn aes_##len##_##lcmode##_newctx; \ - static void *aes_##len##_##lcmode##_newctx(void *provctx) \ + } \ + static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \ + static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \ { \ PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ \ ctx->pad = 1; \ - ctx->keylen = (len / 8); \ + ctx->keylen = ((kbits) / 8); \ ctx->ciph = PROV_AES_CIPHER_##lcmode(ctx->keylen); \ ctx->mode = EVP_CIPH_##UCMODE##_MODE; \ return ctx; \ } /* ECB */ -IMPLEMENT_new_params(ecb, ECB) -IMPLEMENT_new_ctx(ecb, ECB, 256) -IMPLEMENT_new_ctx(ecb, ECB, 192) -IMPLEMENT_new_ctx(ecb, ECB, 128) +IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0) +IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0) +IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0) /* CBC */ -IMPLEMENT_new_params(cbc, CBC) -IMPLEMENT_new_ctx(cbc, CBC, 256) -IMPLEMENT_new_ctx(cbc, CBC, 192) -IMPLEMENT_new_ctx(cbc, CBC, 128) +IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128) +IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128) +IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128) /* OFB */ -IMPLEMENT_new_params(ofb, OFB) -IMPLEMENT_new_ctx(ofb, OFB, 256) -IMPLEMENT_new_ctx(ofb, OFB, 192) -IMPLEMENT_new_ctx(ofb, OFB, 128) +IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128) +IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128) +IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128) /* CFB */ -IMPLEMENT_new_params(cfb, CFB) -IMPLEMENT_new_params(cfb1, CFB) -IMPLEMENT_new_params(cfb8, CFB) -IMPLEMENT_new_ctx(cfb, CFB, 256) -IMPLEMENT_new_ctx(cfb, CFB, 192) -IMPLEMENT_new_ctx(cfb, CFB, 128) -IMPLEMENT_new_ctx(cfb1, CFB, 256) -IMPLEMENT_new_ctx(cfb1, CFB, 192) -IMPLEMENT_new_ctx(cfb1, CFB, 128) -IMPLEMENT_new_ctx(cfb8, CFB, 256) -IMPLEMENT_new_ctx(cfb8, CFB, 192) -IMPLEMENT_new_ctx(cfb8, CFB, 128) +IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128) +IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128) +IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128) +IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128) +IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128) +IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128) +IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128) +IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128) +IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128) /* CTR */ -IMPLEMENT_new_params(ctr, CTR) -IMPLEMENT_new_ctx(ctr, CTR, 256) -IMPLEMENT_new_ctx(ctr, CTR, 192) -IMPLEMENT_new_ctx(ctr, CTR, 128) +IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128) +IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128) +IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128) static void aes_freectx(void *vctx) { @@ -340,41 +346,6 @@ static void *aes_dupctx(void *ctx) return ret; } -static size_t key_length_256(void) -{ - return 256 / 8; -} - -static size_t key_length_192(void) -{ - return 192 / 8; -} - -static size_t key_length_128(void) -{ - return 128 / 8; -} - -static size_t iv_length_16(void) -{ - return 16; -} - -static size_t iv_length_0(void) -{ - return 0; -} - -static size_t block_size_16(void) -{ - return 16; -} - -static size_t block_size_1(void) -{ - return 1; -} - static int aes_ctx_get_params(void *vctx, OSSL_PARAM params[]) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; @@ -385,6 +356,26 @@ static int aes_ctx_get_params(void *vctx, OSSL_PARAM params[]) PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); + if (p != NULL + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE) + && !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_CTX_GET_PARAMS, + PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM); + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) { + PROVerr(PROV_F_AES_CTX_GET_PARAMS, + PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { + PROVerr(PROV_F_AES_CTX_GET_PARAMS, + PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } return 1; } @@ -399,17 +390,40 @@ static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[]) int pad; if (!OSSL_PARAM_get_int(p, &pad)) { - PROVerr(PROV_F_AES_CTX_SET_PARAMS, PROV_R_FAILED_TO_GET_PARAMETER); + PROVerr(PROV_F_AES_CTX_SET_PARAMS, + PROV_R_FAILED_TO_GET_PARAMETER); return 0; } ctx->pad = pad ? 1 : 0; } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM); + if (p != NULL) { + int num; + + if (!OSSL_PARAM_get_int(p, &num)) { + PROVerr(PROV_F_AES_CTX_SET_PARAMS, + PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + ctx->num = num; + } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) { + int keylen; + + if (!OSSL_PARAM_get_int(p, &keylen)) { + PROVerr(PROV_F_AES_CTX_SET_PARAMS, + PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + ctx->keylen = keylen; + } return 1; } -#define IMPLEMENT_block_funcs(mode, keylen, ivlen) \ - const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \ +#define IMPLEMENT_block_funcs(mode, kbits) \ + const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_block_update }, \ @@ -417,18 +431,15 @@ static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[]) { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ - { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \ - { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \ - { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_16 }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \ { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \ { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \ { 0, NULL } \ }; -#define IMPLEMENT_stream_funcs(mode, keylen, ivlen) \ - const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \ +#define IMPLEMENT_stream_funcs(mode, kbits) \ + const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx }, \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_stream_update }, \ @@ -436,42 +447,39 @@ static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[]) { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ - { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \ - { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \ - { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_1 }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##kbits##_##mode##_get_params }, \ { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \ { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \ { 0, NULL } \ }; /* ECB */ -IMPLEMENT_block_funcs(ecb, 256, 0) -IMPLEMENT_block_funcs(ecb, 192, 0) -IMPLEMENT_block_funcs(ecb, 128, 0) +IMPLEMENT_block_funcs(ecb, 256) +IMPLEMENT_block_funcs(ecb, 192) +IMPLEMENT_block_funcs(ecb, 128) /* CBC */ -IMPLEMENT_block_funcs(cbc, 256, 16) -IMPLEMENT_block_funcs(cbc, 192, 16) -IMPLEMENT_block_funcs(cbc, 128, 16) +IMPLEMENT_block_funcs(cbc, 256) +IMPLEMENT_block_funcs(cbc, 192) +IMPLEMENT_block_funcs(cbc, 128) /* OFB */ -IMPLEMENT_stream_funcs(ofb, 256, 16) -IMPLEMENT_stream_funcs(ofb, 192, 16) -IMPLEMENT_stream_funcs(ofb, 128, 16) +IMPLEMENT_stream_funcs(ofb, 256) +IMPLEMENT_stream_funcs(ofb, 192) +IMPLEMENT_stream_funcs(ofb, 128) /* CFB */ -IMPLEMENT_stream_funcs(cfb, 256, 16) -IMPLEMENT_stream_funcs(cfb, 192, 16) -IMPLEMENT_stream_funcs(cfb, 128, 16) -IMPLEMENT_stream_funcs(cfb1, 256, 16) -IMPLEMENT_stream_funcs(cfb1, 192, 16) -IMPLEMENT_stream_funcs(cfb1, 128, 16) -IMPLEMENT_stream_funcs(cfb8, 256, 16) -IMPLEMENT_stream_funcs(cfb8, 192, 16) -IMPLEMENT_stream_funcs(cfb8, 128, 16) +IMPLEMENT_stream_funcs(cfb, 256) +IMPLEMENT_stream_funcs(cfb, 192) +IMPLEMENT_stream_funcs(cfb, 128) +IMPLEMENT_stream_funcs(cfb1, 256) +IMPLEMENT_stream_funcs(cfb1, 192) +IMPLEMENT_stream_funcs(cfb1, 128) +IMPLEMENT_stream_funcs(cfb8, 256) +IMPLEMENT_stream_funcs(cfb8, 192) +IMPLEMENT_stream_funcs(cfb8, 128) /* CTR */ -IMPLEMENT_stream_funcs(ctr, 256, 16) -IMPLEMENT_stream_funcs(ctr, 192, 16) -IMPLEMENT_stream_funcs(ctr, 128, 16) +IMPLEMENT_stream_funcs(ctr, 256) +IMPLEMENT_stream_funcs(ctr, 192) +IMPLEMENT_stream_funcs(ctr, 128) diff --git a/test/evp_test.c b/test/evp_test.c index 0489bbe..f76929d 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -661,6 +661,14 @@ static int cipher_test_enc(EVP_TEST *t, int enc, t->err = "KEY_SET_ERROR"; goto err; } + /* Check that we get the same IV back */ + if (expected->iv != NULL + && (EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 + && !TEST_mem_eq(expected->iv, expected->iv_len, + EVP_CIPHER_CTX_iv(ctx), expected->iv_len)) { + t->err = "INVALID_IV"; + goto err; + } if (expected->aead == EVP_CIPH_CCM_MODE) { if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { From pauli at openssl.org Thu Jul 11 05:54:23 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 11 Jul 2019 05:54:23 +0000 Subject: [openssl] master update Message-ID: <1562824463.129562.9057.nullmailer@dev.openssl.org> The branch master has been updated via b60cba3c5d25dcd5cea2c97193a30b730c8a0f28 (commit) from 06c8331c51797f43881e5262b4c114aacc6d0ca0 (commit) - Log ----------------------------------------------------------------- commit b60cba3c5d25dcd5cea2c97193a30b730c8a0f28 Author: Rich Salz Date: Thu Jul 11 15:53:59 2019 +1000 Make allocation/free/clean available to providers Also make OPENSSL_hexstr2buf available to providers. EVP control functions need hexstring conversion, so move any memory-allocating functions in o_str.c into new file mem_str.c Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8886) ----------------------------------------------------------------------- Summary of changes: crypto/build.info | 5 +- crypto/{o_str.c => mem_str.c} | 122 ---------------------------- crypto/o_str.c | 122 ---------------------------- crypto/provider_core.c | 24 ++++++ include/openssl/core_numbers.h | 57 ++++++++++++- providers/fips/fipsprov.c | 176 +++++++++++++++++++++++++++++++++++------ 6 files changed, 236 insertions(+), 270 deletions(-) copy crypto/{o_str.c => mem_str.c} (53%) diff --git a/crypto/build.info b/crypto/build.info index e64a8de..fccca08 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -66,13 +66,14 @@ SOURCE[../providers/fips]=$CORE_COMMON # Central utilities $UTIL_COMMON=\ - cryptlib.c mem.c mem_sec.c params.c bsearch.c ex_data.c o_str.c \ + cryptlib.c params.c bsearch.c ex_data.c o_str.c \ ctype.c threads_pthread.c threads_win.c threads_none.c initthread.c \ context.c sparse_array.c $CPUIDASM $UTIL_DEFINE=$CPUIDDEF SOURCE[../libcrypto]=$UTIL_COMMON \ - mem_dbg.c cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ + mem.c mem_sec.c mem_str.c mem_dbg.c \ + cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \ $UPLINKSRC DEFINE[../libcrypto]=$UTIL_DEFINE $UPLINKDEF diff --git a/crypto/o_str.c b/crypto/mem_str.c similarity index 53% copy from crypto/o_str.c copy to crypto/mem_str.c index 467ceb2..da13ea4 100644 --- a/crypto/o_str.c +++ b/crypto/mem_str.c @@ -57,78 +57,6 @@ void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) return memcpy(ret, data, siz); } -size_t OPENSSL_strnlen(const char *str, size_t maxlen) -{ - const char *p; - - for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; - - return p - str; -} - -size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size) -{ - size_t l = 0; - for (; size > 1 && *src; size--) { - *dst++ = *src++; - l++; - } - if (size) - *dst = '\0'; - return l + strlen(src); -} - -size_t OPENSSL_strlcat(char *dst, const char *src, size_t size) -{ - size_t l = 0; - for (; size > 0 && *dst; size--, dst++) - l++; - return l + OPENSSL_strlcpy(dst, src, size); -} - -int OPENSSL_hexchar2int(unsigned char c) -{ -#ifdef CHARSET_EBCDIC - c = os_toebcdic[c]; -#endif - - switch (c) { - case '0': - return 0; - case '1': - return 1; - case '2': - return 2; - case '3': - return 3; - case '4': - return 4; - case '5': - return 5; - case '6': - return 6; - case '7': - return 7; - case '8': - return 8; - case '9': - return 9; - case 'a': case 'A': - return 0x0A; - case 'b': case 'B': - return 0x0B; - case 'c': case 'C': - return 0x0C; - case 'd': case 'D': - return 0x0D; - case 'e': case 'E': - return 0x0E; - case 'f': case 'F': - return 0x0F; - } - return -1; -} - /* * Give a string of hex digits convert to a buffer */ @@ -184,9 +112,7 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) int i; if (len == 0) - { return OPENSSL_zalloc(1); - } if ((tmp = OPENSSL_malloc(len * 3)) == NULL) { CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); @@ -205,51 +131,3 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) return tmp; } - -int openssl_strerror_r(int errnum, char *buf, size_t buflen) -{ -#if defined(_MSC_VER) && _MSC_VER>=1400 - return !strerror_s(buf, buflen, errnum); -#elif defined(_GNU_SOURCE) - char *err; - - /* - * GNU strerror_r may not actually set buf. - * It can return a pointer to some (immutable) static string in which case - * buf is left unused. - */ - err = strerror_r(errnum, buf, buflen); - if (err == NULL || buflen == 0) - return 0; - /* - * If err is statically allocated, err != buf and we need to copy the data. - * If err points somewhere inside buf, OPENSSL_strlcpy can handle this, - * since src and dest are not annotated with __restrict and the function - * reads src byte for byte and writes to dest. - * If err == buf we do not have to copy anything. - */ - if (err != buf) - OPENSSL_strlcpy(buf, err, buflen); - return 1; -#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \ - (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) - /* - * We can use "real" strerror_r. The OpenSSL version differs in that it - * gives 1 on success and 0 on failure for consistency with other OpenSSL - * functions. Real strerror_r does it the other way around - */ - return !strerror_r(errnum, buf, buflen); -#else - char *err; - - /* Fall back to non-thread safe strerror()...its all we can do */ - if (buflen < 2) - return 0; - err = strerror(errnum); - /* Can this ever happen? */ - if (err == NULL) - return 0; - OPENSSL_strlcpy(buf, err, buflen); - return 1; -#endif -} diff --git a/crypto/o_str.c b/crypto/o_str.c index 467ceb2..35bb654 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -12,51 +12,6 @@ #include #include "internal/cryptlib.h" -char *CRYPTO_strdup(const char *str, const char* file, int line) -{ - char *ret; - - if (str == NULL) - return NULL; - ret = CRYPTO_malloc(strlen(str) + 1, file, line); - if (ret != NULL) - strcpy(ret, str); - return ret; -} - -char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) -{ - size_t maxlen; - char *ret; - - if (str == NULL) - return NULL; - - maxlen = OPENSSL_strnlen(str, s); - - ret = CRYPTO_malloc(maxlen + 1, file, line); - if (ret) { - memcpy(ret, str, maxlen); - ret[maxlen] = '\0'; - } - return ret; -} - -void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) -{ - void *ret; - - if (data == NULL || siz >= INT_MAX) - return NULL; - - ret = CRYPTO_malloc(siz, file, line); - if (ret == NULL) { - CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE); - return NULL; - } - return memcpy(ret, data, siz); -} - size_t OPENSSL_strnlen(const char *str, size_t maxlen) { const char *p; @@ -129,83 +84,6 @@ int OPENSSL_hexchar2int(unsigned char c) return -1; } -/* - * Give a string of hex digits convert to a buffer - */ -unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) -{ - unsigned char *hexbuf, *q; - unsigned char ch, cl; - int chi, cli; - const unsigned char *p; - size_t s; - - s = strlen(str); - if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (p = (const unsigned char *)str, q = hexbuf; *p; ) { - ch = *p++; - if (ch == ':') - continue; - cl = *p++; - if (!cl) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, - CRYPTO_R_ODD_NUMBER_OF_DIGITS); - OPENSSL_free(hexbuf); - return NULL; - } - cli = OPENSSL_hexchar2int(cl); - chi = OPENSSL_hexchar2int(ch); - if (cli < 0 || chi < 0) { - OPENSSL_free(hexbuf); - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT); - return NULL; - } - *q++ = (unsigned char)((chi << 4) | cli); - } - - if (len) - *len = q - hexbuf; - return hexbuf; -} - -/* - * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its - * hex representation @@@ (Contents of buffer are always kept in ASCII, also - * on EBCDIC machines) - */ -char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) -{ - static const char hexdig[] = "0123456789ABCDEF"; - char *tmp, *q; - const unsigned char *p; - int i; - - if (len == 0) - { - return OPENSSL_zalloc(1); - } - - if ((tmp = OPENSSL_malloc(len * 3)) == NULL) { - CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); - return NULL; - } - q = tmp; - for (i = 0, p = buffer; i < len; i++, p++) { - *q++ = hexdig[(*p >> 4) & 0xf]; - *q++ = hexdig[*p & 0xf]; - *q++ = ':'; - } - q[-1] = 0; -#ifdef CHARSET_EBCDIC - ebcdic2ascii(tmp, tmp, q - tmp - 1); -#endif - - return tmp; -} - int openssl_strerror_r(int errnum, char *buf, size_t buflen) { #if defined(_MSC_VER) && _MSC_VER>=1400 diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 5860448..c16e91d 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -796,6 +796,10 @@ static void core_add_error_vdata(const OSSL_PROVIDER *prov, } #endif +/* + * Functions provided by the core. Blank line separates "families" of related + * functions. + */ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_GET_PARAM_TYPES, (void (*)(void))core_get_param_types }, { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params }, @@ -805,6 +809,26 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_PUT_ERROR, (void (*)(void))core_put_error }, { OSSL_FUNC_CORE_ADD_ERROR_VDATA, (void (*)(void))core_add_error_vdata }, #endif + + { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc }, + { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc }, + { OSSL_FUNC_CRYPTO_MEMDUP, (void (*)(void))CRYPTO_memdup }, + { OSSL_FUNC_CRYPTO_STRDUP, (void (*)(void))CRYPTO_strdup }, + { OSSL_FUNC_CRYPTO_STRNDUP, (void (*)(void))CRYPTO_strndup }, + { OSSL_FUNC_CRYPTO_FREE, (void (*)(void))CRYPTO_free }, + { OSSL_FUNC_CRYPTO_CLEAR_FREE, (void (*)(void))CRYPTO_clear_free }, + { OSSL_FUNC_CRYPTO_REALLOC, (void (*)(void))CRYPTO_realloc }, + { OSSL_FUNC_CRYPTO_CLEAR_REALLOC, (void (*)(void))CRYPTO_clear_realloc }, + { OSSL_FUNC_CRYPTO_SECURE_MALLOC, (void (*)(void))CRYPTO_secure_malloc }, + { OSSL_FUNC_CRYPTO_SECURE_ZALLOC, (void (*)(void))CRYPTO_secure_zalloc }, + { OSSL_FUNC_CRYPTO_SECURE_FREE, (void (*)(void))CRYPTO_secure_free }, + { OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE, + (void (*)(void))CRYPTO_secure_clear_free }, + { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED, + (void (*)(void))CRYPTO_secure_allocated }, + { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse }, + { OSSL_FUNC_OPENSSL_HEXSTR2BUF, (void (*)(void))OPENSSL_hexstr2buf }, + { 0, NULL } }; static const OSSL_DISPATCH *core_dispatch = core_dispatch_; diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 0901ed3..0542732 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -35,7 +35,12 @@ extern "C" { * - a function pointer extractor function with the name OSSL_'foo' */ -/* Helper macro to create the function signature typedef and the extractor */ +/* + * Helper macro to create the function signature typedef and the extractor + * |type| is the return-type of the function, |name| is the name of the + * function to fetch, and |args| is a parenthesized list of parameters + * for the function (that is, it is |name|'s function signature). + */ #define OSSL_CORE_MAKE_FUNC(type,name,args) \ typedef type (OSSL_##name##_fn)args; \ static ossl_inline \ @@ -73,6 +78,56 @@ OSSL_CORE_MAKE_FUNC(OPENSSL_CTX *,core_get_library_context, (const OSSL_PROVIDER *prov)) +/* Memory allocation, freeing, clearing. */ +#define OSSL_FUNC_CRYPTO_MALLOC 10 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_ZALLOC 11 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_MEMDUP 12 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_memdup, (const void *str, size_t siz, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_STRDUP 13 +OSSL_CORE_MAKE_FUNC(char *, + CRYPTO_strdup, (const char *str, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_STRNDUP 14 +OSSL_CORE_MAKE_FUNC(char *, + CRYPTO_strndup, (const char *str, size_t s, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_FREE 15 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_FREE 16 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_REALLOC 17 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 18 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 19 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 20 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_FREE 21 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 22 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 23 +OSSL_CORE_MAKE_FUNC(int, + CRYPTO_secure_allocated, (const void *ptr)) +#define OSSL_FUNC_OPENSSL_CLEANSE 24 +OSSL_CORE_MAKE_FUNC(void, + OPENSSL_cleanse, (void *ptr, size_t len)) +# define OSSL_FUNC_OPENSSL_HEXSTR2BUF 25 +OSSL_CORE_MAKE_FUNC(unsigned char *, + OPENSSL_hexstr2buf, (const char *str, long *len)) + /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 0f0a962..8978d1b 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -27,19 +27,35 @@ #include "internal/provider_ctx.h" #include "internal/providercommon.h" +extern OSSL_core_thread_start_fn *c_thread_start; + /* * TODO(3.0): Should these be stored in the provider side provctx? Could they * ever be different from one init to the next? Unfortunately we can't do this - * at the moment because c_put_error/c_add_error_vdata do not provide us with - * the OPENSSL_CTX as a parameter. + * at the moment because c_put_error/c_add_error_vdata do not provide + * us with the OPENSSL_CTX as a parameter. */ /* Functions provided by the core */ -static OSSL_core_get_param_types_fn *c_get_param_types = NULL; -static OSSL_core_get_params_fn *c_get_params = NULL; -extern OSSL_core_thread_start_fn *c_thread_start; -OSSL_core_thread_start_fn *c_thread_start = NULL; -static OSSL_core_put_error_fn *c_put_error = NULL; -static OSSL_core_add_error_vdata_fn *c_add_error_vdata = NULL; +static OSSL_core_get_param_types_fn *c_get_param_types; +static OSSL_core_get_params_fn *c_get_params; +OSSL_core_thread_start_fn *c_thread_start; +static OSSL_core_put_error_fn *c_put_error; +static OSSL_core_add_error_vdata_fn *c_add_error_vdata; +static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; +static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; +static OSSL_CRYPTO_memdup_fn *c_CRYPTO_memdup; +static OSSL_CRYPTO_strdup_fn *c_CRYPTO_strdup; +static OSSL_CRYPTO_strndup_fn *c_CRYPTO_strndup; +static OSSL_CRYPTO_free_fn *c_CRYPTO_free; +static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; +static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc; +static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; +static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; +static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; +static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; +static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; +static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; +static OSSL_OPENSSL_hexstr2buf_fn *c_OPENSSL_hexstr2buf; typedef struct fips_global_st { const OSSL_PROVIDER *prov; @@ -299,24 +315,66 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CORE_ADD_ERROR_VDATA: c_add_error_vdata = OSSL_get_core_add_error_vdata(in); break; - /* Just ignore anything we don't understand */ + case OSSL_FUNC_CRYPTO_MALLOC: + c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); + break; + case OSSL_FUNC_CRYPTO_ZALLOC: + c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in); + break; + case OSSL_FUNC_CRYPTO_MEMDUP: + c_CRYPTO_memdup = OSSL_get_CRYPTO_memdup(in); + break; + case OSSL_FUNC_CRYPTO_STRDUP: + c_CRYPTO_strdup = OSSL_get_CRYPTO_strdup(in); + break; + case OSSL_FUNC_CRYPTO_STRNDUP: + c_CRYPTO_strndup = OSSL_get_CRYPTO_strndup(in); + break; + case OSSL_FUNC_CRYPTO_FREE: + c_CRYPTO_free = OSSL_get_CRYPTO_free(in); + break; + case OSSL_FUNC_CRYPTO_CLEAR_FREE: + c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in); + break; + case OSSL_FUNC_CRYPTO_REALLOC: + c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in); + break; + case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: + c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in); + break; + case OSSL_FUNC_CRYPTO_SECURE_MALLOC: + c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in); + break; + case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: + c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in); + break; + case OSSL_FUNC_CRYPTO_SECURE_FREE: + c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in); + break; + case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: + c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in); + break; + case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: + c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); + break; + case OSSL_FUNC_OPENSSL_HEXSTR2BUF: + c_OPENSSL_hexstr2buf = OSSL_get_OPENSSL_hexstr2buf(in); + break; default: + /* Just ignore anything we don't understand */ break; } } - ctx = OPENSSL_CTX_new(); - if (ctx == NULL) + /* Create a context. */ + if ((ctx = OPENSSL_CTX_new()) == NULL) return 0; - - fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); - - if (fgbl == NULL) - goto err; - + if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method)) == NULL) { + OPENSSL_CTX_free(ctx); + return 0; + } fgbl->prov = provider; - *out = fips_dispatch_table; *provctx = ctx; @@ -331,10 +389,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } return 1; - - err: - OPENSSL_CTX_free(ctx); - return 0; } /* @@ -413,3 +467,79 @@ const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) return fgbl->prov; } + +void *CRYPTO_malloc(size_t num, const char *file, int line) +{ + return c_CRYPTO_malloc(num, file, line); +} + +void *CRYPTO_zalloc(size_t num, const char *file, int line) +{ + return c_CRYPTO_zalloc(num, file, line); +} + +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line) +{ + return c_CRYPTO_memdup(str, siz, file, line); +} + +char *CRYPTO_strdup(const char *str, const char *file, int line) +{ + return c_CRYPTO_strdup(str, file, line); +} + +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line) +{ + return c_CRYPTO_strndup(str, s, file, line); +} + +void CRYPTO_free(void *ptr, const char *file, int line) +{ + c_CRYPTO_free(ptr, file, line); +} + +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) +{ + c_CRYPTO_clear_free(ptr, num, file, line); +} + +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) +{ + return c_CRYPTO_realloc(addr, num, file, line); +} + +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line) +{ + return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); +} + +void *CRYPTO_secure_malloc(size_t num, const char *file, int line) +{ + return c_CRYPTO_secure_malloc(num, file, line); +} + +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) +{ + return c_CRYPTO_secure_zalloc(num, file, line); +} + +void CRYPTO_secure_free(void *ptr, const char *file, int line) +{ + c_CRYPTO_secure_free(ptr, file, line); +} + +void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) +{ + c_CRYPTO_secure_clear_free(ptr, num, file, line); +} + +unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) +{ + return c_OPENSSL_hexstr2buf(str, len); +} + +int CRYPTO_secure_allocated(const void *ptr) +{ + return c_CRYPTO_secure_allocated(ptr); +} From builds at travis-ci.org Thu Jul 11 05:47:25 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 11 Jul 2019 05:47:25 +0000 Subject: Still Failing: openssl/openssl#26388 (master - 06c8331) In-Reply-To: Message-ID: <5d26cd6ce00f5_43fd97ca6e268145183@1f9b3056-4c4a-4d1b-920d-d2a8721759b9.mail> Build Update for openssl/openssl ------------------------------------- Build: #26388 Status: Still Failing Duration: 19 mins and 34 secs Commit: 06c8331 (master) Author: Richard Levitte Message: Adapt the provider AES for more use of OSSL_PARAM The cipher context IV was a bit interesting. EVP_CIPHER_CTX_iv() returns a pointer to the live IV, while EVP_CIPHER_CTX_ctrl() with the type EVP_CTRL_GET_IV gets a copy of the live IV. To support both, we support getting it with both the OSSL_PARAM_OCTET_STRING and OSSL_PARAM_OCTET_PTR datatypes. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9328) View the changeset: https://github.com/openssl/openssl/compare/7a228c391e0a...06c8331c5179 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/557146394?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Jul 11 06:17:46 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 11 Jul 2019 06:17:46 +0000 Subject: Still Failing: openssl/openssl#26391 (master - b60cba3) In-Reply-To: Message-ID: <5d26d48a4873b_43f9e4bc201cc523dd@4a26dbe6-44fe-4861-8eda-d608e0042a82.mail> Build Update for openssl/openssl ------------------------------------- Build: #26391 Status: Still Failing Duration: 22 mins and 52 secs Commit: b60cba3 (master) Author: Rich Salz Message: Make allocation/free/clean available to providers Also make OPENSSL_hexstr2buf available to providers. EVP control functions need hexstring conversion, so move any memory-allocating functions in o_str.c into new file mem_str.c Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8886) View the changeset: https://github.com/openssl/openssl/compare/06c8331c5179...b60cba3c5d25 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/557152910?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 12 02:23:17 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jul 2019 02:23:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1562898197.210666.9031.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: b60cba3c5d Make allocation/free/clean available to providers 06c8331c51 Adapt the provider AES for more use of OSSL_PARAM 13273237a6 Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces 80942379c9 Make more use of OSSL_PARAM for ciphers 48ebde226d test/evp_test.c: [ciphers] Test that we get back the same IV we gave Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 247 wallclock secs ( 3.06 usr 0.36 sys + 236.05 cusr 21.55 csys = 261.02 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 12 02:35:59 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jul 2019 02:35:59 +0000 Subject: Build failed: openssl master.25832 Message-ID: <20190712023559.1.F3A0B7EC0FE49259@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 12 06:15:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jul 2019 06:15:48 +0000 Subject: Build completed: openssl master.25833 Message-ID: <20190712061548.1.2E1EBA212A3C7EF2@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 12 06:16:39 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jul 2019 06:16:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1562912199.955653.28298.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: b60cba3c5d Make allocation/free/clean available to providers 06c8331c51 Adapt the provider AES for more use of OSSL_PARAM 13273237a6 Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces 80942379c9 Make more use of OSSL_PARAM for ciphers 48ebde226d test/evp_test.c: [ciphers] Test that we get back the same IV we gave Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:294: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:305: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:311: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:314: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:317: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:402: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:422: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:435: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:468: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:469: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_memdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strndup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OPENSSL_hexstr2buf': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:162: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:165: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:168: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:259: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7105: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Fri Jul 12 13:09:20 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jul 2019 13:09:20 +0000 Subject: Build failed: openssl master.25843 Message-ID: <20190712130920.1.581FC832B8E10D6E@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 12 13:19:00 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jul 2019 13:19:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1562937540.382440.25089.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: b60cba3c5d Make allocation/free/clean available to providers 06c8331c51 Adapt the provider AES for more use of OSSL_PARAM 13273237a6 Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces 80942379c9 Make more use of OSSL_PARAM for ciphers 48ebde226d test/evp_test.c: [ciphers] Test that we get back the same IV we gave Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 217 wallclock secs ( 1.44 usr 0.34 sys + 214.68 cusr 16.05 csys = 232.51 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jul 12 13:38:07 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jul 2019 13:38:07 +0000 Subject: Build completed: openssl master.25844 Message-ID: <20190712133807.1.ECD348B8CBE846F6@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 12 14:05:27 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jul 2019 14:05:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1562940327.940649.17525.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: b60cba3c5d Make allocation/free/clean available to providers 06c8331c51 Adapt the provider AES for more use of OSSL_PARAM 13273237a6 Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces 80942379c9 Make more use of OSSL_PARAM for ciphers 48ebde226d test/evp_test.c: [ciphers] Test that we get back the same IV we gave Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 218 wallclock secs ( 1.71 usr 0.30 sys + 211.89 cusr 17.99 csys = 231.89 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Sat Jul 13 12:10:02 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 13 Jul 2019 12:10:02 +0000 Subject: Build failed: openssl master.25858 Message-ID: <20190713121002.1.5B6753E001B59930@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 14 07:07:19 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 14 Jul 2019 07:07:19 +0000 Subject: Build completed: openssl master.25859 Message-ID: <20190714070719.1.25BB72E50F512E05@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jul 14 07:38:24 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 14 Jul 2019 07:38:24 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5d2adbefd295d_338b2ad3791d4f58858e@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1PuZ-2FRoE1YAX7W0Qy7dKNlfcKbxJdwPi5OqxLFQMEGG0YBsRpiZOIev-2FJU7REIJ9sDK9b3CCZz5c1fq6-2FEcaDGUXtLlQmu1s3vqPOepMA2y2Ql1dAfgfO-2FRrprHej-2FbEsPMMrGqtFsub4cHVR38iMloQMsPyANKE19Gwpq0XYKsFc756YvTel9cxjeqsybhGY-3D Build ID: 264500 Analysis Summary: New defects found: 124 Defects eliminated: 25 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6zzUI-2FRfbrE6mNOeeukHUQw-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1PuZ-2FRoE1YAX7W0Qy7dKNlfcKbxJdwPi5OqxLFQMEGG3xjp40JIOVjcBBBcNf9xZ4GS5ZjMhWGcpQYNUSdDtshJB37Zi9BRRQteA90tRt2VahVTNGOuDdF86VE2zVOFjQKiyhA6tSSRE75hgkOMbv16l3727hvIcz2K0vNA40Vts49LtpnjLHASdBhDvuRpFo-3D From scan-admin at coverity.com Sun Jul 14 07:46:10 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 14 Jul 2019 07:46:10 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5d2addc1efeb0_373b2ad3791d4f58857@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0GdjLvop82r-2FxXArwB5BaehfgEJe1vo9pEE4Qn8S9S2U6UcRihO9nmU10q28hYPB8L-2FY6MPaZuigxY15jH4uBmE5EQbeVMwwaCzVGkNjxj2GyoJTpe6vTp6n-2BMzGwy0QY4M2I5KtCNYJ5jV-2FZI03NHeTFdjAQd2aTRu1CN4J3OfTAnyNcOJof864DdBiAvyow-3D Build ID: 264501 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun Jul 14 12:35:15 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 14 Jul 2019 12:35:15 +0000 Subject: Build failed: openssl master.25863 Message-ID: <20190714123515.1.28B3023A2F9B920C@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 14 12:45:57 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 14 Jul 2019 12:45:57 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.25864 Message-ID: <20190714124557.1.8B291038BDFBD47C@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 14 13:12:43 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 14 Jul 2019 13:12:43 +0000 Subject: Build failed: openssl master.25865 Message-ID: <20190714131243.1.94CD6E7D62DFF9CE@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 14 13:39:25 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 14 Jul 2019 13:39:25 +0000 Subject: Build completed: openssl master.25866 Message-ID: <20190714133925.1.D2F3133EA7CAA552@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Sun Jul 14 23:46:08 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 14 Jul 2019 23:46:08 +0000 Subject: [openssl] master update Message-ID: <1563147968.936847.17329.nullmailer@dev.openssl.org> The branch master has been updated via 5fe6e2311df9bbbe347cdc7b3c22ce06e20a0ef9 (commit) from b60cba3c5d25dcd5cea2c97193a30b730c8a0f28 (commit) - Log ----------------------------------------------------------------- commit 5fe6e2311df9bbbe347cdc7b3c22ce06e20a0ef9 Author: agnosticdev Date: Fri Jul 12 05:11:56 2019 -0500 issue-9316: Update return documentation for RAND_set_rand_engine Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9351) ----------------------------------------------------------------------- Summary of changes: doc/man3/RAND_set_rand_method.pod | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod index e1320f6..26188d2 100644 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -10,7 +10,7 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method RAND_METHOD *RAND_OpenSSL(void); - void RAND_set_rand_method(const RAND_METHOD *meth); + int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); @@ -48,8 +48,9 @@ Each pointer may be NULL if the function is not implemented. =head1 RETURN VALUES -RAND_set_rand_method() returns no value. RAND_get_rand_method() and -RAND_OpenSSL() return pointers to the respective methods. +RAND_set_rand_method() returns 1 on success and 0 on failue. +RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective +methods. =head1 SEE ALSO From pauli at openssl.org Sun Jul 14 23:46:44 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 14 Jul 2019 23:46:44 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563148004.558497.28710.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ab2d477c0aa2d949bdc690f38f09bfde98f93a9c (commit) from a48cd0c5b9fef42321fc16ea6a40c30c0e1712d4 (commit) - Log ----------------------------------------------------------------- commit ab2d477c0aa2d949bdc690f38f09bfde98f93a9c Author: agnosticdev Date: Fri Jul 12 05:11:56 2019 -0500 issue-9316: Update return documentation for RAND_set_rand_engine Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9351) (cherry picked from commit 5fe6e2311df9bbbe347cdc7b3c22ce06e20a0ef9) ----------------------------------------------------------------------- Summary of changes: doc/man3/RAND_set_rand_method.pod | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod index d4b65b9..ab06c57 100644 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -10,7 +10,7 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method RAND_METHOD *RAND_OpenSSL(void); - void RAND_set_rand_method(const RAND_METHOD *meth); + int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); @@ -48,8 +48,9 @@ Each pointer may be NULL if the function is not implemented. =head1 RETURN VALUES -RAND_set_rand_method() returns no value. RAND_get_rand_method() and -RAND_OpenSSL() return pointers to the respective methods. +RAND_set_rand_method() returns 1 on success and 0 on failue. +RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective +methods. =head1 SEE ALSO From builds at travis-ci.org Mon Jul 15 00:04:50 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 00:04:50 +0000 Subject: Still Failing: openssl/openssl#26453 (master - 5fe6e23) In-Reply-To: Message-ID: <5d2bc322a5b15_43fd3e683e5102144e6@d00bc9cd-8cfa-4a52-a883-20b4db0ce50e.mail> Build Update for openssl/openssl ------------------------------------- Build: #26453 Status: Still Failing Duration: 18 mins and 5 secs Commit: 5fe6e23 (master) Author: agnosticdev Message: issue-9316: Update return documentation for RAND_set_rand_engine Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9351) View the changeset: https://github.com/openssl/openssl/compare/b60cba3c5d25...5fe6e2311df9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558692927?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 15 00:16:23 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 00:16:23 +0000 Subject: Passed: openssl/openssl#26454 (OpenSSL_1_1_1-stable - ab2d477) In-Reply-To: Message-ID: <5d2bc5d756c3c_43fa87b72ff481429df@b7f69a14-1118-4ee1-8604-5ee3df2c117e.mail> Build Update for openssl/openssl ------------------------------------- Build: #26454 Status: Passed Duration: 23 mins and 38 secs Commit: ab2d477 (OpenSSL_1_1_1-stable) Author: agnosticdev Message: issue-9316: Update return documentation for RAND_set_rand_engine Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9351) (cherry picked from commit 5fe6e2311df9bbbe347cdc7b3c22ce06e20a0ef9) View the changeset: https://github.com/openssl/openssl/compare/a48cd0c5b9fe...ab2d477c0aa2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558693154?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Mon Jul 15 01:33:59 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 15 Jul 2019 01:33:59 +0000 Subject: [openssl] master update Message-ID: <1563154439.579362.24768.nullmailer@dev.openssl.org> The branch master has been updated via a161738a708b5e284a4714edc0c976606ea7cb26 (commit) from 5fe6e2311df9bbbe347cdc7b3c22ce06e20a0ef9 (commit) - Log ----------------------------------------------------------------- commit a161738a708b5e284a4714edc0c976606ea7cb26 Author: Krists Krilovs Date: Mon Jul 8 13:43:09 2019 -0700 Fix wrong lock claimed in x509 dir lookup. x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9326) ----------------------------------------------------------------------- Summary of changes: crypto/x509/by_dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 36c6b08..e53b9b4 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -327,10 +327,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, /* * we have added it to the cache so now pull it out again */ - CRYPTO_THREAD_write_lock(ctx->lock); + X509_STORE_lock(xl->store_ctx); j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_unlock(xl->store_ctx); /* If a CRL, update the last file suffix added for this */ From shane.lontis at oracle.com Mon Jul 15 01:52:04 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 15 Jul 2019 01:52:04 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563155524.775365.29645.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via b4f55c6f6c4d8d2a85ca697d92dfb682f3ebc987 (commit) from ab2d477c0aa2d949bdc690f38f09bfde98f93a9c (commit) - Log ----------------------------------------------------------------- commit b4f55c6f6c4d8d2a85ca697d92dfb682f3ebc987 Author: Krists Krilovs Date: Mon Jul 8 13:43:09 2019 -0700 Fix wrong lock claimed in x509 dir lookup. x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9326) (cherry picked from commit a161738a708b5e284a4714edc0c976606ea7cb26) ----------------------------------------------------------------------- Summary of changes: crypto/x509/by_dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index b3760db..a601433 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -327,10 +327,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, /* * we have added it to the cache so now pull it out again */ - CRYPTO_THREAD_write_lock(ctx->lock); + X509_STORE_lock(xl->store_ctx); j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_unlock(xl->store_ctx); /* If a CRL, update the last file suffix added for this */ From shane.lontis at oracle.com Mon Jul 15 02:08:51 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Mon, 15 Jul 2019 02:08:51 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1563156531.213825.2357.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 69ae4153af5a6e62369611b694748c846a461d02 (commit) from 04151456b9d896a7825a5ac77c0310c97fa5f650 (commit) - Log ----------------------------------------------------------------- commit 69ae4153af5a6e62369611b694748c846a461d02 Author: Krists Krilovs Date: Mon Jul 8 13:43:09 2019 -0700 Fix wrong lock claimed in x509 dir lookup. x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9326) ----------------------------------------------------------------------- Summary of changes: crypto/x509/by_dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 4fa1dd3..c3ab362 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -322,13 +322,13 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, /* * we have added it to the cache so now pull it out again */ - CRYPTO_THREAD_write_lock(ctx->lock); + X509_STORE_lock(xl->store_ctx); j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); if (j != -1) tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); else tmp = NULL; - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_unlock(xl->store_ctx); /* If a CRL, update the last file suffix added for this */ From builds at travis-ci.org Mon Jul 15 01:57:48 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 01:57:48 +0000 Subject: Still Failing: openssl/openssl#26457 (master - a161738) In-Reply-To: Message-ID: <5d2bdd9c2fa25_43f7f1e145ce4375be@52687811-52fa-493e-a724-715f06e535c2.mail> Build Update for openssl/openssl ------------------------------------- Build: #26457 Status: Still Failing Duration: 23 mins and 4 secs Commit: a161738 (master) Author: Krists Krilovs Message: Fix wrong lock claimed in x509 dir lookup. x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9326) View the changeset: https://github.com/openssl/openssl/compare/5fe6e2311df9...a161738a708b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558710965?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Jul 15 05:01:35 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 15 Jul 2019 05:01:35 +0000 Subject: [openssl] master update Message-ID: <1563166895.091226.6949.nullmailer@dev.openssl.org> The branch master has been updated via b6c97eee78c9ab646137772497b65e99124970db (commit) via 9af71317f9e5708dada7c1a660d862741945c436 (commit) via 23e34aa213a2e8003092436ab6f5dae68283e698 (commit) via 148609c62734f2068303ffa90f4ff8004478337e (commit) via 7da6cc6ccb1035fdc14ab1fc54321ad30bca1e58 (commit) via f4ae5ba4b7d07fc9df4acbb7741aea75a1c584b0 (commit) via ed45c999114e412edbd0018c435ae91e06625358 (commit) via c1798afbe37f9a98278050c3437b715c16ce0e2b (commit) via e3cbccc5bbe18930c1d98b64abb505aad221c18d (commit) via 753149d97f8474ff8745a66175b8e4a19fe50743 (commit) via 4b62b8ed4989bb6767a38ae813495ba62215c25b (commit) from a161738a708b5e284a4714edc0c976606ea7cb26 (commit) - Log ----------------------------------------------------------------- commit b6c97eee78c9ab646137772497b65e99124970db Author: Richard Levitte Date: Sat Jul 13 07:04:01 2019 +0200 Re-implement the cipher and digest listings for 'openssl list' They now display both legacy and provided algorithms. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit 9af71317f9e5708dada7c1a660d862741945c436 Author: Richard Levitte Date: Sat Jul 13 07:02:54 2019 +0200 Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit 23e34aa213a2e8003092436ab6f5dae68283e698 Author: Richard Levitte Date: Sat Jul 13 06:53:44 2019 +0200 Add internal function evp_generic_do_all() This function is used to traverse all algorithm implementations for a given operation type, and execute the given function for each of them. For each algorithm implementation, a method is created and passed to the given function, and then freed after that function's return. If the caller wishes to keep the method for longer, they must call the appropriate up_ref function on the method, and they must also make sure to free the passed methods at some point. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit 148609c62734f2068303ffa90f4ff8004478337e Author: Richard Levitte Date: Wed Jul 10 23:14:03 2019 +0200 Refactor ossl_method_construct() in terms of ossl_algorithm_do_all() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit 7da6cc6ccb1035fdc14ab1fc54321ad30bca1e58 Author: Richard Levitte Date: Wed Jul 10 23:11:27 2019 +0200 Add internal function ossl_algorithm_do_all() This function is used to traverse all the implementations provided by one provider, or all implementation for a specific operation across all loaded providers, or both, and execute a given function for each occurence. This will be used by ossl_method_construct(), but also by information processing functions. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit f4ae5ba4b7d07fc9df4acbb7741aea75a1c584b0 Author: Richard Levitte Date: Wed Jul 10 23:00:22 2019 +0200 Add OSSL_PROVIDER_name() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit ed45c999114e412edbd0018c435ae91e06625358 Author: Richard Levitte Date: Wed Jul 10 22:59:07 2019 +0200 Add EVP_MD_provider() and EVP_CIPHER_provider() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit c1798afbe37f9a98278050c3437b715c16ce0e2b Author: Richard Levitte Date: Wed Jul 10 22:24:00 2019 +0200 Re-implement EVP_MD_name() and EVP_CIPHER_name() as functions They will do the same as usual for non-provider algorithms implementations, but can handle provider implementations as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit e3cbccc5bbe18930c1d98b64abb505aad221c18d Author: Richard Levitte Date: Wed Jul 10 22:22:16 2019 +0200 Add a mechnism to save the name of fetched methods This will be useful for information display, as well as for code that want to check the name of an algorithm. This can eventually replace all NID checks. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit 753149d97f8474ff8745a66175b8e4a19fe50743 Author: Richard Levitte Date: Wed Jul 10 20:25:03 2019 +0200 Move the code for 'openssl list' to its own translation unit. That makes it easier to work with than going through apps/openssl.c This also moves the implementation of calculate_columns() and makes it generally accessible. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) commit 4b62b8ed4989bb6767a38ae813495ba62215c25b Author: Richard Levitte Date: Wed Jul 10 20:19:36 2019 +0200 Refactor apps/progs.* to be generate with 'make update' This makes for a cleaner apps/progs.h as well as as cleaner apps/build.info. We also break out the type declarations to apps/include/function.h apps/progs.c and apps/progs.h are NOT regenerated when 'apps' is disabled. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 - Configurations/unix-Makefile.tmpl | 6 + apps/build.info | 11 +- apps/columns.c | 27 ++ apps/include/function.h | 40 ++ apps/list.c | 578 ++++++++++++++++++++++++++++ apps/openssl.c | 513 +----------------------- apps/progs.c | 398 +++++++++++++++++++ apps/progs.h | 119 ++++++ apps/progs.pl | 250 ++++++------ crypto/build.info | 3 +- crypto/core_algorithm.c | 76 ++++ crypto/core_fetch.c | 78 ++-- crypto/evp/cmeth_lib.c | 1 + crypto/evp/digest.c | 13 +- crypto/evp/evp_enc.c | 14 +- crypto/evp/evp_fetch.c | 47 ++- crypto/evp/evp_lib.c | 33 ++ crypto/evp/evp_locl.h | 10 +- crypto/include/internal/evp_int.h | 2 + crypto/provider.c | 5 + doc/internal/man3/ossl_algorithm_do_all.pod | 63 +++ doc/man3/EVP_DigestInit.pod | 21 +- doc/man3/EVP_EncryptInit.pod | 11 + doc/man3/OSSL_PROVIDER.pod | 4 + include/internal/core.h | 7 + include/openssl/core_numbers.h | 3 + include/openssl/evp.h | 14 +- include/openssl/provider.h | 3 + util/libcrypto.num | 7 + 30 files changed, 1661 insertions(+), 697 deletions(-) create mode 100644 apps/columns.c create mode 100644 apps/include/function.h create mode 100644 apps/list.c create mode 100644 apps/progs.c create mode 100644 apps/progs.h create mode 100644 crypto/core_algorithm.c create mode 100644 doc/internal/man3/ossl_algorithm_do_all.pod diff --git a/.gitignore b/.gitignore index b32122c..fb08a3c 100644 --- a/.gitignore +++ b/.gitignore @@ -26,7 +26,6 @@ Makefile # Auto generated headers /crypto/buildinf.h -/apps/progs.h /crypto/include/internal/*_conf.h /openssl/include/opensslconf.h /util/domd diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 52eeaa9..9309f40 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -742,6 +742,12 @@ lint: generate_apps: ( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \ < apps/openssl.cnf > apps/openssl-vms.cnf ) + @ : {- output_off() if $disabled{apps}; "" -} + ( b=`pwd`; cd $(SRCDIR); \ + $(PERL) -I$$b apps/progs.pl -H $(APPS_OPENSSL) > apps/progs.h ) + ( b=`pwd`; cd $(SRCDIR); \ + $(PERL) -I$$b apps/progs.pl -C $(APPS_OPENSSL) > apps/progs.c ) + @ : {- output_on() if $disabled{apps}; "" -} generate_crypto_bn: ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) diff --git a/apps/build.info b/apps/build.info index 3b4ea25..2a7317a 100644 --- a/apps/build.info +++ b/apps/build.info @@ -20,18 +20,18 @@ ENDIF # We need the perl variable for the DEPEND generator further down. $OPENSSLSRC={- our @opensslsrc = - qw(openssl.c + qw(openssl.c progs.c asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c - info.c); + list.c info.c); join(' ', @opensslsrc); -} # Source for libapps $LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \ - bf_prefix.c + bf_prefix.c columns.c IF[{- !$disabled{apps} -}] LIBS{noinst}=libapps.a @@ -48,11 +48,6 @@ IF[{- !$disabled{apps} -}] SOURCE[openssl]=openssl.rc ENDIF - {- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" } - @opensslsrc) -} - GENERATE[progs.h]=progs.pl $(APPS_OPENSSL) - DEPEND[progs.h]=../configdata.pm - SCRIPTS{misc}=CA.pl SOURCE[CA.pl]=CA.pl.in # linkname tells build files that a symbolic link or copy of this script diff --git a/apps/columns.c b/apps/columns.c new file mode 100644 index 0000000..aa58fe1 --- /dev/null +++ b/apps/columns.c @@ -0,0 +1,27 @@ +/* + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "apps.h" +#include "function.h" + +void calculate_columns(FUNCTION *functions, DISPLAY_COLUMNS *dc) +{ + FUNCTION *f; + int len, maxlen = 0; + + for (f = functions; f->name != NULL; ++f) + if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher) + if ((len = strlen(f->name)) > maxlen) + maxlen = len; + + dc->width = maxlen + 2; + dc->columns = (80 - 1) / dc->width; +} + diff --git a/apps/include/function.h b/apps/include/function.h new file mode 100644 index 0000000..4125979 --- /dev/null +++ b/apps/include/function.h @@ -0,0 +1,40 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef APPS_FUNCTION_H +# define APPS_FUNCTION_H + +# include +# include "opt.h" + +typedef enum FUNC_TYPE { + FT_none, FT_general, FT_md, FT_cipher, FT_pkey, + FT_md_alg, FT_cipher_alg +} FUNC_TYPE; + +typedef struct function_st { + FUNC_TYPE type; + const char *name; + int (*func)(int argc, char *argv[]); + const OPTIONS *help; +} FUNCTION; + +DEFINE_LHASH_OF(FUNCTION); + +/* Structure to hold the number of columns to be displayed and the + * field width used to display them. + */ +typedef struct { + int columns; + int width; +} DISPLAY_COLUMNS; + +void calculate_columns(FUNCTION *functions, DISPLAY_COLUMNS *dc); + +#endif diff --git a/apps/list.c b/apps/list.c new file mode 100644 index 0000000..56fd724 --- /dev/null +++ b/apps/list.c @@ -0,0 +1,578 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include "opt.h" + +static void list_cipher_fn(const EVP_CIPHER *c, + const char *from, const char *to, void *arg) +{ + if (c != NULL) { + BIO_printf(arg, " %s\n", EVP_CIPHER_name(c)); + } else { + if (from == NULL) + from = ""; + if (to == NULL) + to = ""; + BIO_printf(arg, " %s => %s\n", from, to); + } +} + +DEFINE_STACK_OF(EVP_CIPHER) +static int cipher_cmp(const EVP_CIPHER * const *a, + const EVP_CIPHER * const *b) +{ + int ret = strcmp(EVP_CIPHER_name(*a), EVP_CIPHER_name(*b)); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(EVP_CIPHER_provider(*a)), + OSSL_PROVIDER_name(EVP_CIPHER_provider(*b))); + + return ret; +} + +static void collect_ciphers(EVP_CIPHER *cipher, void *stack) +{ + STACK_OF(EVP_CIPHER) *cipher_stack = stack; + sk_EVP_CIPHER_push(cipher_stack, cipher); + EVP_CIPHER_up_ref(cipher); +} + +static void list_ciphers(void) +{ + STACK_OF(EVP_CIPHER) *ciphers = sk_EVP_CIPHER_new(cipher_cmp); + int i; + + BIO_printf(bio_out, "Legacy:\n"); + EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out); + + BIO_printf(bio_out, "Provided:\n"); + EVP_CIPHER_do_all_ex(NULL, collect_ciphers, ciphers); + sk_EVP_CIPHER_sort(ciphers); + for (i = 0; i < sk_EVP_CIPHER_num(ciphers); i++) { + const EVP_CIPHER *c = sk_EVP_CIPHER_value(ciphers, i); + BIO_printf(bio_out, " %s", EVP_CIPHER_name(c)); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_name(EVP_CIPHER_provider(c))); + } + sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_meth_free); +} + +static void list_md_fn(const EVP_MD *m, + const char *from, const char *to, void *arg) +{ + if (m != NULL) { + BIO_printf(arg, " %s\n", EVP_MD_name(m)); + } else { + if (from == NULL) + from = ""; + if (to == NULL) + to = ""; + BIO_printf((BIO *)arg, " %s => %s\n", from, to); + } +} + +DEFINE_STACK_OF(EVP_MD) +static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b) +{ + int ret = strcmp(EVP_MD_name(*a), EVP_MD_name(*b)); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(EVP_MD_provider(*a)), + OSSL_PROVIDER_name(EVP_MD_provider(*b))); + + return ret; +} + +static void collect_digests(EVP_MD *md, void *stack) +{ + STACK_OF(EVP_MD) *digest_stack = stack; + sk_EVP_MD_push(digest_stack, md); + EVP_MD_up_ref(md); +} + +static void list_digests(void) +{ + STACK_OF(EVP_MD) *digests = sk_EVP_MD_new(md_cmp); + int i; + + BIO_printf(bio_out, "Legacy:\n"); + EVP_MD_do_all_sorted(list_md_fn, bio_out); + + BIO_printf(bio_out, "Provided:\n"); + EVP_MD_do_all_ex(NULL, collect_digests, digests); + sk_EVP_MD_sort(digests); + for (i = 0; i < sk_EVP_MD_num(digests); i++) { + const EVP_MD *c = sk_EVP_MD_value(digests, i); + BIO_printf(bio_out, " %s", EVP_MD_name(c)); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_name(EVP_MD_provider(c))); + } + sk_EVP_MD_pop_free(digests, EVP_MD_meth_free); +} + +static void list_mac_fn(const EVP_MAC *m, + const char *from, const char *to, void *arg) +{ + if (m != NULL) { + BIO_printf(arg, "%s\n", EVP_MAC_name(m)); + } else { + if (from == NULL) + from = ""; + if (to == NULL) + to = ""; + BIO_printf(arg, "%s => %s\n", from, to); + } +} + +static void list_missing_help(void) +{ + const FUNCTION *fp; + const OPTIONS *o; + + for (fp = functions; fp->name != NULL; fp++) { + if ((o = fp->help) != NULL) { + /* If there is help, list what flags are not documented. */ + for ( ; o->name != NULL; o++) { + if (o->helpstr == NULL) + BIO_printf(bio_out, "%s %s\n", fp->name, o->name); + } + } else if (fp->func != dgst_main) { + /* If not aliased to the dgst command, */ + BIO_printf(bio_out, "%s *\n", fp->name); + } + } +} + +static void list_objects(void) +{ + int max_nid = OBJ_new_nid(0); + int i; + char *oid_buf = NULL; + int oid_size = 0; + + /* Skip 0, since that's NID_undef */ + for (i = 1; i < max_nid; i++) { + const ASN1_OBJECT *obj = OBJ_nid2obj(i); + const char *sn = OBJ_nid2sn(i); + const char *ln = OBJ_nid2ln(i); + int n = 0; + + /* + * If one of the retrieved objects somehow generated an error, + * we ignore it. The check for NID_undef below will detect the + * error and simply skip to the next NID. + */ + ERR_clear_error(); + + if (OBJ_obj2nid(obj) == NID_undef) + continue; + + if ((n = OBJ_obj2txt(NULL, 0, obj, 1)) == 0) { + BIO_printf(bio_out, "# None-OID object: %s, %s\n", sn, ln); + continue; + } + if (n < 0) + break; /* Error */ + + if (n > oid_size) { + oid_buf = OPENSSL_realloc(oid_buf, n + 1); + if (oid_buf == NULL) { + BIO_printf(bio_err, "ERROR: Memory allocation\n"); + break; /* Error */ + } + oid_size = n + 1; + } + if (OBJ_obj2txt(oid_buf, oid_size, obj, 1) < 0) + break; /* Error */ + if (ln == NULL || strcmp(sn, ln) == 0) + BIO_printf(bio_out, "%s = %s\n", sn, oid_buf); + else + BIO_printf(bio_out, "%s = %s, %s\n", sn, ln, oid_buf); + } + + OPENSSL_free(oid_buf); +} + +static void list_options_for_command(const char *command) +{ + const FUNCTION *fp; + const OPTIONS *o; + + for (fp = functions; fp->name != NULL; fp++) + if (strcmp(fp->name, command) == 0) + break; + if (fp->name == NULL) { + BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", + command); + return; + } + + if ((o = fp->help) == NULL) + return; + + for ( ; o->name != NULL; o++) { + if (o->name == OPT_HELP_STR + || o->name == OPT_MORE_STR + || o->name[0] == '\0') + continue; + BIO_printf(bio_out, "%s %c\n", o->name, o->valtype); + } +} + +static void list_type(FUNC_TYPE ft, int one) +{ + FUNCTION *fp; + int i = 0; + DISPLAY_COLUMNS dc; + + memset(&dc, 0, sizeof(dc)); + if (!one) + calculate_columns(functions, &dc); + + for (fp = functions; fp->name != NULL; fp++) { + if (fp->type != ft) + continue; + if (one) { + BIO_printf(bio_out, "%s\n", fp->name); + } else { + if (i % dc.columns == 0 && i > 0) + BIO_printf(bio_out, "\n"); + BIO_printf(bio_out, "%-*s", dc.width, fp->name); + i++; + } + } + if (!one) + BIO_printf(bio_out, "\n\n"); +} + +static void list_pkey(void) +{ + int i; + + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + const EVP_PKEY_ASN1_METHOD *ameth; + int pkey_id, pkey_base_id, pkey_flags; + const char *pinfo, *pem_str; + ameth = EVP_PKEY_asn1_get0(i); + EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, + &pinfo, &pem_str, ameth); + if (pkey_flags & ASN1_PKEY_ALIAS) { + BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id)); + BIO_printf(bio_out, "\tAlias for: %s\n", + OBJ_nid2ln(pkey_base_id)); + } else { + BIO_printf(bio_out, "Name: %s\n", pinfo); + BIO_printf(bio_out, "\tType: %s Algorithm\n", + pkey_flags & ASN1_PKEY_DYNAMIC ? + "External" : "Builtin"); + BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); + if (pem_str == NULL) + pem_str = "(none)"; + BIO_printf(bio_out, "\tPEM string: %s\n", pem_str); + } + + } +} + +static void list_pkey_meth(void) +{ + size_t i; + size_t meth_count = EVP_PKEY_meth_get_count(); + + for (i = 0; i < meth_count; i++) { + const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i); + int pkey_id, pkey_flags; + + EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth); + BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id)); + BIO_printf(bio_out, "\tType: %s Algorithm\n", + pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); + } +} + +static void list_engines(void) +{ +#ifndef OPENSSL_NO_ENGINE + ENGINE *e; + + BIO_puts(bio_out, "Engines:\n"); + e = ENGINE_get_first(); + while (e) { + BIO_printf(bio_out, "%s\n", ENGINE_get_id(e)); + e = ENGINE_get_next(e); + } +#else + BIO_puts(bio_out, "Engine support is disabled.\n"); +#endif +} + +static void list_disabled(void) +{ + BIO_puts(bio_out, "Disabled algorithms:\n"); +#ifdef OPENSSL_NO_ARIA + BIO_puts(bio_out, "ARIA\n"); +#endif +#ifdef OPENSSL_NO_BF + BIO_puts(bio_out, "BF\n"); +#endif +#ifdef OPENSSL_NO_BLAKE2 + BIO_puts(bio_out, "BLAKE2\n"); +#endif +#ifdef OPENSSL_NO_CAMELLIA + BIO_puts(bio_out, "CAMELLIA\n"); +#endif +#ifdef OPENSSL_NO_CAST + BIO_puts(bio_out, "CAST\n"); +#endif +#ifdef OPENSSL_NO_CMAC + BIO_puts(bio_out, "CMAC\n"); +#endif +#ifdef OPENSSL_NO_CMS + BIO_puts(bio_out, "CMS\n"); +#endif +#ifdef OPENSSL_NO_COMP + BIO_puts(bio_out, "COMP\n"); +#endif +#ifdef OPENSSL_NO_DES + BIO_puts(bio_out, "DES\n"); +#endif +#ifdef OPENSSL_NO_DGRAM + BIO_puts(bio_out, "DGRAM\n"); +#endif +#ifdef OPENSSL_NO_DH + BIO_puts(bio_out, "DH\n"); +#endif +#ifdef OPENSSL_NO_DSA + BIO_puts(bio_out, "DSA\n"); +#endif +#if defined(OPENSSL_NO_DTLS) + BIO_puts(bio_out, "DTLS\n"); +#endif +#if defined(OPENSSL_NO_DTLS1) + BIO_puts(bio_out, "DTLS1\n"); +#endif +#if defined(OPENSSL_NO_DTLS1_2) + BIO_puts(bio_out, "DTLS1_2\n"); +#endif +#ifdef OPENSSL_NO_EC + BIO_puts(bio_out, "EC\n"); +#endif +#ifdef OPENSSL_NO_EC2M + BIO_puts(bio_out, "EC2M\n"); +#endif +#ifdef OPENSSL_NO_ENGINE + BIO_puts(bio_out, "ENGINE\n"); +#endif +#ifdef OPENSSL_NO_GOST + BIO_puts(bio_out, "GOST\n"); +#endif +#ifdef OPENSSL_NO_IDEA + BIO_puts(bio_out, "IDEA\n"); +#endif +#ifdef OPENSSL_NO_MD2 + BIO_puts(bio_out, "MD2\n"); +#endif +#ifdef OPENSSL_NO_MD4 + BIO_puts(bio_out, "MD4\n"); +#endif +#ifdef OPENSSL_NO_MD5 + BIO_puts(bio_out, "MD5\n"); +#endif +#ifdef OPENSSL_NO_MDC2 + BIO_puts(bio_out, "MDC2\n"); +#endif +#ifdef OPENSSL_NO_OCB + BIO_puts(bio_out, "OCB\n"); +#endif +#ifdef OPENSSL_NO_OCSP + BIO_puts(bio_out, "OCSP\n"); +#endif +#ifdef OPENSSL_NO_PSK + BIO_puts(bio_out, "PSK\n"); +#endif +#ifdef OPENSSL_NO_RC2 + BIO_puts(bio_out, "RC2\n"); +#endif +#ifdef OPENSSL_NO_RC4 + BIO_puts(bio_out, "RC4\n"); +#endif +#ifdef OPENSSL_NO_RC5 + BIO_puts(bio_out, "RC5\n"); +#endif +#ifdef OPENSSL_NO_RMD160 + BIO_puts(bio_out, "RMD160\n"); +#endif +#ifdef OPENSSL_NO_RSA + BIO_puts(bio_out, "RSA\n"); +#endif +#ifdef OPENSSL_NO_SCRYPT + BIO_puts(bio_out, "SCRYPT\n"); +#endif +#ifdef OPENSSL_NO_SCTP + BIO_puts(bio_out, "SCTP\n"); +#endif +#ifdef OPENSSL_NO_SEED + BIO_puts(bio_out, "SEED\n"); +#endif +#ifdef OPENSSL_NO_SM2 + BIO_puts(bio_out, "SM2\n"); +#endif +#ifdef OPENSSL_NO_SM3 + BIO_puts(bio_out, "SM3\n"); +#endif +#ifdef OPENSSL_NO_SM4 + BIO_puts(bio_out, "SM4\n"); +#endif +#ifdef OPENSSL_NO_SOCK + BIO_puts(bio_out, "SOCK\n"); +#endif +#ifdef OPENSSL_NO_SRP + BIO_puts(bio_out, "SRP\n"); +#endif +#ifdef OPENSSL_NO_SRTP + BIO_puts(bio_out, "SRTP\n"); +#endif +#ifdef OPENSSL_NO_SSL3 + BIO_puts(bio_out, "SSL3\n"); +#endif +#ifdef OPENSSL_NO_TLS1 + BIO_puts(bio_out, "TLS1\n"); +#endif +#ifdef OPENSSL_NO_TLS1_1 + BIO_puts(bio_out, "TLS1_1\n"); +#endif +#ifdef OPENSSL_NO_TLS1_2 + BIO_puts(bio_out, "TLS1_2\n"); +#endif +#ifdef OPENSSL_NO_WHIRLPOOL + BIO_puts(bio_out, "WHIRLPOOL\n"); +#endif +#ifndef ZLIB + BIO_puts(bio_out, "ZLIB\n"); +#endif +} + +/* Unified enum for help and list commands. */ +typedef enum HELPLIST_CHOICE { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE, + OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, + OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, + OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_ENGINES, OPT_DISABLED, + OPT_MISSING_HELP, OPT_OBJECTS +} HELPLIST_CHOICE; + +const OPTIONS list_options[] = { + {"help", OPT_HELP, '-', "Display this summary"}, + {"1", OPT_ONE, '-', "List in one column"}, + {"commands", OPT_COMMANDS, '-', "List of standard commands"}, + {"digest-commands", OPT_DIGEST_COMMANDS, '-', + "List of message digest commands"}, + {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-', + "List of message digest algorithms"}, + {"mac-algorithms", OPT_MAC_ALGORITHMS, '-', + "List of message authentication code algorithms"}, + {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"}, + {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', + "List of cipher algorithms"}, + {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', + "List of public key algorithms"}, + {"public-key-methods", OPT_PK_METHOD, '-', + "List of public key methods"}, + {"engines", OPT_ENGINES, '-', + "List of loaded engines"}, + {"disabled", OPT_DISABLED, '-', + "List of disabled features"}, + {"missing-help", OPT_MISSING_HELP, '-', + "List missing detailed help strings"}, + {"options", OPT_OPTIONS, 's', + "List options for specified command"}, + {"objects", OPT_OBJECTS, '-', + "List built in objects (OID<->name mappings)"}, + {NULL} +}; + +int list_main(int argc, char **argv) +{ + char *prog; + HELPLIST_CHOICE o; + int one = 0, done = 0; + + prog = opt_init(argc, argv, list_options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: /* Never hit, but suppresses warning */ + case OPT_ERR: +opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + return 1; + case OPT_HELP: + opt_help(list_options); + break; + case OPT_ONE: + one = 1; + break; + case OPT_COMMANDS: + list_type(FT_general, one); + break; + case OPT_DIGEST_COMMANDS: + list_type(FT_md, one); + break; + case OPT_DIGEST_ALGORITHMS: + list_digests(); + break; + case OPT_MAC_ALGORITHMS: + EVP_MAC_do_all_sorted(list_mac_fn, bio_out); + break; + case OPT_CIPHER_COMMANDS: + list_type(FT_cipher, one); + break; + case OPT_CIPHER_ALGORITHMS: + list_ciphers(); + break; + case OPT_PK_ALGORITHMS: + list_pkey(); + break; + case OPT_PK_METHOD: + list_pkey_meth(); + break; + case OPT_ENGINES: + list_engines(); + break; + case OPT_DISABLED: + list_disabled(); + break; + case OPT_MISSING_HELP: + list_missing_help(); + break; + case OPT_OBJECTS: + list_objects(); + break; + case OPT_OPTIONS: + list_options_for_command(opt_arg()); + break; + } + done = 1; + } + if (opt_num_rest() != 0) { + BIO_printf(bio_err, "Extra arguments given.\n"); + goto opthelp; + } + + if (!done) + goto opthelp; + + return 0; +} diff --git a/apps/openssl.c b/apps/openssl.c index d6820a1..b2fd630 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -29,17 +29,8 @@ # include #endif #include "apps.h" -#define INCLUDE_FUNCTION_TABLE #include "progs.h" -/* Structure to hold the number of columns to be displayed and the - * field width used to display them. - */ -typedef struct { - int columns; - int width; -} DISPLAY_COLUMNS; - /* Special sentinel to exit the program. */ #define EXIT_THE_PROGRAM (-1) @@ -51,31 +42,12 @@ typedef struct { */ static LHASH_OF(FUNCTION) *prog_init(void); static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]); -static void list_pkey(void); -static void list_pkey_meth(void); -static void list_type(FUNC_TYPE ft, int one); -static void list_engines(void); -static void list_disabled(void); char *default_config_file = NULL; BIO *bio_in = NULL; BIO *bio_out = NULL; BIO *bio_err = NULL; -static void calculate_columns(DISPLAY_COLUMNS *dc) -{ - FUNCTION *f; - int len, maxlen = 0; - - for (f = functions; f->name != NULL; ++f) - if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher) - if ((len = strlen(f->name)) > maxlen) - maxlen = len; - - dc->width = maxlen + 2; - dc->columns = (80 - 1) / dc->width; -} - static int apps_startup(void) { #ifdef SIGPIPE @@ -408,256 +380,6 @@ int main(int argc, char *argv[]) EXIT(ret); } -static void list_cipher_fn(const EVP_CIPHER *c, - const char *from, const char *to, void *arg) -{ - if (c != NULL) { - BIO_printf(arg, "%s\n", EVP_CIPHER_name(c)); - } else { - if (from == NULL) - from = ""; - if (to == NULL) - to = ""; - BIO_printf(arg, "%s => %s\n", from, to); - } -} - -static void list_md_fn(const EVP_MD *m, - const char *from, const char *to, void *arg) -{ - if (m != NULL) { - BIO_printf(arg, "%s\n", EVP_MD_name(m)); - } else { - if (from == NULL) - from = ""; - if (to == NULL) - to = ""; - BIO_printf((BIO *)arg, "%s => %s\n", from, to); - } -} - -static void list_mac_fn(const EVP_MAC *m, - const char *from, const char *to, void *arg) -{ - if (m != NULL) { - BIO_printf(arg, "%s\n", EVP_MAC_name(m)); - } else { - if (from == NULL) - from = ""; - if (to == NULL) - to = ""; - BIO_printf(arg, "%s => %s\n", from, to); - } -} - -static void list_missing_help(void) -{ - const FUNCTION *fp; - const OPTIONS *o; - - for (fp = functions; fp->name != NULL; fp++) { - if ((o = fp->help) != NULL) { - /* If there is help, list what flags are not documented. */ - for ( ; o->name != NULL; o++) { - if (o->helpstr == NULL) - BIO_printf(bio_out, "%s %s\n", fp->name, o->name); - } - } else if (fp->func != dgst_main) { - /* If not aliased to the dgst command, */ - BIO_printf(bio_out, "%s *\n", fp->name); - } - } -} - -static void list_objects(void) -{ - int max_nid = OBJ_new_nid(0); - int i; - char *oid_buf = NULL; - int oid_size = 0; - - /* Skip 0, since that's NID_undef */ - for (i = 1; i < max_nid; i++) { - const ASN1_OBJECT *obj = OBJ_nid2obj(i); - const char *sn = OBJ_nid2sn(i); - const char *ln = OBJ_nid2ln(i); - int n = 0; - - /* - * If one of the retrieved objects somehow generated an error, - * we ignore it. The check for NID_undef below will detect the - * error and simply skip to the next NID. - */ - ERR_clear_error(); - - if (OBJ_obj2nid(obj) == NID_undef) - continue; - - if ((n = OBJ_obj2txt(NULL, 0, obj, 1)) == 0) { - BIO_printf(bio_out, "# None-OID object: %s, %s\n", sn, ln); - continue; - } - if (n < 0) - break; /* Error */ - - if (n > oid_size) { - oid_buf = OPENSSL_realloc(oid_buf, n + 1); - if (oid_buf == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - break; /* Error */ - } - oid_size = n + 1; - } - if (OBJ_obj2txt(oid_buf, oid_size, obj, 1) < 0) - break; /* Error */ - if (ln == NULL || strcmp(sn, ln) == 0) - BIO_printf(bio_out, "%s = %s\n", sn, oid_buf); - else - BIO_printf(bio_out, "%s = %s, %s\n", sn, ln, oid_buf); - } - - OPENSSL_free(oid_buf); -} - -static void list_options_for_command(const char *command) -{ - const FUNCTION *fp; - const OPTIONS *o; - - for (fp = functions; fp->name != NULL; fp++) - if (strcmp(fp->name, command) == 0) - break; - if (fp->name == NULL) { - BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", - command); - return; - } - - if ((o = fp->help) == NULL) - return; - - for ( ; o->name != NULL; o++) { - if (o->name == OPT_HELP_STR - || o->name == OPT_MORE_STR - || o->name[0] == '\0') - continue; - BIO_printf(bio_out, "%s %c\n", o->name, o->valtype); - } -} - - -/* Unified enum for help and list commands. */ -typedef enum HELPLIST_CHOICE { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE, - OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, - OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, - OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_ENGINES, OPT_DISABLED, - OPT_MISSING_HELP, OPT_OBJECTS -} HELPLIST_CHOICE; - -const OPTIONS list_options[] = { - {"help", OPT_HELP, '-', "Display this summary"}, - {"1", OPT_ONE, '-', "List in one column"}, - {"commands", OPT_COMMANDS, '-', "List of standard commands"}, - {"digest-commands", OPT_DIGEST_COMMANDS, '-', - "List of message digest commands"}, - {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-', - "List of message digest algorithms"}, - {"mac-algorithms", OPT_MAC_ALGORITHMS, '-', - "List of message authentication code algorithms"}, - {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"}, - {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', - "List of cipher algorithms"}, - {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', - "List of public key algorithms"}, - {"public-key-methods", OPT_PK_METHOD, '-', - "List of public key methods"}, - {"engines", OPT_ENGINES, '-', - "List of loaded engines"}, - {"disabled", OPT_DISABLED, '-', - "List of disabled features"}, - {"missing-help", OPT_MISSING_HELP, '-', - "List missing detailed help strings"}, - {"options", OPT_OPTIONS, 's', - "List options for specified command"}, - {"objects", OPT_OBJECTS, '-', - "List built in objects (OID<->name mappings)"}, - {NULL} -}; - -int list_main(int argc, char **argv) -{ - char *prog; - HELPLIST_CHOICE o; - int one = 0, done = 0; - - prog = opt_init(argc, argv, list_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: /* Never hit, but suppresses warning */ - case OPT_ERR: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - return 1; - case OPT_HELP: - opt_help(list_options); - break; - case OPT_ONE: - one = 1; - break; - case OPT_COMMANDS: - list_type(FT_general, one); - break; - case OPT_DIGEST_COMMANDS: - list_type(FT_md, one); - break; - case OPT_DIGEST_ALGORITHMS: - EVP_MD_do_all_sorted(list_md_fn, bio_out); - break; - case OPT_MAC_ALGORITHMS: - EVP_MAC_do_all_sorted(list_mac_fn, bio_out); - break; - case OPT_CIPHER_COMMANDS: - list_type(FT_cipher, one); - break; - case OPT_CIPHER_ALGORITHMS: - EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out); - break; - case OPT_PK_ALGORITHMS: - list_pkey(); - break; - case OPT_PK_METHOD: - list_pkey_meth(); - break; - case OPT_ENGINES: - list_engines(); - break; - case OPT_DISABLED: - list_disabled(); - break; - case OPT_MISSING_HELP: - list_missing_help(); - break; - case OPT_OBJECTS: - list_objects(); - break; - case OPT_OPTIONS: - list_options_for_command(opt_arg()); - break; - } - done = 1; - } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); - goto opthelp; - } - - if (!done) - goto opthelp; - - return 0; -} - typedef enum HELP_CHOICE { OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP } HELP_CHOICE; @@ -705,7 +427,7 @@ int help_main(int argc, char **argv) return 1; } - calculate_columns(&dc); + calculate_columns(functions, &dc); BIO_printf(bio_err, "Standard commands"); i = 0; tp = FT_none; @@ -735,32 +457,6 @@ int help_main(int argc, char **argv) return 0; } -static void list_type(FUNC_TYPE ft, int one) -{ - FUNCTION *fp; - int i = 0; - DISPLAY_COLUMNS dc; - - memset(&dc, 0, sizeof(dc)); - if (!one) - calculate_columns(&dc); - - for (fp = functions; fp->name != NULL; fp++) { - if (fp->type != ft) - continue; - if (one) { - BIO_printf(bio_out, "%s\n", fp->name); - } else { - if (i % dc.columns == 0 && i > 0) - BIO_printf(bio_out, "\n"); - BIO_printf(bio_out, "%-*s", dc.width, fp->name); - i++; - } - } - if (!one) - BIO_printf(bio_out, "\n\n"); -} - static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) { FUNCTION f, *fp; @@ -806,51 +502,6 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) return 1; } -static void list_pkey(void) -{ - int i; - - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { - const EVP_PKEY_ASN1_METHOD *ameth; - int pkey_id, pkey_base_id, pkey_flags; - const char *pinfo, *pem_str; - ameth = EVP_PKEY_asn1_get0(i); - EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, - &pinfo, &pem_str, ameth); - if (pkey_flags & ASN1_PKEY_ALIAS) { - BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id)); - BIO_printf(bio_out, "\tAlias for: %s\n", - OBJ_nid2ln(pkey_base_id)); - } else { - BIO_printf(bio_out, "Name: %s\n", pinfo); - BIO_printf(bio_out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? - "External" : "Builtin"); - BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); - if (pem_str == NULL) - pem_str = "(none)"; - BIO_printf(bio_out, "\tPEM string: %s\n", pem_str); - } - - } -} - -static void list_pkey_meth(void) -{ - size_t i; - size_t meth_count = EVP_PKEY_meth_get_count(); - - for (i = 0; i < meth_count; i++) { - const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i); - int pkey_id, pkey_flags; - - EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth); - BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id)); - BIO_printf(bio_out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); - } -} - static int function_cmp(const FUNCTION * a, const FUNCTION * b) { return strncmp(a->name, b->name, 8); @@ -871,168 +522,6 @@ static int SortFnByName(const void *_f1, const void *_f2) return strcmp(f1->name, f2->name); } -static void list_engines(void) -{ -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - - BIO_puts(bio_out, "Engines:\n"); - e = ENGINE_get_first(); - while (e) { - BIO_printf(bio_out, "%s\n", ENGINE_get_id(e)); - e = ENGINE_get_next(e); - } -#else - BIO_puts(bio_out, "Engine support is disabled.\n"); -#endif -} - -static void list_disabled(void) -{ - BIO_puts(bio_out, "Disabled algorithms:\n"); -#ifdef OPENSSL_NO_ARIA - BIO_puts(bio_out, "ARIA\n"); -#endif -#ifdef OPENSSL_NO_BF - BIO_puts(bio_out, "BF\n"); -#endif -#ifdef OPENSSL_NO_BLAKE2 - BIO_puts(bio_out, "BLAKE2\n"); -#endif -#ifdef OPENSSL_NO_CAMELLIA - BIO_puts(bio_out, "CAMELLIA\n"); -#endif -#ifdef OPENSSL_NO_CAST - BIO_puts(bio_out, "CAST\n"); -#endif -#ifdef OPENSSL_NO_CMAC - BIO_puts(bio_out, "CMAC\n"); -#endif -#ifdef OPENSSL_NO_CMS - BIO_puts(bio_out, "CMS\n"); -#endif -#ifdef OPENSSL_NO_COMP - BIO_puts(bio_out, "COMP\n"); -#endif -#ifdef OPENSSL_NO_DES - BIO_puts(bio_out, "DES\n"); -#endif -#ifdef OPENSSL_NO_DGRAM - BIO_puts(bio_out, "DGRAM\n"); -#endif -#ifdef OPENSSL_NO_DH - BIO_puts(bio_out, "DH\n"); -#endif -#ifdef OPENSSL_NO_DSA - BIO_puts(bio_out, "DSA\n"); -#endif -#if defined(OPENSSL_NO_DTLS) - BIO_puts(bio_out, "DTLS\n"); -#endif -#if defined(OPENSSL_NO_DTLS1) - BIO_puts(bio_out, "DTLS1\n"); -#endif -#if defined(OPENSSL_NO_DTLS1_2) - BIO_puts(bio_out, "DTLS1_2\n"); -#endif -#ifdef OPENSSL_NO_EC - BIO_puts(bio_out, "EC\n"); -#endif -#ifdef OPENSSL_NO_EC2M - BIO_puts(bio_out, "EC2M\n"); -#endif -#ifdef OPENSSL_NO_ENGINE - BIO_puts(bio_out, "ENGINE\n"); -#endif -#ifdef OPENSSL_NO_GOST - BIO_puts(bio_out, "GOST\n"); -#endif -#ifdef OPENSSL_NO_IDEA - BIO_puts(bio_out, "IDEA\n"); -#endif -#ifdef OPENSSL_NO_MD2 - BIO_puts(bio_out, "MD2\n"); -#endif -#ifdef OPENSSL_NO_MD4 - BIO_puts(bio_out, "MD4\n"); -#endif -#ifdef OPENSSL_NO_MD5 - BIO_puts(bio_out, "MD5\n"); -#endif -#ifdef OPENSSL_NO_MDC2 - BIO_puts(bio_out, "MDC2\n"); -#endif -#ifdef OPENSSL_NO_OCB - BIO_puts(bio_out, "OCB\n"); -#endif -#ifdef OPENSSL_NO_OCSP - BIO_puts(bio_out, "OCSP\n"); -#endif -#ifdef OPENSSL_NO_PSK - BIO_puts(bio_out, "PSK\n"); -#endif -#ifdef OPENSSL_NO_RC2 - BIO_puts(bio_out, "RC2\n"); -#endif -#ifdef OPENSSL_NO_RC4 - BIO_puts(bio_out, "RC4\n"); -#endif -#ifdef OPENSSL_NO_RC5 - BIO_puts(bio_out, "RC5\n"); -#endif -#ifdef OPENSSL_NO_RMD160 - BIO_puts(bio_out, "RMD160\n"); -#endif -#ifdef OPENSSL_NO_RSA - BIO_puts(bio_out, "RSA\n"); -#endif -#ifdef OPENSSL_NO_SCRYPT - BIO_puts(bio_out, "SCRYPT\n"); -#endif -#ifdef OPENSSL_NO_SCTP - BIO_puts(bio_out, "SCTP\n"); -#endif -#ifdef OPENSSL_NO_SEED - BIO_puts(bio_out, "SEED\n"); -#endif -#ifdef OPENSSL_NO_SM2 - BIO_puts(bio_out, "SM2\n"); -#endif -#ifdef OPENSSL_NO_SM3 - BIO_puts(bio_out, "SM3\n"); -#endif -#ifdef OPENSSL_NO_SM4 - BIO_puts(bio_out, "SM4\n"); -#endif -#ifdef OPENSSL_NO_SOCK - BIO_puts(bio_out, "SOCK\n"); -#endif -#ifdef OPENSSL_NO_SRP - BIO_puts(bio_out, "SRP\n"); -#endif -#ifdef OPENSSL_NO_SRTP - BIO_puts(bio_out, "SRTP\n"); -#endif -#ifdef OPENSSL_NO_SSL3 - BIO_puts(bio_out, "SSL3\n"); -#endif -#ifdef OPENSSL_NO_TLS1 - BIO_puts(bio_out, "TLS1\n"); -#endif -#ifdef OPENSSL_NO_TLS1_1 - BIO_puts(bio_out, "TLS1_1\n"); -#endif -#ifdef OPENSSL_NO_TLS1_2 - BIO_puts(bio_out, "TLS1_2\n"); -#endif -#ifdef OPENSSL_NO_WHIRLPOOL - BIO_puts(bio_out, "WHIRLPOOL\n"); -#endif -#ifndef ZLIB - BIO_puts(bio_out, "ZLIB\n"); -#endif -} - static LHASH_OF(FUNCTION) *prog_init(void) { static LHASH_OF(FUNCTION) *ret = NULL; diff --git a/apps/progs.c b/apps/progs.c new file mode 100644 index 0000000..e7a06b9 --- /dev/null +++ b/apps/progs.c @@ -0,0 +1,398 @@ +/* + * WARNING: do not edit! + * Generated by apps/progs.pl + * + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "progs.h" + +FUNCTION functions[] = { + {FT_general, "asn1parse", asn1parse_main, asn1parse_options}, + {FT_general, "ca", ca_main, ca_options}, +#ifndef OPENSSL_NO_SOCK + {FT_general, "ciphers", ciphers_main, ciphers_options}, +#endif +#ifndef OPENSSL_NO_CMS + {FT_general, "cms", cms_main, cms_options}, +#endif + {FT_general, "crl", crl_main, crl_options}, + {FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options}, + {FT_general, "dgst", dgst_main, dgst_options}, +#ifndef OPENSSL_NO_DH + {FT_general, "dhparam", dhparam_main, dhparam_options}, +#endif +#ifndef OPENSSL_NO_DSA + {FT_general, "dsa", dsa_main, dsa_options}, +#endif +#ifndef OPENSSL_NO_DSA + {FT_general, "dsaparam", dsaparam_main, dsaparam_options}, +#endif +#ifndef OPENSSL_NO_EC + {FT_general, "ec", ec_main, ec_options}, +#endif +#ifndef OPENSSL_NO_EC + {FT_general, "ecparam", ecparam_main, ecparam_options}, +#endif + {FT_general, "enc", enc_main, enc_options}, +#ifndef OPENSSL_NO_ENGINE + {FT_general, "engine", engine_main, engine_options}, +#endif + {FT_general, "errstr", errstr_main, errstr_options}, +#ifndef OPENSSL_NO_DSA + {FT_general, "gendsa", gendsa_main, gendsa_options}, +#endif + {FT_general, "genpkey", genpkey_main, genpkey_options}, +#ifndef OPENSSL_NO_RSA + {FT_general, "genrsa", genrsa_main, genrsa_options}, +#endif + {FT_general, "help", help_main, help_options}, + {FT_general, "info", info_main, info_options}, + {FT_general, "kdf", kdf_main, kdf_options}, + {FT_general, "list", list_main, list_options}, + {FT_general, "mac", mac_main, mac_options}, + {FT_general, "nseq", nseq_main, nseq_options}, +#ifndef OPENSSL_NO_OCSP + {FT_general, "ocsp", ocsp_main, ocsp_options}, +#endif + {FT_general, "passwd", passwd_main, passwd_options}, +#ifndef OPENSSL_NO_DES + {FT_general, "pkcs12", pkcs12_main, pkcs12_options}, +#endif + {FT_general, "pkcs7", pkcs7_main, pkcs7_options}, + {FT_general, "pkcs8", pkcs8_main, pkcs8_options}, + {FT_general, "pkey", pkey_main, pkey_options}, + {FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options}, + {FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options}, + {FT_general, "prime", prime_main, prime_options}, + {FT_general, "rand", rand_main, rand_options}, + {FT_general, "rehash", rehash_main, rehash_options}, + {FT_general, "req", req_main, req_options}, + {FT_general, "rsa", rsa_main, rsa_options}, +#ifndef OPENSSL_NO_RSA + {FT_general, "rsautl", rsautl_main, rsautl_options}, +#endif +#ifndef OPENSSL_NO_SOCK + {FT_general, "s_client", s_client_main, s_client_options}, +#endif +#ifndef OPENSSL_NO_SOCK + {FT_general, "s_server", s_server_main, s_server_options}, +#endif +#ifndef OPENSSL_NO_SOCK + {FT_general, "s_time", s_time_main, s_time_options}, +#endif + {FT_general, "sess_id", sess_id_main, sess_id_options}, + {FT_general, "smime", smime_main, smime_options}, + {FT_general, "speed", speed_main, speed_options}, + {FT_general, "spkac", spkac_main, spkac_options}, +#ifndef OPENSSL_NO_SRP + {FT_general, "srp", srp_main, srp_options}, +#endif + {FT_general, "storeutl", storeutl_main, storeutl_options}, +#ifndef OPENSSL_NO_TS + {FT_general, "ts", ts_main, ts_options}, +#endif + {FT_general, "verify", verify_main, verify_options}, + {FT_general, "version", version_main, version_options}, + {FT_general, "x509", x509_main, x509_options}, +#ifndef OPENSSL_NO_MD2 + {FT_md, "md2", dgst_main}, +#endif +#ifndef OPENSSL_NO_MD4 + {FT_md, "md4", dgst_main}, +#endif + {FT_md, "md5", dgst_main}, +#ifndef OPENSSL_NO_GOST + {FT_md, "gost", dgst_main}, +#endif + {FT_md, "sha1", dgst_main}, + {FT_md, "sha224", dgst_main}, + {FT_md, "sha256", dgst_main}, + {FT_md, "sha384", dgst_main}, + {FT_md, "sha512", dgst_main}, + {FT_md, "sha512-224", dgst_main}, + {FT_md, "sha512-256", dgst_main}, + {FT_md, "sha3-224", dgst_main}, + {FT_md, "sha3-256", dgst_main}, + {FT_md, "sha3-384", dgst_main}, + {FT_md, "sha3-512", dgst_main}, + {FT_md, "shake128", dgst_main}, + {FT_md, "shake256", dgst_main}, +#ifndef OPENSSL_NO_MDC2 + {FT_md, "mdc2", dgst_main}, +#endif +#ifndef OPENSSL_NO_RMD160 + {FT_md, "rmd160", dgst_main}, +#endif +#ifndef OPENSSL_NO_BLAKE2 + {FT_md, "blake2b512", dgst_main}, +#endif +#ifndef OPENSSL_NO_BLAKE2 + {FT_md, "blake2s256", dgst_main}, +#endif +#ifndef OPENSSL_NO_SM3 + {FT_md, "sm3", dgst_main}, +#endif + {FT_cipher, "aes-128-cbc", enc_main, enc_options}, + {FT_cipher, "aes-128-ecb", enc_main, enc_options}, + {FT_cipher, "aes-192-cbc", enc_main, enc_options}, + {FT_cipher, "aes-192-ecb", enc_main, enc_options}, + {FT_cipher, "aes-256-cbc", enc_main, enc_options}, + {FT_cipher, "aes-256-ecb", enc_main, enc_options}, +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-128-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-128-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-128-ctr", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-128-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-128-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-128-cfb1", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-128-cfb8", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-192-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-192-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-192-ctr", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-192-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-192-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-192-cfb1", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-192-cfb8", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-256-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-256-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-256-ctr", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-256-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-256-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-256-cfb1", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_ARIA + {FT_cipher, "aria-256-cfb8", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FT_cipher, "camellia-128-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FT_cipher, "camellia-128-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FT_cipher, "camellia-192-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FT_cipher, "camellia-192-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FT_cipher, "camellia-256-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FT_cipher, "camellia-256-ecb", enc_main, enc_options}, +#endif + {FT_cipher, "base64", enc_main, enc_options}, +#ifdef ZLIB + {FT_cipher, "zlib", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des3", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "desx", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_IDEA + {FT_cipher, "idea", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SEED + {FT_cipher, "seed", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC4 + {FT_cipher, "rc4", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC4 + {FT_cipher, "rc4-40", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC2 + {FT_cipher, "rc2", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_BF + {FT_cipher, "bf", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAST + {FT_cipher, "cast", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC5 + {FT_cipher, "rc5", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede3", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede3-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede3-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_DES + {FT_cipher, "des-ede3-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_IDEA + {FT_cipher, "idea-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_IDEA + {FT_cipher, "idea-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_IDEA + {FT_cipher, "idea-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_IDEA + {FT_cipher, "idea-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SEED + {FT_cipher, "seed-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SEED + {FT_cipher, "seed-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SEED + {FT_cipher, "seed-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SEED + {FT_cipher, "seed-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC2 + {FT_cipher, "rc2-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC2 + {FT_cipher, "rc2-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC2 + {FT_cipher, "rc2-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC2 + {FT_cipher, "rc2-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC2 + {FT_cipher, "rc2-64-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC2 + {FT_cipher, "rc2-40-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_BF + {FT_cipher, "bf-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_BF + {FT_cipher, "bf-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_BF + {FT_cipher, "bf-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_BF + {FT_cipher, "bf-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAST + {FT_cipher, "cast5-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAST + {FT_cipher, "cast5-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAST + {FT_cipher, "cast5-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAST + {FT_cipher, "cast5-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_CAST + {FT_cipher, "cast-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC5 + {FT_cipher, "rc5-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC5 + {FT_cipher, "rc5-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC5 + {FT_cipher, "rc5-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_RC5 + {FT_cipher, "rc5-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SM4 + {FT_cipher, "sm4-cbc", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SM4 + {FT_cipher, "sm4-ecb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SM4 + {FT_cipher, "sm4-cfb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SM4 + {FT_cipher, "sm4-ofb", enc_main, enc_options}, +#endif +#ifndef OPENSSL_NO_SM4 + {FT_cipher, "sm4-ctr", enc_main, enc_options}, +#endif + {0, NULL, NULL} +}; diff --git a/apps/progs.h b/apps/progs.h new file mode 100644 index 0000000..664c714 --- /dev/null +++ b/apps/progs.h @@ -0,0 +1,119 @@ +/* + * WARNING: do not edit! + * Generated by apps/progs.pl + * + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "function.h" + +extern int asn1parse_main(int argc, char *argv[]); +extern int ca_main(int argc, char *argv[]); +extern int ciphers_main(int argc, char *argv[]); +extern int cms_main(int argc, char *argv[]); +extern int crl_main(int argc, char *argv[]); +extern int crl2pkcs7_main(int argc, char *argv[]); +extern int dgst_main(int argc, char *argv[]); +extern int dhparam_main(int argc, char *argv[]); +extern int dsa_main(int argc, char *argv[]); +extern int dsaparam_main(int argc, char *argv[]); +extern int ec_main(int argc, char *argv[]); +extern int ecparam_main(int argc, char *argv[]); +extern int enc_main(int argc, char *argv[]); +extern int engine_main(int argc, char *argv[]); +extern int errstr_main(int argc, char *argv[]); +extern int gendsa_main(int argc, char *argv[]); +extern int genpkey_main(int argc, char *argv[]); +extern int genrsa_main(int argc, char *argv[]); +extern int help_main(int argc, char *argv[]); +extern int info_main(int argc, char *argv[]); +extern int kdf_main(int argc, char *argv[]); +extern int list_main(int argc, char *argv[]); +extern int mac_main(int argc, char *argv[]); +extern int nseq_main(int argc, char *argv[]); +extern int ocsp_main(int argc, char *argv[]); +extern int passwd_main(int argc, char *argv[]); +extern int pkcs12_main(int argc, char *argv[]); +extern int pkcs7_main(int argc, char *argv[]); +extern int pkcs8_main(int argc, char *argv[]); +extern int pkey_main(int argc, char *argv[]); +extern int pkeyparam_main(int argc, char *argv[]); +extern int pkeyutl_main(int argc, char *argv[]); +extern int prime_main(int argc, char *argv[]); +extern int rand_main(int argc, char *argv[]); +extern int rehash_main(int argc, char *argv[]); +extern int req_main(int argc, char *argv[]); +extern int rsa_main(int argc, char *argv[]); +extern int rsautl_main(int argc, char *argv[]); +extern int s_client_main(int argc, char *argv[]); +extern int s_server_main(int argc, char *argv[]); +extern int s_time_main(int argc, char *argv[]); +extern int sess_id_main(int argc, char *argv[]); +extern int smime_main(int argc, char *argv[]); +extern int speed_main(int argc, char *argv[]); +extern int spkac_main(int argc, char *argv[]); +extern int srp_main(int argc, char *argv[]); +extern int storeutl_main(int argc, char *argv[]); +extern int ts_main(int argc, char *argv[]); +extern int verify_main(int argc, char *argv[]); +extern int version_main(int argc, char *argv[]); +extern int x509_main(int argc, char *argv[]); + +extern const OPTIONS asn1parse_options[]; +extern const OPTIONS ca_options[]; +extern const OPTIONS ciphers_options[]; +extern const OPTIONS cms_options[]; +extern const OPTIONS crl_options[]; +extern const OPTIONS crl2pkcs7_options[]; +extern const OPTIONS dgst_options[]; +extern const OPTIONS dhparam_options[]; +extern const OPTIONS dsa_options[]; +extern const OPTIONS dsaparam_options[]; +extern const OPTIONS ec_options[]; +extern const OPTIONS ecparam_options[]; +extern const OPTIONS enc_options[]; +extern const OPTIONS engine_options[]; +extern const OPTIONS errstr_options[]; +extern const OPTIONS gendsa_options[]; +extern const OPTIONS genpkey_options[]; +extern const OPTIONS genrsa_options[]; +extern const OPTIONS help_options[]; +extern const OPTIONS info_options[]; +extern const OPTIONS kdf_options[]; +extern const OPTIONS list_options[]; +extern const OPTIONS mac_options[]; +extern const OPTIONS nseq_options[]; +extern const OPTIONS ocsp_options[]; +extern const OPTIONS passwd_options[]; +extern const OPTIONS pkcs12_options[]; +extern const OPTIONS pkcs7_options[]; +extern const OPTIONS pkcs8_options[]; +extern const OPTIONS pkey_options[]; +extern const OPTIONS pkeyparam_options[]; +extern const OPTIONS pkeyutl_options[]; +extern const OPTIONS prime_options[]; +extern const OPTIONS rand_options[]; +extern const OPTIONS rehash_options[]; +extern const OPTIONS req_options[]; +extern const OPTIONS rsa_options[]; +extern const OPTIONS rsautl_options[]; +extern const OPTIONS s_client_options[]; +extern const OPTIONS s_server_options[]; +extern const OPTIONS s_time_options[]; +extern const OPTIONS sess_id_options[]; +extern const OPTIONS smime_options[]; +extern const OPTIONS speed_options[]; +extern const OPTIONS spkac_options[]; +extern const OPTIONS srp_options[]; +extern const OPTIONS storeutl_options[]; +extern const OPTIONS ts_options[]; +extern const OPTIONS verify_options[]; +extern const OPTIONS version_options[]; +extern const OPTIONS x509_options[]; + +extern FUNCTION functions[]; diff --git a/apps/progs.pl b/apps/progs.pl index 3aec756..1b304a0 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -14,6 +14,10 @@ use warnings; use lib '.'; use configdata qw/@disablables %unified_info/; +my $opt = shift @ARGV; +die "Unrecognised option, must be -C or -H\n" + unless ($opt eq '-H' || $opt eq '-C'); + my %commands = (); my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; my $apps_openssl = shift @ARGV; @@ -38,7 +42,8 @@ foreach my $filename (@openssl_source) { @ARGV = sort keys %commands; -print <<"EOF"; +if ($opt eq '-H') { + print <<"EOF"; /* * WARNING: do not edit! * Generated by apps/progs.pl @@ -51,134 +56,139 @@ print <<"EOF"; * https://www.openssl.org/source/license.html */ -#include -#include "opt.h" +#include "function.h" -typedef enum FUNC_TYPE { - FT_none, FT_general, FT_md, FT_cipher, FT_pkey, - FT_md_alg, FT_cipher_alg -} FUNC_TYPE; +EOF -typedef struct function_st { - FUNC_TYPE type; - const char *name; - int (*func)(int argc, char *argv[]); - const OPTIONS *help; -} FUNCTION; + foreach (@ARGV) { + printf "extern int %s_main(int argc, char *argv[]);\n", $_; + } + print "\n"; -DEFINE_LHASH_OF(FUNCTION); + foreach (@ARGV) { + printf "extern const OPTIONS %s_options[];\n", $_; + } + print "\n"; + print "extern FUNCTION functions[];\n"; +} -EOF +if ($opt eq '-C') { + print <<"EOF"; +/* + * WARNING: do not edit! + * Generated by apps/progs.pl + * + * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ -foreach (@ARGV) { - printf "extern int %s_main(int argc, char *argv[]);\n", $_; -} -print "\n"; +#include "progs.h" -foreach (@ARGV) { - printf "extern const OPTIONS %s_options[];\n", $_; -} -print "\n"; - -my %cmd_disabler = ( - ciphers => "sock", - genrsa => "rsa", - rsautl => "rsa", - gendsa => "dsa", - dsaparam => "dsa", - gendh => "dh", - dhparam => "dh", - ecparam => "ec", - pkcs12 => "des", -); - -print "#ifdef INCLUDE_FUNCTION_TABLE\n"; -print "static FUNCTION functions[] = {\n"; -foreach my $cmd ( @ARGV ) { - my $str = " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n"; - if ($cmd =~ /^s_/) { - print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n"; - } elsif (grep { $cmd eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; - } elsif (my $disabler = $cmd_disabler{$cmd}) { - print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; - } else { - print $str; +EOF + + my %cmd_disabler = ( + ciphers => "sock", + genrsa => "rsa", + rsautl => "rsa", + gendsa => "dsa", + dsaparam => "dsa", + gendh => "dh", + dhparam => "dh", + ecparam => "ec", + pkcs12 => "des", + ); + + print "FUNCTION functions[] = {\n"; + foreach my $cmd ( @ARGV ) { + my $str = + " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n"; + if ($cmd =~ /^s_/) { + print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n"; + } elsif (grep { $cmd eq $_ } @disablables) { + print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; + } elsif (my $disabler = $cmd_disabler{$cmd}) { + print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; + } else { + print $str; + } } -} -my %md_disabler = ( - blake2b512 => "blake2", - blake2s256 => "blake2", -); -foreach my $cmd ( - "md2", "md4", "md5", - "gost", - "sha1", "sha224", "sha256", "sha384", - "sha512", "sha512-224", "sha512-256", - "sha3-224", "sha3-256", "sha3-384", "sha3-512", - "shake128", "shake256", - "mdc2", "rmd160", "blake2b512", "blake2s256", - "sm3" -) { - my $str = " {FT_md, \"$cmd\", dgst_main},\n"; - if (grep { $cmd eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; - } elsif (my $disabler = $md_disabler{$cmd}) { - print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; - } else { - print $str; + my %md_disabler = ( + blake2b512 => "blake2", + blake2s256 => "blake2", + ); + foreach my $cmd ( + "md2", "md4", "md5", + "gost", + "sha1", "sha224", "sha256", "sha384", + "sha512", "sha512-224", "sha512-256", + "sha3-224", "sha3-256", "sha3-384", "sha3-512", + "shake128", "shake256", + "mdc2", "rmd160", "blake2b512", "blake2s256", + "sm3" + ) { + my $str = " {FT_md, \"$cmd\", dgst_main},\n"; + if (grep { $cmd eq $_ } @disablables) { + print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; + } elsif (my $disabler = $md_disabler{$cmd}) { + print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; + } else { + print $str; + } } -} -my %cipher_disabler = ( - des3 => "des", - desx => "des", - cast5 => "cast", -); -foreach my $cmd ( - "aes-128-cbc", "aes-128-ecb", - "aes-192-cbc", "aes-192-ecb", - "aes-256-cbc", "aes-256-ecb", - "aria-128-cbc", "aria-128-cfb", - "aria-128-ctr", "aria-128-ecb", "aria-128-ofb", - "aria-128-cfb1", "aria-128-cfb8", - "aria-192-cbc", "aria-192-cfb", - "aria-192-ctr", "aria-192-ecb", "aria-192-ofb", - "aria-192-cfb1", "aria-192-cfb8", - "aria-256-cbc", "aria-256-cfb", - "aria-256-ctr", "aria-256-ecb", "aria-256-ofb", - "aria-256-cfb1", "aria-256-cfb8", - "camellia-128-cbc", "camellia-128-ecb", - "camellia-192-cbc", "camellia-192-ecb", - "camellia-256-cbc", "camellia-256-ecb", - "base64", "zlib", - "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", - "rc2", "bf", "cast", "rc5", - "des-ecb", "des-ede", "des-ede3", - "des-cbc", "des-ede-cbc","des-ede3-cbc", - "des-cfb", "des-ede-cfb","des-ede3-cfb", - "des-ofb", "des-ede-ofb","des-ede3-ofb", - "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", - "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", - "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", - "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", - "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", - "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb", - "sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr" -) { - my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options},\n"; - (my $algo = $cmd) =~ s/-.*//g; - if ($cmd eq "zlib") { - print "#ifdef ZLIB\n${str}#endif\n"; - } elsif (grep { $algo eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n"; - } elsif (my $disabler = $cipher_disabler{$algo}) { - print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; - } else { - print $str; + my %cipher_disabler = ( + des3 => "des", + desx => "des", + cast5 => "cast", + ); + foreach my $cmd ( + "aes-128-cbc", "aes-128-ecb", + "aes-192-cbc", "aes-192-ecb", + "aes-256-cbc", "aes-256-ecb", + "aria-128-cbc", "aria-128-cfb", + "aria-128-ctr", "aria-128-ecb", "aria-128-ofb", + "aria-128-cfb1", "aria-128-cfb8", + "aria-192-cbc", "aria-192-cfb", + "aria-192-ctr", "aria-192-ecb", "aria-192-ofb", + "aria-192-cfb1", "aria-192-cfb8", + "aria-256-cbc", "aria-256-cfb", + "aria-256-ctr", "aria-256-ecb", "aria-256-ofb", + "aria-256-cfb1", "aria-256-cfb8", + "camellia-128-cbc", "camellia-128-ecb", + "camellia-192-cbc", "camellia-192-ecb", + "camellia-256-cbc", "camellia-256-ecb", + "base64", "zlib", + "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", + "rc2", "bf", "cast", "rc5", + "des-ecb", "des-ede", "des-ede3", + "des-cbc", "des-ede-cbc","des-ede3-cbc", + "des-cfb", "des-ede-cfb","des-ede3-cfb", + "des-ofb", "des-ede-ofb","des-ede3-ofb", + "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", + "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", + "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", + "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", + "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb", + "sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr" + ) { + my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options},\n"; + (my $algo = $cmd) =~ s/-.*//g; + if ($cmd eq "zlib") { + print "#ifdef ZLIB\n${str}#endif\n"; + } elsif (grep { $algo eq $_ } @disablables) { + print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n"; + } elsif (my $disabler = $cipher_disabler{$algo}) { + print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; + } else { + print $str; + } } -} -print " {0, NULL, NULL}\n};\n"; -print "#endif\n"; + print " {0, NULL, NULL}\n};\n"; +} diff --git a/crypto/build.info b/crypto/build.info index fccca08..b9e35b9 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -59,7 +59,8 @@ IF[{- !$disabled{asm} && $config{processor} ne '386' -}] ENDIF # The Core -$CORE_COMMON=provider_core.c provider_predefined.c core_fetch.c core_namemap.c +$CORE_COMMON=provider_core.c provider_predefined.c \ + core_fetch.c core_algorithm.c core_namemap.c SOURCE[../libcrypto]=$CORE_COMMON provider_conf.c SOURCE[../providers/fips]=$CORE_COMMON diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c new file mode 100644 index 0000000..bbef1c3 --- /dev/null +++ b/crypto/core_algorithm.c @@ -0,0 +1,76 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/core.h" +#include "internal/property.h" +#include "internal/provider.h" + +struct algorithm_data_st { + OPENSSL_CTX *libctx; + int operation_id; /* May be zero for finding them all */ + void (*fn)(OSSL_PROVIDER *, const OSSL_ALGORITHM *, int no_store, + void *data); + void *data; +}; + +static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) +{ + struct algorithm_data_st *data = cbdata; + int no_store = 0; /* Assume caching is ok */ + int first_operation = 1; + int last_operation = OSSL_OP__HIGHEST; + int cur_operation; + int ok = 0; + + if (data->operation_id != 0) + first_operation = last_operation = data->operation_id; + + for (cur_operation = first_operation; + cur_operation <= last_operation; + cur_operation++) { + const OSSL_ALGORITHM *map = + ossl_provider_query_operation(provider, data->operation_id, + &no_store); + + if (map == NULL) + break; + + ok = 1; /* As long as we've found *something* */ + while (map->algorithm_name != NULL) { + const OSSL_ALGORITHM *thismap = map++; + + data->fn(provider, thismap, no_store, data->data); + } + } + + return ok; +} + +void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + void *data) +{ + struct algorithm_data_st cbdata; + + cbdata.libctx = libctx; + cbdata.operation_id = operation_id; + cbdata.fn = fn; + cbdata.data = data; + + if (provider == NULL) { + ossl_provider_forall_loaded(libctx, algorithm_do_this, &cbdata); + } else { + algorithm_do_this(provider, &cbdata); + } +} diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index 56a3c5c..c1c8158 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -24,55 +24,45 @@ struct construct_data_st { void *mcm_data; }; -static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) +static void ossl_method_construct_this(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *cbdata) { struct construct_data_st *data = cbdata; - int no_store = 0; /* Assume caching is ok */ - const OSSL_ALGORITHM *map = - ossl_provider_query_operation(provider, data->operation_id, &no_store); - - if (map == NULL) - return 0; - - while (map->algorithm_name != NULL) { - const OSSL_ALGORITHM *thismap = map++; - void *method = NULL; - - if ((method = data->mcm->construct(thismap->algorithm_name, - thismap->implementation, provider, - data->mcm_data)) == NULL) - continue; + void *method = NULL; + if ((method = data->mcm->construct(algo->algorithm_name, + algo->implementation, provider, + data->mcm_data)) == NULL) + return; + + /* + * Note regarding putting the method in stores: + * + * we don't need to care if it actually got in or not here. + * If it didn't get in, it will simply not be available when + * ossl_method_construct() tries to get it from the store. + * + * It is *expected* that the put function increments the refcnt + * of the passed method. + */ + + if (data->force_store || !no_store) { /* - * Note regarding putting the method in stores: - * - * we don't need to care if it actually got in or not here. - * If it didn't get in, it will simply not be available when - * ossl_method_construct() tries to get it from the store. - * - * It is *expected* that the put function increments the refcnt - * of the passed method. + * If we haven't been told not to store, + * add to the global store */ - - if (data->force_store || !no_store) { - /* - * If we haven't been told not to store, - * add to the global store - */ - data->mcm->put(data->libctx, NULL, method, data->operation_id, - thismap->algorithm_name, - thismap->property_definition, data->mcm_data); - } - - data->mcm->put(data->libctx, data->store, method, data->operation_id, - thismap->algorithm_name, thismap->property_definition, - data->mcm_data); - - /* refcnt-- because we're dropping the reference */ - data->mcm->destruct(method, data->mcm_data); + data->mcm->put(data->libctx, NULL, method, data->operation_id, + algo->algorithm_name, + algo->property_definition, data->mcm_data); } - return 1; + data->mcm->put(data->libctx, data->store, method, data->operation_id, + algo->algorithm_name, algo->property_definition, + data->mcm_data); + + /* refcnt-- because we're dropping the reference */ + data->mcm->destruct(method, data->mcm_data); } void *ossl_method_construct(OPENSSL_CTX *libctx, int operation_id, @@ -99,8 +89,8 @@ void *ossl_method_construct(OPENSSL_CTX *libctx, int operation_id, cbdata.force_store = force_store; cbdata.mcm = mcm; cbdata.mcm_data = mcm_data; - ossl_provider_forall_loaded(libctx, ossl_method_construct_this, - &cbdata); + ossl_algorithm_do_all(libctx, operation_id, NULL, + ossl_method_construct_this, &cbdata); method = mcm->get(libctx, cbdata.store, operation_id, name, propquery, mcm_data); diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 40aca34..51c9b6e 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -55,6 +55,7 @@ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) if (i > 0) return; ossl_provider_free(cipher->prov); + OPENSSL_free(cipher->name); CRYPTO_THREAD_lock_free(cipher->lock); OPENSSL_free(cipher); } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 65b12e3..81b51e5 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -577,7 +577,7 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) return 0; } -static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, +static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_MD *md = NULL; @@ -587,6 +587,8 @@ static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, if ((md = EVP_MD_meth_new(NID_undef, NID_undef)) == NULL) return NULL; + md->name = OPENSSL_strdup(name); + for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_DIGEST_NEWCTX: @@ -697,3 +699,12 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, return md; } + +void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_MD *mac, void *arg), + void *arg) +{ + evp_generic_do_all(libctx, OSSL_OP_DIGEST, + (void (*)(void *, void *))fn, arg, + evp_md_from_dispatch, evp_md_free); +} diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3b83d11..00c9367 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1081,7 +1081,8 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 1; } -static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns, +static void *evp_cipher_from_dispatch(const char *name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_CIPHER *cipher = NULL; @@ -1094,6 +1095,8 @@ static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns, if ((cipher = EVP_CIPHER_meth_new(0, 0, 0)) == NULL) return NULL; + cipher->name = OPENSSL_strdup(name); + for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_CIPHER_NEWCTX: @@ -1212,3 +1215,12 @@ EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, return cipher; } + +void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *mac, void *arg), + void *arg) +{ + evp_generic_do_all(libctx, OSSL_OP_CIPHER, + (void (*)(void *, void *))fn, arg, + evp_cipher_from_dispatch, evp_cipher_free); +} diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 0c25f0d..2a2d892 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -40,7 +40,8 @@ struct method_data_st { OPENSSL_CTX *libctx; const char *name; OSSL_METHOD_CONSTRUCT_METHOD *mcm; - void *(*method_from_dispatch)(const OSSL_DISPATCH *, OSSL_PROVIDER *); + void *(*method_from_dispatch)(const char *, const OSSL_DISPATCH *, + OSSL_PROVIDER *); int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); }; @@ -143,7 +144,7 @@ static void *construct_method(const char *name, const OSSL_DISPATCH *fns, { struct method_data_st *methdata = data; - return methdata->method_from_dispatch(fns, prov); + return methdata->method_from_dispatch(name, fns, prov); } static void destruct_method(void *method, void *data) @@ -155,7 +156,8 @@ static void destruct_method(void *method, void *data) void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, const char *name, const char *properties, - void *(*new_method)(const OSSL_DISPATCH *fns, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*up_ref_method)(void *), void (*free_method)(void *)) @@ -234,3 +236,42 @@ int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR); return 0; } + +struct do_all_data_st { + void (*user_fn)(void *method, void *arg); + void *user_arg; + void *(*new_method)(const char *name, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov); + void (*free_method)(void *); +}; + +static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, + int no_store, void *vdata) +{ + struct do_all_data_st *data = vdata; + void *method = data->new_method(algo->algorithm_name, + algo->implementation, provider); + + if (method != NULL) { + data->user_fn(method, data->user_arg); + data->free_method(method); + } +} + + +void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, + void (*user_fn)(void *method, void *arg), + void *user_arg, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov), + void (*free_method)(void *)) +{ + struct do_all_data_st data; + + data.new_method = new_method; + data.free_method = free_method; + data.user_fn = user_fn; + data.user_arg = user_arg; + ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data); +} diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 9d1d197..b0de4bb 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -396,6 +396,22 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) return ctx->cipher->nid; } +const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) +{ + if (cipher->prov != NULL) + return cipher->name; +#ifndef FIPS_MODE + return OBJ_nid2sn(EVP_CIPHER_nid(cipher)); +#else + return NULL; +#endif +} + +const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher) +{ + return cipher->prov; +} + int EVP_CIPHER_mode(const EVP_CIPHER *cipher) { int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; @@ -407,6 +423,22 @@ int EVP_CIPHER_mode(const EVP_CIPHER *cipher) } +const char *EVP_MD_name(const EVP_MD *md) +{ + if (md->prov != NULL) + return md->name; +#ifndef FIPS_MODE + return OBJ_nid2sn(EVP_MD_nid(md)); +#else + return NULL; +#endif +} + +const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md) +{ + return md->prov; +} + int EVP_MD_block_size(const EVP_MD *md) { if (md == NULL) { @@ -494,6 +526,7 @@ void EVP_MD_meth_free(EVP_MD *md) if (i > 0) return; ossl_provider_free(md->prov); + OPENSSL_free(md->name); CRYPTO_THREAD_lock_free(md->lock); OPENSSL_free(md); } diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 54f9e08..b56d412 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -91,10 +91,18 @@ int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, const char *algorithm, const char *properties, - void *(*new_method)(const OSSL_DISPATCH *fns, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*up_ref_method)(void *), void (*free_method)(void *)); +void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, + void (*user_fn)(void *method, void *arg), + void *user_arg, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov), + void (*free_method)(void *)); /* Helper functions to avoid duplicating code */ diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index da4ae0f..4cda76b 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -196,6 +196,7 @@ struct evp_md_st { /* New structure members */ /* TODO(3.0): Remove above comment when legacy has gone */ + char *name; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; @@ -246,6 +247,7 @@ struct evp_cipher_st { /* New structure members */ /* TODO(3.0): Remove above comment when legacy has gone */ + char *name; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; diff --git a/crypto/provider.c b/crypto/provider.c index 4e21bfe..8c9c6da 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -68,3 +68,8 @@ int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, return 1; } + +const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov) +{ + return ossl_provider_name(prov); +} diff --git a/doc/internal/man3/ossl_algorithm_do_all.pod b/doc/internal/man3/ossl_algorithm_do_all.pod new file mode 100644 index 0000000..4119af5 --- /dev/null +++ b/doc/internal/man3/ossl_algorithm_do_all.pod @@ -0,0 +1,63 @@ +=pod + +=head1 NAME + +ossl_algorithm_do_all - generic algorithm implementation iterator + +=head1 SYNOPSIS + + void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + void *data) + +=head1 DESCRIPTION + +ossl_algorithm_do_all() looks up every algorithm it can find, using +the implementation query operation, given a library context I, +an operation identity I and a provider I. +I may be NULL to signify that the default library context is +used. +I may be zero to signify that all kinds of operations +may be looked up. +I may be NULL to signify that all loaded providers will be +queried. + +For each implementation found, the function I is called with the +I for the implementation, the algorithm descriptor I, +the flag I indicating whether the algorithm descriptor may +be remembered or not, and the caller I that was passed to +ossl_algorithm_do_all(). + +=head1 RETURN VALUES + +ossl_algorithm_do_all() doesn't return any value. + +=head1 NOTES + +The functions described here are mainly useful for discovery, and +possibly display of what has been discovered, for example an +application that wants to display the loaded providers and what they +may offer, but also for constructors, such as +L. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use this +file except in compliance with the License. You can obtain a copy in the file +LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index bc10fa3..5ca0563 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -7,7 +7,9 @@ EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_param EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_name, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_name, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, @@ -42,6 +44,7 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); + const char *EVP_MD_name(const EVP_MD *md); int EVP_MD_type(const EVP_MD *md); int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); @@ -49,6 +52,8 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); + const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx); + const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); int EVP_MD_CTX_size(const EVP_MD *ctx); int EVP_MD_CTX_block_size(const EVP_MD *ctx); int EVP_MD_CTX_type(const EVP_MD *ctx); @@ -170,6 +175,16 @@ automatically cleaned up. Similar to EVP_MD_CTX_copy_ex() except the destination B does not have to be initialized. +=item EVP_MD_name(), +EVP_MD_CTX_name() + +Return the name of the given message digest. + +=item EVP_CIPHER_provider() + +returns a B pointer to the provider that implements the given +B. + =item EVP_MD_size(), EVP_MD_CTX_size() @@ -415,9 +430,9 @@ implementations of digests to be specified. If digest contexts are not cleaned up after use, memory leaks will occur. -EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), -EVP_get_digestbynid() and EVP_get_digestbyobj() are defined as -macros. +EVP_MD_CTX_name(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), +EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined +as macros. EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration or control. diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 3c2e36b..e47d9e7 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -25,6 +25,7 @@ EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, +EVP_CIPHER_name, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, @@ -33,6 +34,7 @@ EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_name, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, @@ -98,6 +100,8 @@ EVP_enc_null const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); int EVP_CIPHER_nid(const EVP_CIPHER *e); + const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); + const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); int EVP_CIPHER_block_size(const EVP_CIPHER *e); int EVP_CIPHER_key_length(const EVP_CIPHER *e); int EVP_CIPHER_iv_length(const EVP_CIPHER *e); @@ -107,6 +111,7 @@ EVP_enc_null const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); + const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); @@ -243,6 +248,12 @@ IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and identifier or does not have ASN1 support this function will return B. +EVP_CIPHER_name() and EVP_CIPHER_CTX_name() return the name of the passed +cipher or context. + +EVP_CIPHER_provider() returns a B pointer to the provider +that implements the given B. + EVP_CIPHER_CTX_cipher() returns the B structure when passed an B structure. diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 9fe2e18..4d43880 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -21,6 +21,8 @@ OSSL_PROVIDER_add_builtin - provider routines int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, ossl_provider_init_fn *init_fn); + const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + =head1 DESCRIPTION B is a type that holds internal information about @@ -59,6 +61,8 @@ The caller must prepare the B array before calling this function, and the variables acting as buffers for this parameter array should be filled with data when it returns successfully. +OSSL_PROVIDER_name() returns the name of the given provider. + =head1 RETURN VALUES OSSL_PROVIDER_add() returns 1 on success, or 0 on error. diff --git a/include/internal/core.h b/include/internal/core.h index 3f0cdfa..bd2f9a0 100644 --- a/include/internal/core.h +++ b/include/internal/core.h @@ -51,4 +51,11 @@ void *ossl_method_construct(OPENSSL_CTX *ctx, int operation_id, int force_cache, OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data); +void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + void *data); + #endif diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 0542732..64db58e 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -228,6 +228,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx, const OSSL_PARAM params[])) +/* Highest known operation number */ +# define OSSL_OP__HIGHEST 2 + # ifdef __cplusplus } # endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index e781ebe..515f292 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -449,7 +449,8 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, int EVP_MD_type(const EVP_MD *md); # define EVP_MD_nid(e) EVP_MD_type(e) -# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +const char *EVP_MD_name(const EVP_MD *md); +const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); @@ -461,6 +462,7 @@ int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count)); +# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) @@ -469,7 +471,8 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); int EVP_CIPHER_nid(const EVP_CIPHER *cipher); -# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); +const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); @@ -496,6 +499,7 @@ void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_cipher(c)) # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) # if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) @@ -991,6 +995,9 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, const char *from, const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *mac, void *arg), + void *arg); void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, const char *from, const char *to, void *x), @@ -998,6 +1005,9 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *ciph, const char *from, const char *to, void *x), void *arg); +void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_MD *mac, void *arg), + void *arg); /* MAC stuff */ diff --git a/include/openssl/provider.h b/include/openssl/provider.h index c7f6664..722e83b 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -27,6 +27,9 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, OSSL_provider_init_fn *init_fn); +/* Information */ +const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + # ifdef __cplusplus } # endif diff --git a/util/libcrypto.num b/util/libcrypto.num index 49d2f22..b36ba11 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4678,3 +4678,10 @@ BN_rand_ex 4783 3_0_0 EXIST::FUNCTION: BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION: BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION: BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION: +EVP_MD_name 4787 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_name 4788 3_0_0 EXIST::FUNCTION: +EVP_MD_provider 4789 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_provider 4790 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_name 4791 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_do_all_ex 4792 3_0_0 EXIST::FUNCTION: +EVP_MD_do_all_ex 4793 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Mon Jul 15 05:24:36 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 05:24:36 +0000 Subject: Still Failing: openssl/openssl#26463 (master - b6c97ee) In-Reply-To: Message-ID: <5d2c0e1466bd5_43ff171436af08278b@83f34022-c3f9-4037-aaf3-223037b0e66c.mail> Build Update for openssl/openssl ------------------------------------- Build: #26463 Status: Still Failing Duration: 22 mins and 24 secs Commit: b6c97ee (master) Author: Richard Levitte Message: Re-implement the cipher and digest listings for 'openssl list' They now display both legacy and provided algorithms. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) View the changeset: https://github.com/openssl/openssl/compare/a161738a708b...b6c97eee78c9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558755017?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 07:11:03 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 07:11:03 +0000 Subject: Build failed: openssl master.25890 Message-ID: <20190715071103.1.A9AA1D68F7BA5026@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 09:45:00 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 09:45:00 +0000 Subject: Build failed: openssl foo.25891 Message-ID: <20190715094500.1.FA4E5861B0AD01E3@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 15 09:50:29 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 09:50:29 +0000 Subject: Errored: openssl/openssl#26466 (foo - b6c97ee) In-Reply-To: Message-ID: <5d2c4c656f967_43fbe2812dd1c10791b@7703b9db-8040-4711-be26-de2c93db42fa.mail> Build Update for openssl/openssl ------------------------------------- Build: #26466 Status: Errored Duration: 28 mins and 47 secs Commit: b6c97ee (foo) Author: Richard Levitte Message: Re-implement the cipher and digest listings for 'openssl list' They now display both legacy and provided algorithms. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) View the changeset: https://github.com/openssl/openssl/compare/e3cbccc5bbe1^...b6c97eee78c9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558837686?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Jul 15 10:20:27 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 15 Jul 2019 10:20:27 +0000 Subject: [openssl] master update Message-ID: <1563186027.582533.32731.nullmailer@dev.openssl.org> The branch master has been updated via 2934be91349b365f1350fe9c30e4263be653c0f6 (commit) from 753149d97f8474ff8745a66175b8e4a19fe50743 (commit) - Log ----------------------------------------------------------------- commit 2934be91349b365f1350fe9c30e4263be653c0f6 Author: Matt Caswell Date: Thu Jul 4 15:41:17 2019 +0100 Make sure all BIGNUM operations work within the FIPS provider The FIPS provider does not have a default OPENSSL_CTX so, where necessary, we need to ensure we can always access an explicit OPENSSL_CTX. We remove functions from the FIPS provider that use the default OPENSSL_CTX, and fixup some places which were using those removed functions. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9310) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_blind.c | 2 +- crypto/bn/bn_ctx.c | 4 +++ crypto/bn/bn_err.c | 2 ++ crypto/bn/bn_gf2m.c | 7 +++-- crypto/bn/bn_prime.c | 67 +++++++++++++++++++++++++++--------------- crypto/bn/bn_rand.c | 8 +++++ crypto/bn/bn_rsa_fips186_4.c | 9 ++++-- crypto/bn/bn_sqrt.c | 2 +- crypto/bn/bn_x931p.c | 9 +++--- crypto/err/openssl.txt | 1 + doc/man3/BN_generate_prime.pod | 26 +++++++++++----- include/openssl/bn.h | 3 ++ include/openssl/bnerr.h | 1 + util/libcrypto.num | 1 + 14 files changed, 100 insertions(+), 42 deletions(-) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index e003f9a..826f3f0 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -270,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, do { int rv; - if (!BN_priv_rand_range(ret->A, ret->mod)) + if (!BN_priv_rand_range_ex(ret->A, ret->mod, ctx)) goto err; if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) break; diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index cc3c303..a60c744 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -143,10 +143,12 @@ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx) return ret; } +#ifndef FIPS_MODE BN_CTX *BN_CTX_new(void) { return BN_CTX_new_ex(NULL); } +#endif BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx) { @@ -157,10 +159,12 @@ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx) return ret; } +#ifndef FIPS_MODE BN_CTX *BN_CTX_secure_new(void) { return BN_CTX_secure_new_ex(NULL); } +#endif void BN_CTX_free(BN_CTX *ctx) { diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index a28443c..9a59cfb 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -40,6 +40,8 @@ static const ERR_STRING_DATA BN_str_functs[] = { "BN_generate_dsa_nonce"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0), "BN_generate_prime_ex"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX2, 0), + "BN_generate_prime_ex2"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"}, diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 910f014..e025dae 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -732,8 +732,8 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* generate blinding value */ do { - if (!BN_priv_rand(b, BN_num_bits(p) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) goto err; } while (BN_is_zero(b)); @@ -1031,7 +1031,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], if (tmp == NULL) goto err; do { - if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, + ctx)) goto err; if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 47e2f23..1cfd953 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -19,7 +19,7 @@ */ #include "bn_prime.h" -static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx); static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); @@ -84,19 +84,19 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b) return 0; } -int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) +int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx) { BIGNUM *t; int found = 0; int i, j, c1 = 0; - BN_CTX *ctx = NULL; prime_t *mods = NULL; int checks = BN_prime_checks_for_size(bits); if (bits < 2) { /* There are no prime numbers this small. */ - BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); + BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL); return 0; } else if (add == NULL && safe && bits < 6 && bits != 3) { /* @@ -104,7 +104,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, * But the following two safe primes with less than 6 bits (11, 23) * are unreachable for BN_rand with BN_RAND_TOP_TWO. */ - BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); + BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL); return 0; } @@ -112,9 +112,6 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, if (mods == NULL) goto err; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; BN_CTX_start(ctx); t = BN_CTX_get(ctx); if (t == NULL) @@ -122,7 +119,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { - if (!probable_prime(ret, bits, mods)) + if (!probable_prime(ret, bits, mods, ctx)) goto err; } else { if (safe) { @@ -175,11 +172,27 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, err: OPENSSL_free(mods); BN_CTX_end(ctx); - BN_CTX_free(ctx); bn_check_top(ret); return found; } +#ifndef FIPS_MODE +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) +{ + BN_CTX *ctx = BN_CTX_new(); + int retval; + + if (ctx == NULL) + return 0; + + retval = BN_generate_prime_ex2(ret, bits, safe, add, rem, cb, ctx); + + BN_CTX_free(ctx); + return retval; +} +#endif + int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb) { @@ -187,11 +200,17 @@ int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, } /* See FIPS 186-4 C.3.1 Miller Rabin Probabilistic Primality Test. */ -int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed, +int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb) { int i, status, ret = -1; - BN_CTX *ctx = NULL; +#ifndef FIPS_MODE + BN_CTX *ctxlocal = NULL; +#else + + if (ctx == NULL) + return -1; +#endif /* w must be bigger than 1 */ if (BN_cmp(w, BN_value_one()) <= 0) @@ -219,18 +238,19 @@ int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed, if (!BN_GENCB_call(cb, 1, -1)) return -1; } - if (ctx_passed != NULL) - ctx = ctx_passed; - else if ((ctx = BN_CTX_new()) == NULL) +#ifndef FIPS_MODE + if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL) goto err; +#endif ret = bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status); if (!ret) goto err; ret = (status == BN_PRIMETEST_PROBABLY_PRIME); err: - if (ctx_passed == NULL) - BN_CTX_free(ctx); +#ifndef FIPS_MODE + BN_CTX_free(ctxlocal); +#endif return ret; } @@ -301,7 +321,8 @@ int bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, /* (Step 4) */ for (i = 0; i < iterations; ++i) { /* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */ - if (!BN_priv_rand_range(b, w3) || !BN_add_word(b, 2)) /* 1 < b < w-1 */ + if (!BN_priv_rand_range_ex(b, w3, ctx) + || !BN_add_word(b, 2)) /* 1 < b < w-1 */ goto err; if (enhanced) { @@ -379,7 +400,7 @@ err: return ret; } -static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx) { int i; BN_ULONG delta; @@ -388,7 +409,7 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) again: /* TODO: Not all primes are private */ - if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) + if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, ctx)) return 0; /* we now have a random number 'rnd' to test. */ for (i = 1; i < NUMPRIMES; i++) { @@ -472,7 +493,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; - if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx)) goto err; /* we need ((rnd-rem) % add) == 0 */ @@ -528,7 +549,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, if (!BN_rshift1(qadd, padd)) goto err; - if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + if (!BN_rand_ex(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx)) goto err; /* we need ((rnd-rem) % add) == 0 */ diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index a71e7d4..d1743dd 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -103,6 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) { return bnrand(NORMAL, rnd, bits, top, bottom, ctx); } +#ifndef FIPS_MODE int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(NORMAL, rnd, bits, top, bottom, NULL); @@ -112,16 +113,19 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(TESTING, rnd, bits, top, bottom, NULL); } +#endif int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) { return bnrand(PRIVATE, rnd, bits, top, bottom, ctx); } +#ifndef FIPS_MODE int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(PRIVATE, rnd, bits, top, bottom, NULL); } +#endif /* random number r: 0 <= r < range */ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range, @@ -195,16 +199,19 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) return bnrand_range(NORMAL, r, range, ctx); } +#ifndef FIPS_MODE int BN_rand_range(BIGNUM *r, const BIGNUM *range) { return bnrand_range(NORMAL, r, range, NULL); } +#endif int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) { return bnrand_range(PRIVATE, r, range, ctx); } +#ifndef FIPS_MODE int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range) { return bnrand_range(PRIVATE, r, range, NULL); @@ -219,6 +226,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { return BN_rand_range(r, range); } +#endif /* * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c index 261669d..9a3041e 100644 --- a/crypto/bn/bn_rsa_fips186_4.c +++ b/crypto/bn/bn_rsa_fips186_4.c @@ -193,13 +193,15 @@ int bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout, /* (Steps 4.1/5.1): Randomly generate Xp1 if it is not passed in */ if (Xp1 == NULL) { /* Set the top and bottom bits to make it odd and the correct size */ - if (!BN_priv_rand(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, + ctx)) goto err; } /* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */ if (Xp2 == NULL) { /* Set the top and bottom bits to make it odd and the correct size */ - if (!BN_priv_rand(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, + ctx)) goto err; } @@ -305,7 +307,8 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, * so largest number will have B5... as the top byte * Setting the top 2 bits gives 0xC0. */ - if (!BN_priv_rand(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand_ex(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, + ctx)) goto end; } /* (Step 4) Y = X + ((R - X) mod 2r1r2) */ diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 5981cd0..2107487 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -180,7 +180,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_set_word(y, i)) goto end; } else { - if (!BN_priv_rand(y, BN_num_bits(p), 0, 0)) + if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, ctx)) goto end; if (BN_ucmp(y, p) >= 0) { if (!(p->neg ? BN_add : BN_sub) (y, y, p)) diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index 3599270..c79e427 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -173,7 +173,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * - 1. By setting the top two bits we ensure that the lower bound is * exceeded. */ - if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx)) goto err; BN_CTX_start(ctx); @@ -182,7 +182,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) goto err; for (i = 0; i < 1000; i++) { - if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, + ctx)) goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ @@ -227,9 +228,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, if (Xp1 == NULL || Xp2 == NULL) goto error; - if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx)) goto error; - if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx)) goto error; if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) goto error; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index ddff08c..a8f28dc 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -205,6 +205,7 @@ BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal BN_F_BN_GENCB_NEW:143:BN_GENCB_new BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex +BN_F_BN_GENERATE_PRIME_EX2:152:BN_generate_prime_ex2 BN_F_BN_GF2M_MOD:131:BN_GF2m_mod BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index eb5d89a..5de646d 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -2,15 +2,19 @@ =head1 NAME -BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, -BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, -BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test -for primality +BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, +BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, +BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, +BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality =head1 SYNOPSIS #include + int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); + int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); @@ -50,9 +54,10 @@ L: =head1 DESCRIPTION -BN_generate_prime_ex() generates a pseudo-random prime number of -at least bit length B. The returned number is probably prime -with a negligible error. +BN_generate_prime_ex2() generates a pseudo-random prime number of +at least bit length B using the BN_CTX provided in B. The value of +B must not be NULL. +The returned number is probably prime with a negligible error. If B is not B, it will be used to store the number. @@ -94,6 +99,13 @@ that (p-1)/2 is also prime). The random generator must be seeded prior to calling BN_generate_prime_ex(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see L), the operation will fail. +The random number generator configured for the OPENSSL_CTX associated with +B will be used. + +BN_generate_prime_ex() is the same as BN_generate_prime_ex2() except that no +B parameter is passed. +In this case the random number generator associated with the default OPENSSL_CTX +will be used. BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B

is prime. The following tests are performed until one of them shows that diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 5c645d5..ca92c0e 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -348,6 +348,9 @@ DEPRECATEDIN_0_9_8(int int do_trial_division)) /* Newer versions */ +int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h index ebbcd9a..b9958cb 100644 --- a/include/openssl/bnerr.h +++ b/include/openssl/bnerr.h @@ -44,6 +44,7 @@ int ERR_load_BN_strings(void); # define BN_F_BN_GENCB_NEW 143 # define BN_F_BN_GENERATE_DSA_NONCE 140 # define BN_F_BN_GENERATE_PRIME_EX 141 +# define BN_F_BN_GENERATE_PRIME_EX2 152 # define BN_F_BN_GF2M_MOD 131 # define BN_F_BN_GF2M_MOD_EXP 132 # define BN_F_BN_GF2M_MOD_MUL 133 diff --git a/util/libcrypto.num b/util/libcrypto.num index 49d2f22..0ce8800 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4678,3 +4678,4 @@ BN_rand_ex 4783 3_0_0 EXIST::FUNCTION: BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION: BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION: BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION: +BN_generate_prime_ex2 4787 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Mon Jul 15 09:58:59 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 09:58:59 +0000 Subject: Still Failing: openssl/openssl#26467 (master - 753149d) In-Reply-To: Message-ID: <5d2c4e6380d39_43f82406176441123c7@ac326bca-77a4-4e67-b9e4-59908249d127.mail> Build Update for openssl/openssl ------------------------------------- Build: #26467 Status: Still Failing Duration: 27 mins and 11 secs Commit: 753149d (master) Author: Richard Levitte Message: Move the code for 'openssl list' to its own translation unit. That makes it easier to work with than going through apps/openssl.c This also moves the implementation of calculate_columns() and makes it generally accessible. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9340) View the changeset: https://github.com/openssl/openssl/compare/b6c97eee78c9...753149d97f84 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558837721?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 15 11:24:28 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 11:24:28 +0000 Subject: Errored: openssl/openssl#26477 (master - 2934be9) In-Reply-To: Message-ID: <5d2c626bc4350_43ffc1bc38a50101890@89a92940-8439-47a8-ac4c-847c67ad85eb.mail> Build Update for openssl/openssl ------------------------------------- Build: #26477 Status: Errored Duration: 27 mins and 9 secs Commit: 2934be9 (master) Author: Matt Caswell Message: Make sure all BIGNUM operations work within the FIPS provider The FIPS provider does not have a default OPENSSL_CTX so, where necessary, we need to ensure we can always access an explicit OPENSSL_CTX. We remove functions from the FIPS provider that use the default OPENSSL_CTX, and fixup some places which were using those removed functions. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9310) View the changeset: https://github.com/openssl/openssl/compare/753149d97f84...2934be91349b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558855089?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 11:59:57 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 11:59:57 +0000 Subject: Build failed: openssl master.25896 Message-ID: <20190715115957.1.3EBD929869B9AB90@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 12:28:17 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 12:28:17 +0000 Subject: Build completed: openssl master.25897 Message-ID: <20190715122817.1.65E60281E3EA7222@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Jul 15 13:14:00 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 15 Jul 2019 13:14:00 +0000 Subject: [openssl] master update Message-ID: <1563196440.582186.29958.nullmailer@dev.openssl.org> The branch master has been updated via 4674aaf4f2217540690489fee22edefe4a463293 (commit) from 2934be91349b365f1350fe9c30e4263be653c0f6 (commit) - Log ----------------------------------------------------------------- commit 4674aaf4f2217540690489fee22edefe4a463293 Author: Richard Levitte Date: Mon Jul 15 15:03:44 2019 +0200 In documentation, consistently refer to OpenSSL 3.0 3.0.0 is a habit from pre-3.0 OpenSSL, which doesn't make sense with the new version scheme. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9376) ----------------------------------------------------------------------- Summary of changes: doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod | 2 +- doc/internal/man3/OSSL_METHOD_STORE.pod | 2 +- doc/man1/verify.pod | 2 +- doc/man3/ASYNC_WAIT_CTX_new.pod | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/CRYPTO_get_ex_new_index.pod | 2 +- doc/man3/EVP_KDF_CTX.pod | 2 +- doc/man3/EVP_MAC.pod | 2 +- doc/man3/EVP_PKEY_supports_digest_nid.pod | 2 +- doc/man3/OPENSSL_CTX.pod | 2 +- doc/man3/OSSL_PARAM_int.pod | 2 +- doc/man3/OSSL_trace_enabled.pod | 2 +- doc/man3/OSSL_trace_get_category_num.pod | 2 +- doc/man3/OSSL_trace_set_channel.pod | 2 +- doc/man3/OpenSSL_version.pod | 2 +- doc/man3/RAND_DRBG_generate.pod | 2 +- doc/man3/RAND_DRBG_reseed.pod | 2 +- doc/man3/SRP_VBASE_new.pod | 2 +- doc/man3/SRP_user_pwd_new.pod | 2 +- doc/man3/SSL_CTX_set_cipher_list.pod | 4 ++-- doc/man3/SSL_CTX_set_mode.pod | 2 +- doc/man3/SSL_CTX_set_options.pod | 2 +- doc/man3/SSL_set_async_callback.pod | 2 +- doc/man3/SSL_write.pod | 2 +- doc/man7/EVP_KDF_PBKDF2.pod | 2 +- doc/man7/EVP_KDF_SS.pod | 2 +- doc/man7/EVP_KDF_X942.pod | 2 +- doc/man7/EVP_KDF_X963.pod | 2 +- doc/man7/EVP_MAC_BLAKE2.pod | 2 +- doc/man7/openssl_user_macros.pod.in | 2 +- 30 files changed, 31 insertions(+), 31 deletions(-) diff --git a/doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod b/doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod index db2ad36..b36084d 100644 --- a/doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod +++ b/doc/internal/man3/DEFINE_SPARSE_ARRAY_OF.pod @@ -108,7 +108,7 @@ ossl_sa_TYPE_free_leaves() do not return values. =head1 HISTORY -This functionality was added to OpenSSL 3.0.0. +This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/internal/man3/OSSL_METHOD_STORE.pod b/doc/internal/man3/OSSL_METHOD_STORE.pod index f95d397..abe7ebe 100644 --- a/doc/internal/man3/OSSL_METHOD_STORE.pod +++ b/doc/internal/man3/OSSL_METHOD_STORE.pod @@ -103,7 +103,7 @@ ossl_method_store_free() and ossl_method_store_cleanup() do not return values. =head1 HISTORY -This functionality was added to OpenSSL 3.0.0. +This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod index 10fd848..e0c6906 100644 --- a/doc/man1/verify.pod +++ b/doc/man1/verify.pod @@ -779,7 +779,7 @@ The B<-show_chain> option was added in OpenSSL 1.1.0. The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and is silently ignored. -The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0.0. +The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index 9076be8..9c3fd71 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -195,7 +195,7 @@ were added in OpenSSL 1.1.0. ASYNC_WAIT_CTX_set_callback(), ASYNC_WAIT_CTX_get_callback(), ASYNC_WAIT_CTX_set_status(), and ASYNC_WAIT_CTX_get_status() -were added in OpenSSL 3.0.0. +were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index f51593f..c8e3386 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -141,7 +141,7 @@ the case of BIO_seek() on a file BIO for a successful operation. =head1 HISTORY The BIO_get_ktls_send() and BIO_get_ktls_recv() functions were added in -OpenSSL 3.0.0. +OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod index f37d532..b0321b0 100644 --- a/doc/man3/CRYPTO_get_ex_new_index.pod +++ b/doc/man3/CRYPTO_get_ex_new_index.pod @@ -162,7 +162,7 @@ dup_func() should return 0 for failure and 1 for success. =head1 HISTORY -CRYPTO_alloc_ex_data() was added in OpenSSL 3.0.0. +CRYPTO_alloc_ex_data() was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_KDF_CTX.pod b/doc/man3/EVP_KDF_CTX.pod index 3899361..e65becf 100644 --- a/doc/man3/EVP_KDF_CTX.pod +++ b/doc/man3/EVP_KDF_CTX.pod @@ -282,7 +282,7 @@ L =head1 HISTORY -This functionality was added to OpenSSL 3.0.0. +This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 01ad6ed..2c66879 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -358,7 +358,7 @@ L =head1 HISTORY -These functions were added in OpenSSL 3.0.0. +These functions were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_supports_digest_nid.pod b/doc/man3/EVP_PKEY_supports_digest_nid.pod index 0dfc116..b3f5134 100644 --- a/doc/man3/EVP_PKEY_supports_digest_nid.pod +++ b/doc/man3/EVP_PKEY_supports_digest_nid.pod @@ -39,7 +39,7 @@ L, =head1 HISTORY -The EVP_PKEY_supports_digest_nid() function was added in OpenSSL 3.0.0. +The EVP_PKEY_supports_digest_nid() function was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OPENSSL_CTX.pod b/doc/man3/OPENSSL_CTX.pod index 1893c92..d574a37 100644 --- a/doc/man3/OPENSSL_CTX.pod +++ b/doc/man3/OPENSSL_CTX.pod @@ -38,7 +38,7 @@ OPENSSL_CTX_free() doesn't return any value. =head1 HISTORY OPENSSL_CTX, OPENSSL_CTX_new() and OPENSSL_CTX_free() -were added in OpenSSL 3.0.0. +were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 3aa6141..0640bcf 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -312,7 +312,7 @@ L, L =head1 HISTORY -These APIs were introduced in OpenSSL 3.0.0. +These APIs were introduced in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_trace_enabled.pod b/doc/man3/OSSL_trace_enabled.pod index 958e8b0..2ced3d4 100644 --- a/doc/man3/OSSL_trace_enabled.pod +++ b/doc/man3/OSSL_trace_enabled.pod @@ -278,7 +278,7 @@ otherwise C. =head1 HISTORY -The OpenSSL Tracing API was added ino OpenSSL 3.0.0. +The OpenSSL Tracing API was added ino OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_trace_get_category_num.pod b/doc/man3/OSSL_trace_get_category_num.pod index 886d0f1..5ab05a3 100644 --- a/doc/man3/OSSL_trace_get_category_num.pod +++ b/doc/man3/OSSL_trace_get_category_num.pod @@ -30,7 +30,7 @@ C is a recognised category number, otherwise NULL. =head1 HISTORY -The OpenSSL Tracing API was added ino OpenSSL 3.0.0. +The OpenSSL Tracing API was added ino OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod index cb34967..9c03218 100644 --- a/doc/man3/OSSL_trace_set_channel.pod +++ b/doc/man3/OSSL_trace_set_channel.pod @@ -297,7 +297,7 @@ functions described here are inoperational, i.e. will do nothing. OSSL_trace_set_channel(), OSSL_trace_set_prefix(), OSSL_trace_set_suffix(), and OSSL_trace_set_callback() were all added -in OpenSSL 3.0.0. +in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index c1ced64..9b8ecd2 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -219,7 +219,7 @@ L =head1 HISTORY -The macros and functions described here were added in OpenSSL 3.0.0, +The macros and functions described here were added in OpenSSL 3.0, with the exception of the L ones. =head1 COPYRIGHT diff --git a/doc/man3/RAND_DRBG_generate.pod b/doc/man3/RAND_DRBG_generate.pod index e0778ea..def98a9 100644 --- a/doc/man3/RAND_DRBG_generate.pod +++ b/doc/man3/RAND_DRBG_generate.pod @@ -76,7 +76,7 @@ L The RAND_DRBG functions were added in OpenSSL 1.1.1. -Prediction resistance is supported from OpenSSL 3.0.0. +Prediction resistance is supported from OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod index 4037560..b73f35f 100644 --- a/doc/man3/RAND_DRBG_reseed.pod +++ b/doc/man3/RAND_DRBG_reseed.pod @@ -104,7 +104,7 @@ L The RAND_DRBG functions were added in OpenSSL 1.1.1. -Prediction resistance is supported from OpenSSL 3.0.0. +Prediction resistance is supported from OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/SRP_VBASE_new.pod b/doc/man3/SRP_VBASE_new.pod index d780cf2..0a7b117 100644 --- a/doc/man3/SRP_VBASE_new.pod +++ b/doc/man3/SRP_VBASE_new.pod @@ -83,7 +83,7 @@ L =head1 HISTORY -The SRP_VBASE_add0_user() function was added in OpenSSL 3.0.0. +The SRP_VBASE_add0_user() function was added in OpenSSL 3.0. All other functions were added in OpenSSL 1.0.1. diff --git a/doc/man3/SRP_user_pwd_new.pod b/doc/man3/SRP_user_pwd_new.pod index b1799d1..9d9e11d 100644 --- a/doc/man3/SRP_user_pwd_new.pod +++ b/doc/man3/SRP_user_pwd_new.pod @@ -56,7 +56,7 @@ L =head1 HISTORY -These functions were made public in OpenSSL 3.0.0. +These functions were made public in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod index 1852405..c602ac0 100644 --- a/doc/man3/SSL_CTX_set_cipher_list.pod +++ b/doc/man3/SSL_CTX_set_cipher_list.pod @@ -96,7 +96,7 @@ and the handshake will fail. OSSL_default_cipher_list() and OSSL_default_ciphersuites() replace SSL_DEFAULT_CIPHER_LIST and TLS_DEFAULT_CIPHERSUITES, respectively. The -cipher list defines are deprecated as of 3.0.0. +cipher list defines are deprecated as of 3.0. =head1 RETURN VALUES @@ -115,7 +115,7 @@ L =head1 HISTORY -OSSL_default_cipher_list() and OSSL_default_ciphersites() are new in 3.0.0. +OSSL_default_cipher_list() and OSSL_default_ciphersites() are new in 3.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index a4997c9..f1f6c7a 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -150,7 +150,7 @@ L, L =head1 HISTORY SSL_MODE_ASYNC was added in OpenSSL 1.1.0. -SSL_MODE_NO_KTLS_TX was added in OpenSSL 3.0.0. +SSL_MODE_NO_KTLS_TX was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 7626bd3..32abd2f 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -374,7 +374,7 @@ OpenSSL 0.9.8m. The B and B options were added in OpenSSL 1.1.1. -The B option was added in OpenSSL 3.0.0. +The B option was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_set_async_callback.pod b/doc/man3/SSL_set_async_callback.pod index 5e7f61e..24cf02c 100644 --- a/doc/man3/SSL_set_async_callback.pod +++ b/doc/man3/SSL_set_async_callback.pod @@ -82,7 +82,7 @@ SSL_get_async_status() return 1 on success or 0 on error. SSL_CTX_set_async_callback(), SSL_CTX_set_async_callback_arg(), SSL_set_async_callback(), SSL_set_async_callback_arg() and -SSL_get_async_status() were first added to OpenSSL 3.0.0. +SSL_get_async_status() were first added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index a1ceb20..04cc46b 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -141,7 +141,7 @@ L, L =head1 HISTORY The SSL_write_ex() function was added in OpenSSL 1.1.1. -The SSL_sendfile() function was added in OpenSSL 3.0.0. +The SSL_sendfile() function was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/EVP_KDF_PBKDF2.pod b/doc/man7/EVP_KDF_PBKDF2.pod index c3d3f27..e914f37 100644 --- a/doc/man7/EVP_KDF_PBKDF2.pod +++ b/doc/man7/EVP_KDF_PBKDF2.pod @@ -93,7 +93,7 @@ L =head1 HISTORY -This functionality was added to OpenSSL 3.0.0. +This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/EVP_KDF_SS.pod b/doc/man7/EVP_KDF_SS.pod index b3de26a..958089d 100644 --- a/doc/man7/EVP_KDF_SS.pod +++ b/doc/man7/EVP_KDF_SS.pod @@ -211,7 +211,7 @@ L =head1 HISTORY -This functionality was added to OpenSSL 3.0.0. +This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/EVP_KDF_X942.pod b/doc/man7/EVP_KDF_X942.pod index 306ab2e..df93e86 100644 --- a/doc/man7/EVP_KDF_X942.pod +++ b/doc/man7/EVP_KDF_X942.pod @@ -136,7 +136,7 @@ L =head1 HISTORY -This functionality was added to OpenSSL 3.0.0. +This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/EVP_KDF_X963.pod b/doc/man7/EVP_KDF_X963.pod index eaea6da..77b878f 100644 --- a/doc/man7/EVP_KDF_X963.pod +++ b/doc/man7/EVP_KDF_X963.pod @@ -122,7 +122,7 @@ L =head1 HISTORY -This functionality was added to OpenSSL 3.0.0. +This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC_BLAKE2.pod b/doc/man7/EVP_MAC_BLAKE2.pod index 58b4f99..2fc8051 100644 --- a/doc/man7/EVP_MAC_BLAKE2.pod +++ b/doc/man7/EVP_MAC_BLAKE2.pod @@ -100,7 +100,7 @@ L, L =head1 HISTORY -The macros and functions described here were added to OpenSSL 3.0.0. +The macros and functions described here were added to OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in index 17c2d2e..7a2387c 100644 --- a/doc/man7/openssl_user_macros.pod.in +++ b/doc/man7/openssl_user_macros.pod.in @@ -60,7 +60,7 @@ However, it is recommended to start using the second form instead: =item C This form is a simple number that represents the major version number -and is supported for version 3.0.0 and up. For extra convenience, +and is supported for version 3.0 and up. For extra convenience, these numbers are also available: =over 4 From builds at travis-ci.org Mon Jul 15 13:40:03 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 13:40:03 +0000 Subject: Failed: openssl/openssl#26485 (master - 4674aaf) In-Reply-To: Message-ID: <5d2c8232cae51_43fe8bcc3ddc487933@3ac3c4ab-3bd9-46bf-88c6-4d0e1b772b3f.mail> Build Update for openssl/openssl ------------------------------------- Build: #26485 Status: Failed Duration: 22 mins and 58 secs Commit: 4674aaf (master) Author: Richard Levitte Message: In documentation, consistently refer to OpenSSL 3.0 3.0.0 is a habit from pre-3.0 OpenSSL, which doesn't make sense with the new version scheme. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9376) View the changeset: https://github.com/openssl/openssl/compare/2934be91349b...4674aaf4f221 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558920127?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 14:57:17 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 14:57:17 +0000 Subject: Build failed: openssl master.25900 Message-ID: <20190715145717.1.3E1D791F0EDA0C03@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Jul 15 14:59:53 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 15 Jul 2019 14:59:53 +0000 Subject: [openssl] master update Message-ID: <1563202793.584876.10518.nullmailer@dev.openssl.org> The branch master has been updated via d5fdb6a695b457cf1eea8d7b638ffde029231080 (commit) from 4674aaf4f2217540690489fee22edefe4a463293 (commit) - Log ----------------------------------------------------------------- commit d5fdb6a695b457cf1eea8d7b638ffde029231080 Author: Richard Levitte Date: Mon Jul 15 16:14:35 2019 +0200 util/opensslwrap.sh: adjust to define OPENSSL_MODULES as well Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9379) ----------------------------------------------------------------------- Summary of changes: util/opensslwrap.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/opensslwrap.sh b/util/opensslwrap.sh index b27cbb8..7a38830 100755 --- a/util/opensslwrap.sh +++ b/util/opensslwrap.sh @@ -6,6 +6,9 @@ OPENSSL="${HERE}../apps/openssl" if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES fi +if [ -d "${HERE}../providers" -a "x$OPENSSL_MODULES" = "x" ]; then + OPENSSL_MODULES="${HERE}../providers"; export OPENSSL_MODULES +fi if [ -x "${OPENSSL}.exe" ]; then # The original reason for this script existence is to work around From no-reply at appveyor.com Mon Jul 15 15:25:21 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 15:25:21 +0000 Subject: Build failed: openssl master.25901 Message-ID: <20190715152521.1.0091A29336371E36@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 15 15:21:57 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 15:21:57 +0000 Subject: Still Failing: openssl/openssl#26491 (master - d5fdb6a) In-Reply-To: Message-ID: <5d2c9a14ced4b_43fbe5be209601901a2@346a8847-3561-4999-bece-5b0bc2633b02.mail> Build Update for openssl/openssl ------------------------------------- Build: #26491 Status: Still Failing Duration: 21 mins and 28 secs Commit: d5fdb6a (master) Author: Richard Levitte Message: util/opensslwrap.sh: adjust to define OPENSSL_MODULES as well Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9379) View the changeset: https://github.com/openssl/openssl/compare/4674aaf4f221...d5fdb6a695b4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/558968271?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 16:42:57 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 16:42:57 +0000 Subject: Build failed: openssl master.25906 Message-ID: <20190715164257.1.95D5455C8B8F94C0@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 17:14:36 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 17:14:36 +0000 Subject: Build completed: openssl master.25907 Message-ID: <20190715171436.1.0FA3C1BBCAF57CB1@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 18:43:12 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 18:43:12 +0000 Subject: Build failed: openssl master.25914 Message-ID: <20190715184312.1.B54C37F8488133E2@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon Jul 15 21:44:37 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 15 Jul 2019 21:44:37 +0000 Subject: [openssl] master update Message-ID: <1563227077.362335.23460.nullmailer@dev.openssl.org> The branch master has been updated via 35e264c03232c7843733caa80f8e16bef7e2e829 (commit) via b481fbe68b8d561012a611bd6f46b0c8aa8fcbaa (commit) from d5fdb6a695b457cf1eea8d7b638ffde029231080 (commit) - Log ----------------------------------------------------------------- commit 35e264c03232c7843733caa80f8e16bef7e2e829 Author: Pauli Date: Sun Jul 14 17:55:15 2019 +1000 Coverity #1451596: check dirlen for being negative Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9362) commit b481fbe68b8d561012a611bd6f46b0c8aa8fcbaa Author: Pauli Date: Sun Jul 14 17:53:17 2019 +1000 Coverity #1451595: use correct free function. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9362) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 4 ++-- crypto/asn1/bio_ndef.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index a5e9d44..88e0069 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3638,7 +3638,7 @@ static int do_multi(int multi, int size_num) close(fd[1]); mr = 1; usertime = 0; - free(fds); + OPENSSL_free(fds); return 0; } printf("Forked child %d\n", n); @@ -3750,7 +3750,7 @@ static int do_multi(int multi, int size_num) fclose(f); } - free(fds); + OPENSSL_free(fds); return 1; } #endif diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index d3be967..db9bbba 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -184,6 +184,8 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) return 0; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + if (derlen < 0) + return 0; if ((p = OPENSSL_malloc(derlen)) == NULL) { ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE); return 0; From builds at travis-ci.org Mon Jul 15 22:03:49 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 22:03:49 +0000 Subject: Still Failing: openssl/openssl#26506 (master - 35e264c) In-Reply-To: Message-ID: <5d2cf84598ba6_43f7f1296a138271190@52687811-52fa-493e-a724-715f06e535c2.mail> Build Update for openssl/openssl ------------------------------------- Build: #26506 Status: Still Failing Duration: 18 mins and 28 secs Commit: 35e264c (master) Author: Pauli Message: Coverity #1451596: check dirlen for being negative Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9362) View the changeset: https://github.com/openssl/openssl/compare/d5fdb6a695b4...35e264c03232 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559150504?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon Jul 15 22:31:43 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 15 Jul 2019 22:31:43 +0000 Subject: [openssl] master update Message-ID: <1563229903.996241.5381.nullmailer@dev.openssl.org> The branch master has been updated via 0d03acea7aa45e94903fb12186ed6cc324eb1b03 (commit) via b8805834756434bfc6ee3840e7097e6e1a877905 (commit) via 15cb0f095878092a625219f58bd915bdf1acc973 (commit) via 8ae173bb57819a23717fd3c8e7c51cb62f4268d0 (commit) via 0d345f0e10b14392925479fc61b6c9072a9605a3 (commit) via 54846b7c6ef5718f507def9d192628133f97fe20 (commit) from 35e264c03232c7843733caa80f8e16bef7e2e829 (commit) - Log ----------------------------------------------------------------- commit 0d03acea7aa45e94903fb12186ed6cc324eb1b03 Author: Pauli Date: Fri Jul 12 06:27:19 2019 +1000 remove end of line whitespace Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9111) commit b8805834756434bfc6ee3840e7097e6e1a877905 Author: Matt Caswell Date: Mon Jun 10 17:52:15 2019 +0100 Convert asn1_dsa.c to use the WPACKET API instead Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9111) commit 15cb0f095878092a625219f58bd915bdf1acc973 Author: Matt Caswell Date: Mon Jun 10 17:48:26 2019 +0100 Give WPACKET the ability to have a NULL buffer underneath it This means the WPACKET API can be used for calculating the number of bytes that would have been written if a non-NULL buffer had been used. This enables us to calculate the number of length bytes required when encoding ASN.1 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9111) commit 8ae173bb57819a23717fd3c8e7c51cb62f4268d0 Author: Matt Caswell Date: Fri Jun 7 17:40:21 2019 +0100 Convert asn1_dsa.c to use the PACKET API instead Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9111) commit 0d345f0e10b14392925479fc61b6c9072a9605a3 Author: Matt Caswell Date: Fri Jun 7 16:32:49 2019 +0100 Make the PACKET/WPACKET code available to both libcrypto and libssl Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9111) commit 54846b7c6ef5718f507def9d192628133f97fe20 Author: David Makepeace Date: Mon Jun 3 14:58:54 2019 +1000 Add simple ASN.1 utils for DSA signature DER. Adds simple utility functions to allow both the default and fips providers to encode and decode DSA-Sig-Value and ECDSA-Sig-Value (DSA_SIG and ECDSA_SIG structures) to/from ASN.1 DER without requiring those providers to have a dependency on the asn1 module. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9111) ----------------------------------------------------------------------- Summary of changes: crypto/asn1_dsa.c | 253 +++++++++++++++++++++ crypto/build.info | 3 +- crypto/dsa/dsa_asn1.c | 76 ++++++- crypto/ec/ec_asn1.c | 75 +++++- crypto/include/internal/asn1_dsa.h | 23 ++ {ssl => crypto}/packet.c | 56 ++++- ssl/packet_locl.h => include/internal/packet.h | 10 + ssl/build.info | 6 +- ssl/record/rec_layer_d1.c | 2 +- ssl/record/rec_layer_s3.c | 2 +- ssl/ssl_locl.h | 2 +- ssl/ssl_rsa.c | 2 +- test/asn1_dsa_internal_test.c | 184 +++++++++++++++ test/asynciotest.c | 2 +- test/bad_dtls_test.c | 2 +- test/build.info | 9 +- test/clienthellotest.c | 2 +- test/packettest.c | 2 +- ...ernal_namemap.t => 03-test_internal_asn1_dsa.t} | 4 +- test/servername_test.c | 2 +- test/sslbuffertest.c | 2 +- test/tls13ccstest.c | 2 +- test/wpackettest.c | 2 +- 23 files changed, 679 insertions(+), 44 deletions(-) create mode 100644 crypto/asn1_dsa.c create mode 100644 crypto/include/internal/asn1_dsa.h rename {ssl => crypto}/packet.c (89%) rename ssl/packet_locl.h => include/internal/packet.h (98%) create mode 100644 test/asn1_dsa_internal_test.c copy test/recipes/{03-test_internal_namemap.t => 03-test_internal_asn1_dsa.t} (82%) diff --git a/crypto/asn1_dsa.c b/crypto/asn1_dsa.c new file mode 100644 index 0000000..8423ff8 --- /dev/null +++ b/crypto/asn1_dsa.c @@ -0,0 +1,253 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A simple ASN.1 DER encoder/decoder for DSA-Sig-Value and ECDSA-Sig-Value. + * + * DSA-Sig-Value ::= SEQUENCE { + * r INTEGER, + * s INTEGER + * } + * + * ECDSA-Sig-Value ::= SEQUENCE { + * r INTEGER, + * s INTEGER + * } + */ + +#include +#include +#include "internal/asn1_dsa.h" +#include "internal/packet.h" + +#define ID_SEQUENCE 0x30 +#define ID_INTEGER 0x02 + +/* + * Outputs the encoding of the length octets for a DER value with a content + * length of cont_len bytes to pkt. The maximum supported content length is + * 65535 (0xffff) bytes. + * + * Returns 1 on success or 0 on error. + */ +int encode_der_length(WPACKET *pkt, size_t cont_len) +{ + if (cont_len > 0xffff) + return 0; /* Too large for supported length encodings */ + + if (cont_len > 0xff) { + if (!WPACKET_put_bytes_u8(pkt, 0x82) + || !WPACKET_put_bytes_u16(pkt, cont_len)) + return 0; + } else { + if (cont_len > 0x7f + && !WPACKET_put_bytes_u8(pkt, 0x81)) + return 0; + if (!WPACKET_put_bytes_u8(pkt, cont_len)) + return 0; + } + + return 1; +} + +/* + * Outputs the DER encoding of a positive ASN.1 INTEGER to pkt. + * + * Results in an error if n is negative or too large. + * + * Returns 1 on success or 0 on error. + */ +int encode_der_integer(WPACKET *pkt, const BIGNUM *n) +{ + unsigned char *bnbytes; + size_t cont_len; + + if (BN_is_negative(n)) + return 0; + + /* + * Calculate the ASN.1 INTEGER DER content length for n. + * This is the number of whole bytes required to represent n (i.e. rounded + * down), plus one. + * If n is zero then the content is a single zero byte (length = 1). + * If the number of bits of n is a multiple of 8 then an extra zero padding + * byte is included to ensure that the value is still treated as positive + * in the INTEGER two's complement representation. + */ + cont_len = BN_num_bits(n) / 8 + 1; + + if (!WPACKET_start_sub_packet(pkt) + || !WPACKET_put_bytes_u8(pkt, ID_INTEGER) + || !encode_der_length(pkt, cont_len) + || !WPACKET_allocate_bytes(pkt, cont_len, &bnbytes) + || !WPACKET_close(pkt)) + return 0; + + if (bnbytes != NULL + && BN_bn2binpad(n, bnbytes, (int)cont_len) != (int)cont_len) + return 0; + + return 1; +} + +/* + * Outputs the DER encoding of a DSA-Sig-Value or ECDSA-Sig-Value to pkt. pkt + * may be initialised with a NULL buffer which enables pkt to be used to + * calulate how many bytes would be needed. + * + * Returns 1 on success or 0 on error. + */ +int encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s) +{ + WPACKET tmppkt, *dummypkt; + size_t cont_len; + int isnull = WPACKET_is_null_buf(pkt); + + if (!WPACKET_start_sub_packet(pkt)) + return 0; + + if (!isnull) { + if (!WPACKET_init_null(&tmppkt, 0)) + return 0; + dummypkt = &tmppkt; + } else { + /* If the input packet has a NULL buffer, we don't need a dummy packet */ + dummypkt = pkt; + } + + /* Calculate the content length */ + if (!encode_der_integer(dummypkt, r) + || !encode_der_integer(dummypkt, s) + || !WPACKET_get_length(dummypkt, &cont_len) + || (!isnull && !WPACKET_finish(dummypkt))) { + if (!isnull) + WPACKET_cleanup(dummypkt); + return 0; + } + + /* Add the tag and length bytes */ + if (!WPACKET_put_bytes_u8(pkt, ID_SEQUENCE) + || !encode_der_length(pkt, cont_len) + /* + * Really encode the integers. We already wrote to the main pkt + * if it had a NULL buffer, so don't do it again + */ + || (!isnull && !encode_der_integer(pkt, r)) + || (!isnull && !encode_der_integer(pkt, s)) + || !WPACKET_close(pkt)) + return 0; + + return 1; +} + +/* + * Decodes the DER length octets in pkt and initialises subpkt with the + * following bytes of that length. + * + * Returns 1 on success or 0 on failure. + */ +int decode_der_length(PACKET *pkt, PACKET *subpkt) +{ + unsigned int byte; + + if (!PACKET_get_1(pkt, &byte)) + return 0; + + if (byte < 0x80) + return PACKET_get_sub_packet(pkt, subpkt, (size_t)byte); + if (byte == 0x81) + return PACKET_get_length_prefixed_1(pkt, subpkt); + if (byte == 0x82) + return PACKET_get_length_prefixed_2(pkt, subpkt); + + /* Too large, invalid, or not DER. */ + return 0; +} + +/* + * Decodes a single ASN.1 INTEGER value from pkt, which must be DER encoded, + * and updates n with the decoded value. + * + * The BIGNUM, n, must have already been allocated by calling BN_new(). + * pkt must not be NULL. + * + * An attempt to consume more than len bytes results in an error. + * Returns 1 on success or 0 on error. + * + * If the PACKET is supposed to only contain a single INTEGER value with no + * trailing garbage then it is up to the caller to verify that all bytes + * were consumed. + */ +int decode_der_integer(PACKET *pkt, BIGNUM *n) +{ + PACKET contpkt, tmppkt; + unsigned int tag, tmp; + + /* Check we have an integer and get the content bytes */ + if (!PACKET_get_1(pkt, &tag) + || tag != ID_INTEGER + || !decode_der_length(pkt, &contpkt)) + return 0; + + /* Peek ahead at the first bytes to check for proper encoding */ + tmppkt = contpkt; + /* The INTEGER must be positive */ + if (!PACKET_get_1(&tmppkt, &tmp) + || (tmp & 0x80) != 0) + return 0; + /* If there a zero padding byte the next byte must have the msb set */ + if (PACKET_remaining(&tmppkt) > 0 && tmp == 0) { + if (!PACKET_get_1(&tmppkt, &tmp) + || (tmp & 0x80) == 0) + return 0; + } + + if (BN_bin2bn(PACKET_data(&contpkt), + (int)PACKET_remaining(&contpkt), n) == NULL) + return 0; + + return 1; +} + +/* + * Decodes a single DSA-Sig-Value or ECDSA-Sig-Value from *ppin, which must be + * DER encoded, updates r and s with the decoded values, and increments *ppin + * past the data that was consumed. + * + * The BIGNUMs, r and s, must have already been allocated by calls to BN_new(). + * ppin and *ppin must not be NULL. + * + * An attempt to consume more than len bytes results in an error. + * Returns the number of bytes of input consumed or 0 if an error occurs. + * + * If the buffer is supposed to only contain a single [EC]DSA-Sig-Value with no + * trailing garbage then it is up to the caller to verify that all bytes + * were consumed. + */ +size_t decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, const unsigned char **ppin, + size_t len) +{ + size_t consumed; + PACKET pkt, contpkt; + unsigned int tag; + + if (!PACKET_buf_init(&pkt, *ppin, len) + || !PACKET_get_1(&pkt, &tag) + || tag != ID_SEQUENCE + || !decode_der_length(&pkt, &contpkt) + || !decode_der_integer(&contpkt, r) + || !decode_der_integer(&contpkt, s) + || PACKET_remaining(&contpkt) != 0) + return 0; + + consumed = PACKET_data(&pkt) - *ppin; + *ppin += consumed; + return consumed; +} + diff --git a/crypto/build.info b/crypto/build.info index fccca08..90ccbc8 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -75,11 +75,10 @@ SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c mem_str.c mem_dbg.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \ - $UPLINKSRC + asn1_dsa.c packet.c $UPLINKSRC DEFINE[../libcrypto]=$UTIL_DEFINE $UPLINKDEF SOURCE[../providers/fips]=$UTIL_COMMON DEFINE[../providers/fips]=$UTIL_DEFINE - DEPEND[cversion.o]=buildinf.h diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index acf80c6..eddcc11 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -13,13 +13,7 @@ #include #include #include - -ASN1_SEQUENCE(DSA_SIG) = { - ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), - ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) -} static_ASN1_SEQUENCE_END(DSA_SIG) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA_SIG, DSA_SIG, DSA_SIG) +#include "internal/asn1_dsa.h" DSA_SIG *DSA_SIG_new(void) { @@ -38,6 +32,74 @@ void DSA_SIG_free(DSA_SIG *sig) OPENSSL_free(sig); } +DSA_SIG *d2i_DSA_SIG(DSA_SIG **psig, const unsigned char **ppin, long len) +{ + DSA_SIG *sig; + + if (len < 0) + return NULL; + if (psig != NULL && *psig != NULL) { + sig = *psig; + } else { + sig = DSA_SIG_new(); + if (sig == NULL) + return NULL; + } + if (sig->r == NULL) + sig->r = BN_new(); + if (sig->s == NULL) + sig->s = BN_new(); + if (decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { + if (psig == NULL || *psig == NULL) + DSA_SIG_free(sig); + return NULL; + } + if (psig != NULL && *psig == NULL) + *psig = sig; + return sig; +} + +int i2d_DSA_SIG(const DSA_SIG *sig, unsigned char **ppout) +{ + BUF_MEM *buf = NULL; + size_t encoded_len; + WPACKET pkt; + + if (ppout == NULL) { + if (!WPACKET_init_null(&pkt, 0)) + return -1; + } else if (*ppout == NULL) { + if ((buf = BUF_MEM_new()) == NULL + || !WPACKET_init_len(&pkt, buf, 0)) { + BUF_MEM_free(buf); + return -1; + } + } else { + if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0)) + return -1; + } + + if (!encode_der_dsa_sig(&pkt, sig->r, sig->s) + || !WPACKET_get_total_written(&pkt, &encoded_len) + || !WPACKET_finish(&pkt)) { + BUF_MEM_free(buf); + WPACKET_cleanup(&pkt); + return -1; + } + + if (ppout != NULL) { + if (*ppout == NULL) { + *ppout = (unsigned char *)buf->data; + buf->data = NULL; + BUF_MEM_free(buf); + } else { + *ppout += encoded_len; + } + } + + return (int)encoded_len; +} + void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { if (pr != NULL) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 35ff948..c2f9679 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -13,6 +13,7 @@ #include #include #include "internal/nelem.h" +#include "internal/asn1_dsa.h" int EC_GROUP_get_basis_type(const EC_GROUP *group) { @@ -1137,14 +1138,8 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) return buf_len; } -ASN1_SEQUENCE(ECDSA_SIG) = { - ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), - ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) -} static_ASN1_SEQUENCE_END(ECDSA_SIG) - DECLARE_ASN1_FUNCTIONS(ECDSA_SIG) DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG) ECDSA_SIG *ECDSA_SIG_new(void) { @@ -1163,6 +1158,74 @@ void ECDSA_SIG_free(ECDSA_SIG *sig) OPENSSL_free(sig); } +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **psig, const unsigned char **ppin, long len) +{ + ECDSA_SIG *sig; + + if (len < 0) + return NULL; + if (psig != NULL && *psig != NULL) { + sig = *psig; + } else { + sig = ECDSA_SIG_new(); + if (sig == NULL) + return NULL; + } + if (sig->r == NULL) + sig->r = BN_new(); + if (sig->s == NULL) + sig->s = BN_new(); + if (decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { + if (psig == NULL || *psig == NULL) + ECDSA_SIG_free(sig); + return NULL; + } + if (psig != NULL && *psig == NULL) + *psig = sig; + return sig; +} + +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **ppout) +{ + BUF_MEM *buf = NULL; + size_t encoded_len; + WPACKET pkt; + + if (ppout == NULL) { + if (!WPACKET_init_null(&pkt, 0)) + return -1; + } else if (*ppout == NULL) { + if ((buf = BUF_MEM_new()) == NULL + || !WPACKET_init_len(&pkt, buf, 0)) { + BUF_MEM_free(buf); + return -1; + } + } else { + if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0)) + return -1; + } + + if (!encode_der_dsa_sig(&pkt, sig->r, sig->s) + || !WPACKET_get_total_written(&pkt, &encoded_len) + || !WPACKET_finish(&pkt)) { + BUF_MEM_free(buf); + WPACKET_cleanup(&pkt); + return -1; + } + + if (ppout != NULL) { + if (*ppout == NULL) { + *ppout = (unsigned char *)buf->data; + buf->data = NULL; + BUF_MEM_free(buf); + } else { + *ppout += encoded_len; + } + } + + return (int)encoded_len; +} + void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { if (pr != NULL) diff --git a/crypto/include/internal/asn1_dsa.h b/crypto/include/internal/asn1_dsa.h new file mode 100644 index 0000000..d257051 --- /dev/null +++ b/crypto/include/internal/asn1_dsa.h @@ -0,0 +1,23 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1_DSA_H +# define HEADER_ASN1_DSA_H + +#include "internal/packet.h" + +int encode_der_length(WPACKET *pkt, size_t cont_len); +int encode_der_integer(WPACKET *pkt, const BIGNUM *n); +int encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s); +int decode_der_length(PACKET *pkt, PACKET *subpkt); +int decode_der_integer(PACKET *pkt, BIGNUM *n); +size_t decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, const unsigned char **ppin, + size_t len); + +#endif diff --git a/ssl/packet.c b/crypto/packet.c similarity index 89% rename from ssl/packet.c rename to crypto/packet.c index 26cf1eb..75a0317 100644 --- a/ssl/packet.c +++ b/crypto/packet.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "packet_locl.h" +#include "internal/packet.h" #include #define DEFAULT_BUF_SIZE 256 @@ -35,7 +35,10 @@ int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, } #define GETBUF(p) (((p)->staticbuf != NULL) \ - ? (p)->staticbuf : (unsigned char *)(p)->buf->data) + ? (p)->staticbuf \ + : ((p)->buf != NULL \ + ? (unsigned char *)(p)->buf->data \ + : NULL)) int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) { @@ -46,7 +49,7 @@ int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) if (pkt->maxsize - pkt->written < len) return 0; - if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) { + if (pkt->buf != NULL && (pkt->buf->length - pkt->written < len)) { size_t newlen; size_t reflen; @@ -74,7 +77,8 @@ int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes)) return 0; - *allocbytes += lenbytes; + if (*allocbytes != NULL) + *allocbytes += lenbytes; return 1; } @@ -110,7 +114,7 @@ static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes) pkt->subs = NULL; return 0; } - pkt->subs->packet_len = lenchars - GETBUF(pkt); + pkt->subs->packet_len = 0; return 1; } @@ -149,6 +153,15 @@ int WPACKET_init(WPACKET *pkt, BUF_MEM *buf) return WPACKET_init_len(pkt, buf, 0); } +int WPACKET_init_null(WPACKET *pkt, size_t lenbytes) +{ + pkt->staticbuf = NULL; + pkt->buf = NULL; + pkt->maxsize = maxmaxsize(lenbytes); + + return wpacket_intern_init_len(pkt, 0); +} + int WPACKET_set_flags(WPACKET *pkt, unsigned int flags) { /* Internal API, so should not fail */ @@ -163,6 +176,9 @@ int WPACKET_set_flags(WPACKET *pkt, unsigned int flags) /* Store the |value| of length |len| at location |data| */ static int put_value(unsigned char *data, size_t value, size_t len) { + if (data == NULL) + return 1; + for (data += len - 1; len > 0; len--) { *data = (unsigned char)(value & 0xff); data--; @@ -209,10 +225,14 @@ static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose) } /* Write out the WPACKET length if needed */ - if (sub->lenbytes > 0 - && !put_value(&GETBUF(pkt)[sub->packet_len], packlen, + if (sub->lenbytes > 0) { + unsigned char *buf = GETBUF(pkt); + + if (buf != NULL + && !put_value(&buf[sub->packet_len], packlen, sub->lenbytes)) return 0; + } if (doclose) { pkt->subs = sub->parent; @@ -293,10 +313,10 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) return 1; } + sub->packet_len = pkt->written; + if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) return 0; - /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */ - sub->packet_len = lenchars - GETBUF(pkt); return 1; } @@ -354,7 +374,8 @@ int WPACKET_memset(WPACKET *pkt, int ch, size_t len) if (!WPACKET_allocate_bytes(pkt, len, &dest)) return 0; - memset(dest, ch, len); + if (dest != NULL) + memset(dest, ch, len); return 1; } @@ -369,7 +390,8 @@ int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len) if (!WPACKET_allocate_bytes(pkt, len, &dest)) return 0; - memcpy(dest, src, len); + if (dest != NULL) + memcpy(dest, src, len); return 1; } @@ -409,7 +431,17 @@ int WPACKET_get_length(WPACKET *pkt, size_t *len) unsigned char *WPACKET_get_curr(WPACKET *pkt) { - return GETBUF(pkt) + pkt->curr; + unsigned char *buf = GETBUF(pkt); + + if (buf == NULL) + return NULL; + + return buf + pkt->curr; +} + +int WPACKET_is_null_buf(WPACKET *pkt) +{ + return pkt->buf == NULL && pkt->staticbuf == NULL; } void WPACKET_cleanup(WPACKET *pkt) diff --git a/ssl/packet_locl.h b/include/internal/packet.h similarity index 98% rename from ssl/packet_locl.h rename to include/internal/packet.h index 9f8a098..69a6bd1 100644 --- a/ssl/packet_locl.h +++ b/include/internal/packet.h @@ -670,6 +670,13 @@ int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes); int WPACKET_init(WPACKET *pkt, BUF_MEM *buf); /* + * Same as WPACKET_init_len except there is no underlying buffer. No data is + * ever actually written. We just keep track of how much data would have been + * written if a buffer was there. + */ +int WPACKET_init_null(WPACKET *pkt, size_t lenbytes); + +/* * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure. * A fixed buffer of memory |buf| of size |len| is used instead. A failure will * occur if you attempt to write beyond the end of the buffer @@ -868,6 +875,9 @@ int WPACKET_get_length(WPACKET *pkt, size_t *len); */ unsigned char *WPACKET_get_curr(WPACKET *pkt); +/* Returns true if the underlying buffer is actually NULL */ +int WPACKET_is_null_buf(WPACKET *pkt); + /* Release resources in a WPACKET if a failure has occurred. */ void WPACKET_cleanup(WPACKET *pkt); diff --git a/ssl/build.info b/ssl/build.info index bb2f1de..152810b 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -1,6 +1,10 @@ LIBS=../libssl +#TODO: For now we just include the libcrypto packet.c in libssl as well. We +# could either continue to do it like this, or export all the WPACKET +# symbols so that libssl can use them like any other. Probably would do +# this privately so it does not become part of the public API. SOURCE[../libssl]=\ - pqueue.c packet.c \ + pqueue.c ../crypto/packet.c \ statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \ statem/extensions_clnt.c statem/extensions_cust.c s3_cbc.c s3_msg.c \ diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 821c9cc..1256f9e 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -13,7 +13,7 @@ #include #include #include "record_locl.h" -#include "../packet_locl.h" +#include "internal/packet.h" #include "internal/cryptlib.h" int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index a991132..9efaf54 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -15,7 +15,7 @@ #include #include #include "record_locl.h" -#include "../packet_locl.h" +#include "internal/packet.h" #if defined(OPENSSL_SMALL_FOOTPRINT) || \ !( defined(AES_ASM) && ( \ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 269f542..a4278b2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -30,7 +30,7 @@ # include # include "record/record.h" # include "statem/statem.h" -# include "packet_locl.h" +# include "internal/packet.h" # include "internal/dane.h" # include "internal/refcount.h" # include "internal/tsan_assist.h" diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 897c8f2..2c447ee 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -9,7 +9,7 @@ #include #include "ssl_locl.h" -#include "packet_locl.h" +#include "internal/packet.h" #include #include #include diff --git a/test/asn1_dsa_internal_test.c b/test/asn1_dsa_internal_test.c new file mode 100644 index 0000000..a62f5e4 --- /dev/null +++ b/test/asn1_dsa_internal_test.c @@ -0,0 +1,184 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#include "internal/asn1_dsa.h" +#include "testutil.h" + +static unsigned char t_dsa_sig[] = { + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ + 0x02, 0x01, 0x02 /* INTEGER tag + length + content */ +}; + +static unsigned char t_dsa_sig_extra[] = { + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ + 0x02, 0x01, 0x02, /* INTEGER tag + length + content */ + 0x05, 0x00 /* NULL tag + length */ +}; + +static unsigned char t_dsa_sig_msb[] = { + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length + content */ + 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length + content */ +}; + +static unsigned char t_dsa_sig_two[] = { + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x01, 0x00, /* INTEGER tag + length + content */ + 0x02, 0x02, 0x02, 0x00 /* INTEGER tag + length + content */ +}; + +/* + * Badly coded ASN.1 INTEGER zero wrapped in a sequence along with another + * (valid) INTEGER. + */ +static unsigned char t_invalid_int_zero[] = { + 0x30, 0x05, /* SEQUENCE tag + length */ + 0x02, 0x00, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ +}; + +/* + * Badly coded ASN.1 INTEGER (with leading zeros) wrapped in a sequence along + * with another (valid) INTEGER. + */ +static unsigned char t_invalid_int[] = { + 0x30, 0x07, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x7f, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ +}; + +/* + * Negative ASN.1 INTEGER wrapped in a sequence along with another + * (valid) INTEGER. + */ +static unsigned char t_neg_int[] = { + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0xaa, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ +}; + +static unsigned char t_trunc_der[] = { + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ + 0x02, 0x02, 0x00 /* INTEGER tag + length */ +}; + +static unsigned char t_trunc_seq[] = { + 0x30, 0x07, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ + 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length */ +}; + +static int test_decode(void) +{ + int rv = 0; + BIGNUM *r; + BIGNUM *s; + const unsigned char *pder; + + r = BN_new(); + s = BN_new(); + + /* Positive tests */ + pder = t_dsa_sig; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig)) == 0 + || !TEST_ptr_eq(pder, (t_dsa_sig + sizeof(t_dsa_sig))) + || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig failed"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_dsa_sig_extra; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_extra)) == 0 + || !TEST_ptr_eq(pder, + (t_dsa_sig_extra + sizeof(t_dsa_sig_extra) - 2)) + || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig_extra failed"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_dsa_sig_msb; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_msb)) == 0 + || !TEST_ptr_eq(pder, (t_dsa_sig_msb + sizeof(t_dsa_sig_msb))) + || !TEST_BN_eq_word(r, 0x81) || !TEST_BN_eq_word(s, 0x82)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig_msb failed"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_dsa_sig_two; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_two)) == 0 + || !TEST_ptr_eq(pder, (t_dsa_sig_two + sizeof(t_dsa_sig_two))) + || !TEST_BN_eq_word(r, 0x100) || !TEST_BN_eq_word(s, 0x200)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig_two failed"); + goto fail; + } + + /* Negative tests */ + pder = t_invalid_int_zero; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_invalid_int_zero)) != 0) { + TEST_info("asn1_dsa test_decode: Expected t_invalid_int_zero to fail"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_invalid_int; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_invalid_int)) != 0) { + TEST_info("asn1_dsa test_decode: Expected t_invalid_int to fail"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_neg_int; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_neg_int)) != 0) { + TEST_info("asn1_dsa test_decode: Expected t_neg_int to fail"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_trunc_der; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_trunc_der)) != 0) { + TEST_info("asn1_dsa test_decode: Expected fail t_trunc_der"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_trunc_seq; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_trunc_seq)) != 0) { + TEST_info("asn1_dsa test_decode: Expected fail t_trunc_seq"); + goto fail; + } + + rv = 1; +fail: + BN_free(r); + BN_free(s); + return rv; +} + +int setup_tests(void) +{ + ADD_TEST(test_decode); + return 1; +} diff --git a/test/asynciotest.c b/test/asynciotest.c index 3bba098..bf0a205 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -13,7 +13,7 @@ #include #include -#include "../ssl/packet_locl.h" +#include "internal/packet.h" #include "ssltestlib.h" #include "testutil.h" diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index 5f6b6a9..66b5e1d 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -37,7 +37,7 @@ #include #include #include -#include "../ssl/packet_locl.h" +#include "internal/packet.h" #include "internal/nelem.h" #include "testutil.h" diff --git a/test/build.info b/test/build.info index f5b802d..e38f142 100644 --- a/test/build.info +++ b/test/build.info @@ -469,7 +469,8 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \ tls13encryptiontest wpackettest ctype_internal_test \ rdrand_sanitytest property_test \ - rsa_sp800_56b_test bn_internal_test + rsa_sp800_56b_test bn_internal_test \ + asn1_dsa_internal_test IF[{- !$disabled{poly1305} -}] PROGRAMS{noinst}=poly1305_internal_test @@ -561,6 +562,10 @@ IF[{- !$disabled{tests} -}] SOURCE[bn_internal_test]=bn_internal_test.c INCLUDE[bn_internal_test]=.. ../include ../crypto/include ../crypto/bn ../apps/include DEPEND[bn_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[asn1_dsa_internal_test]=asn1_dsa_internal_test.c + INCLUDE[asn1_dsa_internal_test]=.. ../include ../apps/include ../crypto/include + DEPEND[asn1_dsa_internal_test]=../libcrypto.a libtestutil.a ENDIF IF[{- !$disabled{mdc2} -}] @@ -582,7 +587,7 @@ IF[{- !$disabled{tests} -}] IF[{- !$disabled{shared} -}] PROGRAMS{noinst}=tls13secretstest SOURCE[tls13secretstest]=tls13secretstest.c - SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../ssl/packet.c + SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../crypto/packet.c INCLUDE[tls13secretstest]=.. ../include ../apps/include DEPEND[tls13secretstest]=../libcrypto ../libssl libtestutil.a ENDIF diff --git a/test/clienthellotest.c b/test/clienthellotest.c index 0afad6d..03b8745 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -17,7 +17,7 @@ #include #include -#include "../ssl/packet_locl.h" +#include "internal/packet.h" #include "testutil.h" diff --git a/test/packettest.c b/test/packettest.c index 41d938a..2d6c2a6 100644 --- a/test/packettest.c +++ b/test/packettest.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl/packet_locl.h" +#include "internal/packet.h" #include "testutil.h" #define BUF_LEN 255 diff --git a/test/recipes/03-test_internal_namemap.t b/test/recipes/03-test_internal_asn1_dsa.t similarity index 82% copy from test/recipes/03-test_internal_namemap.t copy to test/recipes/03-test_internal_asn1_dsa.t index 9214242..ecacac7 100644 --- a/test/recipes/03-test_internal_namemap.t +++ b/test/recipes/03-test_internal_asn1_dsa.t @@ -11,6 +11,6 @@ use OpenSSL::Test; # get 'plan' use OpenSSL::Test::Simple; use OpenSSL::Test::Utils; -setup("test_internal_namemap"); +setup("test_internal_asn1_dsa"); -simple_test("test_internal_namemap", "namemap_internal_test"); +simple_test("test_internal_asn1_dsa", "asn1_dsa_internal_test"); diff --git a/test/servername_test.c b/test/servername_test.c index 86d261f..3d19265 100644 --- a/test/servername_test.c +++ b/test/servername_test.c @@ -18,7 +18,7 @@ #include #include -#include "../ssl/packet_locl.h" +#include "internal/packet.h" #include "testutil.h" #include "internal/nelem.h" diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index 9a5ec2b..e8293f7 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -13,7 +13,7 @@ #include #include -#include "../ssl/packet_locl.h" +#include "internal/packet.h" #include "ssltestlib.h" #include "testutil.h" diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c index 1d0a268..999ca57 100644 --- a/test/tls13ccstest.c +++ b/test/tls13ccstest.c @@ -11,7 +11,7 @@ #include #include "ssltestlib.h" #include "testutil.h" -#include "../ssl/packet_locl.h" +#include "internal/packet.h" static char *cert = NULL; static char *privkey = NULL; diff --git a/test/wpackettest.c b/test/wpackettest.c index 0a27c63..abb001e 100644 --- a/test/wpackettest.c +++ b/test/wpackettest.c @@ -9,7 +9,7 @@ #include #include -#include "../ssl/packet_locl.h" +#include "internal/packet.h" #include "testutil.h" static const unsigned char simple1[] = { 0xff }; From builds at travis-ci.org Mon Jul 15 22:51:09 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Jul 2019 22:51:09 +0000 Subject: Still Failing: openssl/openssl#26507 (master - 0d03ace) In-Reply-To: Message-ID: <5d2d035d23060_43fbe1c74efa4266958@7703b9db-8040-4711-be26-de2c93db42fa.mail> Build Update for openssl/openssl ------------------------------------- Build: #26507 Status: Still Failing Duration: 18 mins and 41 secs Commit: 0d03ace (master) Author: Pauli Message: remove end of line whitespace Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9111) View the changeset: https://github.com/openssl/openssl/compare/35e264c03232...0d03acea7aa4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559167299?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 23:10:00 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 23:10:00 +0000 Subject: Build failed: openssl master.25921 Message-ID: <20190715231000.1.9A22C22C46DC11FD@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 15 23:37:08 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Jul 2019 23:37:08 +0000 Subject: Build completed: openssl master.25922 Message-ID: <20190715233708.1.6223197C8501DBFE@appveyor.com> An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Tue Jul 16 00:05:04 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 16 Jul 2019 00:05:04 +0000 Subject: [openssl] master update Message-ID: <1563235504.476033.29147.nullmailer@dev.openssl.org> The branch master has been updated via 459b15d451194ee90834ea58bfb8c91479e9ef9b (commit) from 0d03acea7aa45e94903fb12186ed6cc324eb1b03 (commit) - Log ----------------------------------------------------------------- commit 459b15d451194ee90834ea58bfb8c91479e9ef9b Author: Shane Lontis Date: Tue Jul 16 09:46:14 2019 +1000 Add Common shared code needed to move aes ciphers to providers Custom aes ciphers will be placed into multiple new files (instead of the monolithic setup used in the e_aes.c legacy code) so it makes sense to have a header for the platform specific code that needs to be shared between files. modes_lcl.h has also moved to modes_int.h to allow sharing with the provider source. Code that will be common to AEAD ciphers has also been added. These will be used by seperate PR's for GCM, CCM & OCB. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9301) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 388 +------------------- crypto/evp/e_aes_cbc_hmac_sha1.c | 6 +- crypto/evp/e_aes_cbc_hmac_sha256.c | 7 +- crypto/evp/e_aria.c | 2 +- crypto/evp/e_camellia.c | 2 +- crypto/evp/evp_enc.c | 82 ++++- crypto/evp/evp_lib.c | 108 +++--- crypto/evp/evp_locl.h | 26 +- crypto/evp/evp_utils.c | 37 +- crypto/include/internal/aes_platform.h | 391 +++++++++++++++++++++ crypto/include/internal/modes_int.h | 229 ++++++++++-- crypto/include/internal/{modes_int.h => siv_int.h} | 0 crypto/modes/cbc128.c | 4 +- crypto/modes/ccm128.c | 4 +- crypto/modes/cfb128.c | 4 +- crypto/modes/ctr128.c | 4 +- crypto/modes/cts128.c | 4 +- crypto/modes/gcm128.c | 4 +- crypto/modes/modes_lcl.h | 220 ------------ crypto/modes/ocb128.c | 2 +- crypto/modes/ofb128.c | 4 +- crypto/modes/siv128.c | 3 +- crypto/modes/xts128.c | 4 +- include/openssl/core_names.h | 24 +- include/openssl/core_numbers.h | 1 + providers/common/ciphers/aes_basic.c | 251 +------------ test/build.info | 2 +- test/modes_internal_test.c | 2 +- 28 files changed, 788 insertions(+), 1027 deletions(-) create mode 100644 crypto/include/internal/aes_platform.h copy crypto/include/internal/{modes_int.h => siv_int.h} (100%) delete mode 100644 crypto/modes/modes_lcl.h diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 6f58e27..f93ba61 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -19,7 +19,8 @@ #include "internal/evp_int.h" #include "internal/cryptlib.h" #include "internal/modes_int.h" -#include "modes_lcl.h" +#include "internal/siv_int.h" +#include "internal/aes_platform.h" #include "evp_locl.h" typedef struct { @@ -111,50 +112,6 @@ typedef struct { #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) -#ifdef VPAES_ASM -int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void vpaes_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void vpaes_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void vpaes_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); -#endif -#ifdef BSAES_ASM -void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[16], int enc); -void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - const unsigned char ivec[16]); -void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -#endif -#ifdef AES_CTR_ASM -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char ivec[AES_BLOCK_SIZE]); -#endif -#ifdef AES_XTS_ASM -void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -#endif - /* increment counter (64-bit int) by 1 */ static void ctr64_inc(unsigned char *counter) { @@ -171,105 +128,10 @@ static void ctr64_inc(unsigned char *counter) } while (n); } -#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -# include "ppc_arch.h" -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) -# endif -# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) -# define HWAES_set_encrypt_key aes_p8_set_encrypt_key -# define HWAES_set_decrypt_key aes_p8_set_decrypt_key -# define HWAES_encrypt aes_p8_encrypt -# define HWAES_decrypt aes_p8_decrypt -# define HWAES_cbc_encrypt aes_p8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks -# define HWAES_xts_encrypt aes_p8_xts_encrypt -# define HWAES_xts_decrypt aes_p8_xts_decrypt -#endif - -#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ - ((defined(__i386) || defined(__i386__) || \ - defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) - -extern unsigned int OPENSSL_ia32cap_P[]; - -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -# ifdef BSAES_ASM -# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -/* - * AES-NI section - */ -# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void aesni_ecb_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, const AES_KEY *key, int enc); -void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); - -void aesni_ctr32_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, const unsigned char *ivec); - -void aesni_xts_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); - -void aesni_xts_decrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); - -void aesni_ccm64_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char ivec[16], - unsigned char cmac[16]); - -void aesni_ccm64_decrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char ivec[16], - unsigned char cmac[16]); - +#if defined(AESNI_CAPABLE) # if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -size_t aesni_gcm_encrypt(const unsigned char *in, - unsigned char *out, - size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); # define AES_gcm_encrypt aesni_gcm_encrypt -size_t aesni_gcm_decrypt(const unsigned char *in, - unsigned char *out, - size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); # define AES_gcm_decrypt aesni_gcm_decrypt -void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, - size_t len); -# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ - gctx->gcm.ghash==gcm_ghash_avx) # define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ gctx->gcm.ghash==gcm_ghash_avx) # undef AES_GCM_ASM2 /* minor size optimization */ @@ -471,19 +333,6 @@ static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); # ifndef OPENSSL_NO_OCB -void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); - static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { @@ -584,81 +433,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } -#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) - -# include "sparc_arch.h" - -extern unsigned int OPENSSL_sparcv9cap_P[]; - -/* - * Initial Fujitsu SPARC64 X support - */ -# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) -# define HWAES_set_encrypt_key aes_fx_set_encrypt_key -# define HWAES_set_decrypt_key aes_fx_set_decrypt_key -# define HWAES_encrypt aes_fx_encrypt -# define HWAES_decrypt aes_fx_decrypt -# define HWAES_cbc_encrypt aes_fx_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks - -# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) - -void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); -void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); -void aes_t4_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aes_t4_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -/* - * Key-length specific subroutines were chosen for following reason. - * Each SPARC T4 core can execute up to 8 threads which share core's - * resources. Loading as much key material to registers allows to - * minimize references to shared memory interface, as well as amount - * of instructions in inner loops [much needed on T4]. But then having - * non-key-length specific routines would require conditional branches - * either in inner loops or on subroutines' entries. Former is hardly - * acceptable, while latter means code size increase to size occupied - * by multiple key-length specific subroutines, so why fight? - */ -void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); -void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); -void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); -void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); +#elif defined(SPARC_AES_CAPABLE) static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -1012,12 +787,8 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } -#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) -/* - * IBM S390X support - */ -# include "s390x_arch.h" - +#elif defined(S390X_aes_128_CAPABLE) +/* IBM S390X support */ typedef struct { union { OSSL_UNION_ALIGN; @@ -1170,24 +941,10 @@ typedef struct { } aes; } S390X_AES_CCM_CTX; -/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ -# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) - -/* Most modes of operation need km for partial block processing. */ -# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_256)) - # define s390x_aes_init_key aes_init_key static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_cbc_CAPABLE 1 -# define S390X_aes_256_cbc_CAPABLE 1 # define S390X_AES_CBC_CTX EVP_AES_KEY # define s390x_aes_cbc_init_key aes_init_key @@ -1196,10 +953,6 @@ static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE -# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE -# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE - static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -1224,16 +977,6 @@ static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_256))) - static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *ivec, int enc) @@ -1289,16 +1032,6 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256))) - static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *ivec, int enc) @@ -1365,13 +1098,6 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256)) - static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *ivec, int enc) @@ -1400,19 +1126,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_cfb1_CAPABLE 0 -# define S390X_aes_192_cfb1_CAPABLE 0 -# define S390X_aes_256_cfb1_CAPABLE 0 - # define s390x_aes_cfb1_init_key aes_init_key # define s390x_aes_cfb1_cipher aes_cfb1_cipher static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_ctr_CAPABLE 1 -# define S390X_aes_256_ctr_CAPABLE 1 # define S390X_AES_CTR_CTX EVP_AES_KEY # define s390x_aes_ctr_init_key aes_init_key @@ -1421,16 +1140,6 @@ static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_256))) - /* iv + padding length for iv lengths != 12 */ # define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) @@ -1954,8 +1663,6 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c) } # define S390X_AES_XTS_CTX EVP_AES_XTS_CTX -# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ -# define S390X_aes_256_xts_CAPABLE 1 # define s390x_aes_xts_init_key aes_xts_init_key static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, @@ -1968,18 +1675,6 @@ static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); # define s390x_aes_xts_cleanup aes_xts_cleanup -# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_256))) - -# define S390X_CCM_AAD_FLAG 0x40 - /*- * Set nonce and length fields. Code is big-endian. */ @@ -2452,9 +2147,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) # ifndef OPENSSL_NO_OCB # define S390X_AES_OCB_CTX EVP_AES_OCB_CTX -# define S390X_aes_128_ocb_CAPABLE 0 -# define S390X_aes_192_ocb_CAPABLE 0 -# define S390X_aes_256_ocb_CAPABLE 0 # define s390x_aes_ocb_init_key aes_ocb_init_key static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -2470,9 +2162,6 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); # ifndef OPENSSL_NO_SIV # define S390X_AES_SIV_CTX EVP_AES_SIV_CTX -# define S390X_aes_128_siv_CAPABLE 0 -# define S390X_aes_192_siv_CAPABLE 0 -# define S390X_aes_256_siv_CAPABLE 0 # define s390x_aes_siv_init_key aes_siv_init_key # define s390x_aes_siv_cipher aes_siv_cipher @@ -2583,48 +2272,6 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ #endif -#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -# include "arm_arch.h" -# if __ARM_MAX_ARCH__>=7 -# if defined(BSAES_ASM) -# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# if defined(VPAES_ASM) -# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -# define HWAES_set_encrypt_key aes_v8_set_encrypt_key -# define HWAES_set_decrypt_key aes_v8_set_decrypt_key -# define HWAES_encrypt aes_v8_encrypt -# define HWAES_decrypt aes_v8_decrypt -# define HWAES_cbc_encrypt aes_v8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks -# endif -#endif - -#if defined(HWAES_CAPABLE) -int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -void HWAES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void HWAES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); -void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - const unsigned char ivec[16]); -void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -#endif - #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ @@ -4110,29 +3757,6 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) } } -# ifdef HWAES_CAPABLE -# ifdef HWAES_ocb_encrypt -void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -# else -# define HWAES_ocb_encrypt ((ocb128_f)NULL) -# endif -# ifdef HWAES_ocb_decrypt -void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -# else -# define HWAES_ocb_decrypt ((ocb128_f)NULL) -# endif -# endif - static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index f6450f3..8d557e5 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -7,17 +7,15 @@ * https://www.openssl.org/source/license.html */ -#include - #include #include - +#include #include #include #include #include #include -#include "modes_lcl.h" +#include "internal/modes_int.h" #include "internal/evp_int.h" #include "internal/constant_time_locl.h" diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index cd51e93..6efd300 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -7,18 +7,15 @@ * https://www.openssl.org/source/license.html */ -#include - #include #include - - +#include #include #include #include #include #include -#include "modes_lcl.h" +#include "internal/modes_int.h" #include "internal/constant_time_locl.h" #include "internal/evp_int.h" diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index 5404dd4..f2588f1 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -16,7 +16,7 @@ # include # include "internal/aria.h" # include "internal/evp_int.h" -# include "modes_lcl.h" +# include "internal/modes_int.h" # include "evp_locl.h" /* ARIA subkey Structure */ diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index e018ba4..9def167 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -18,7 +18,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "internal/evp_int.h" -# include "modes_lcl.h" +# include "internal/modes_int.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3b83d11..c1f7e77 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -920,9 +920,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { - int ok = evp_do_param(c->cipher, &keylen, sizeof(keylen), - OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_setparams, c->provctx); + int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen); + ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params); if (ok != -2) return ok; @@ -943,23 +945,27 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) { int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; else ctx->flags |= EVP_CIPH_NO_PADDING; - ok = evp_do_param(ctx->cipher, &pad, sizeof(pad), - OSSL_CIPHER_PARAM_PADDING, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_setparams, ctx->provctx); + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, &pad); + ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + return ok != 0; } int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { int ret = -2; /* Unsupported */ + int set_params = 1; + size_t sz; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - if (!ctx->cipher) { + if (ctx == NULL || ctx->cipher == NULL) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); return 0; } @@ -969,25 +975,65 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_SET_KEY_LENGTH: - ret = evp_do_param(ctx->cipher, &arg, sizeof(arg), - OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_setparams, ctx->provctx); - break; - case EVP_CTRL_GET_IV: - ret = evp_do_param(ctx->cipher, ptr, arg, - OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_STRING, - evp_do_ciph_ctx_getparams, ctx->provctx); + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg); break; case EVP_CTRL_RAND_KEY: /* Used by DES */ case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */ - ret = -2; /* Unsupported */ + default: + return -2; /* Unsupported */ + case EVP_CTRL_GET_IV: + set_params = 0; + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, + ptr, (size_t)arg); + break; + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg < 0) + return 0; + sz = (size_t)arg; + params[0] = + OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &sz); break; + case EVP_CTRL_GCM_SET_IV_FIXED: + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, + ptr, (size_t)arg); + break; + case EVP_CTRL_AEAD_SET_TAG: + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + ptr, (size_t)arg); + break; + case EVP_CTRL_AEAD_GET_TAG: + set_params = 0; + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + ptr, (size_t)arg); + break; + case EVP_CTRL_AEAD_TLS1_AAD: + /* This one does a set and a get - since it returns a padding size */ + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, + ptr, (size_t)arg); + ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return ret; + params[0] = + OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz); + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + if (ret <= 0) + return 0; + return sz; } + + if (set_params) + ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + else + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); return ret; - legacy: - if (!ctx->cipher->ctrl) { +/* TODO(3.0): Remove legacy code below */ +legacy: + if (ctx->cipher->ctrl == NULL) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); return 0; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 9d1d197..615206b 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -217,10 +217,11 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { - int v = cipher->block_size; - int ok = evp_do_param(cipher, &v, sizeof(v), - OSSL_CIPHER_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, - evp_do_ciph_getparams, NULL); + int ok, v = cipher->block_size; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v); + ok = evp_do_ciph_getparams(cipher, params); return ok != 0 ? v : -1; } @@ -265,10 +266,12 @@ int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) { + int ok; unsigned long v = cipher->flags; - int ok = evp_do_param(cipher, &v, sizeof(v), - OSSL_CIPHER_PARAM_FLAGS, OSSL_PARAM_UNSIGNED_INTEGER, - evp_do_ciph_getparams, NULL); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &v); + ok = evp_do_ciph_getparams(cipher, params); return ok != 0 ? v : 0; } @@ -300,12 +303,13 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { - int v = cipher->iv_len; - int ok = evp_do_param(cipher, &v, sizeof(v), - OSSL_CIPHER_PARAM_IVLEN, OSSL_PARAM_UNSIGNED_INTEGER, - evp_do_ciph_getparams, NULL); + int ok, v = cipher->iv_len; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - return ok != 0 ? v: -1; + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v); + ok = evp_do_ciph_getparams(cipher, params); + + return ok != 0 ? v : -1; } int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) @@ -323,22 +327,30 @@ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) */ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) { + int ok; const unsigned char *v = ctx->iv; - int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv), - OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR, - evp_do_ciph_ctx_getparams, ctx->provctx); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - return ok != 0 ? v: NULL; + params[0] = + OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v, + sizeof(ctx->iv)); + ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + + return ok != 0 ? v : NULL; } unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) { + int ok; unsigned char *v = ctx->iv; - int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv), - OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR, - evp_do_ciph_ctx_getparams, ctx->provctx); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = + OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v, + sizeof(ctx->iv)); + ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v: NULL; + return ok != 0 ? v : NULL; } unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) @@ -348,42 +360,48 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) { - int v = ctx->num; - int ok = evp_do_param(ctx->cipher, &v, sizeof(v), - OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_getparams, ctx->provctx); + int ok, v = ctx->num; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - return ok != 0 ? v: -1; + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &v); + ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + + return ok != 0 ? v : -1; } int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) { - int ok = evp_do_param(ctx->cipher, &num, sizeof(num), - OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_setparams, ctx->provctx); + int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - ctx->num = num; + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &num); + ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + + if (ok != 0) + ctx->num = num; return ok != 0; } int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { - int v = cipher->key_len; - int ok = evp_do_param(cipher, &v, sizeof(v), - OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, - evp_do_ciph_getparams, NULL); + int ok, v = cipher->key_len; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); + ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v: -1; + return ok != 0 ? v : -1; } int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) { - int v = ctx->key_len; - int ok = evp_do_param(ctx->cipher, &v, sizeof(v), - OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_getparams, ctx->provctx); + int ok, v = ctx->key_len; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); + ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v: -1; + return ok != 0 ? v : -1; } int EVP_CIPHER_nid(const EVP_CIPHER *cipher) @@ -398,14 +416,14 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_mode(const EVP_CIPHER *cipher) { - int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; - int ok = evp_do_param(cipher, &v, sizeof(v), - OSSL_CIPHER_PARAM_MODE, OSSL_PARAM_INTEGER, - evp_do_ciph_getparams, NULL); + int ok, v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - return ok != 0 ? v: 0; -} + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_MODE, &v); + ok = evp_do_ciph_getparams(cipher, params); + return ok != 0 ? v : 0; +} int EVP_MD_block_size(const EVP_MD *md) { diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 54f9e08..b62f1e3 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -99,7 +99,7 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, /* Helper functions to avoid duplicating code */ /* - * The callbacks implement different ways to pass a params array to the + * These methods implement different ways to pass a params array to the * provider. They will return one of these values: * * -2 if the method doesn't come from a provider @@ -109,26 +109,8 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, * or the return value from the desired function * (evp_do_param will return it to the caller) */ -int evp_do_ciph_getparams(const void *vciph, void *ignored, - OSSL_PARAM params[]); -int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx, +int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[]); +int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]); -int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx, +int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]); - -/*- - * prepares a singular parameter, then calls the callback to execute. - * - * |method| points to the method used by the callback. - * EVP_CIPHER, EVP_MD, ... - * |ptr| points at the data to transfer. - * |sz| is the size of the data to transfer. - * |key| is the name of the parameter to pass. - * |datatype| is the data type of the parameter to pass. - * |cb| is the callback that actually performs the parameter passing - * |cb_ctx| is the cipher context - */ -int evp_do_param(const void *method, void *ptr, size_t sz, const char *key, - int datatype, - int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]), - void *cb_ctx); diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c index 48f548c..c3b5520 100644 --- a/crypto/evp/evp_utils.c +++ b/crypto/evp/evp_utils.c @@ -17,11 +17,8 @@ #include "internal/evp_int.h" /* evp_locl.h needs it */ #include "evp_locl.h" -int evp_do_ciph_getparams(const void *vciph, void *ignored, - OSSL_PARAM params[]) +int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[]) { - const EVP_CIPHER *ciph = vciph; - if (ciph->prov == NULL) return -2; if (ciph->get_params == NULL) @@ -29,11 +26,9 @@ int evp_do_ciph_getparams(const void *vciph, void *ignored, return ciph->get_params(params); } -int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx, +int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]) { - const EVP_CIPHER *ciph = vciph; - if (ciph->prov == NULL) return -2; if (ciph->ctx_get_params == NULL) @@ -41,38 +36,12 @@ int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx, return ciph->ctx_get_params(provctx, params); } -int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx, +int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]) { - const EVP_CIPHER *ciph = vciph; - if (ciph->prov == NULL) return -2; if (ciph->ctx_set_params == NULL) return -1; return ciph->ctx_set_params(provctx, params); } - -int evp_do_param(const void *method, void *ptr, size_t sz, const char *key, - int datatype, - int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]), - void *cb_ctx) -{ - OSSL_PARAM params[2] = { - OSSL_PARAM_END, - OSSL_PARAM_END - }; - int ret; - - params[0].key = key; - params[0].data_type = datatype; - params[0].data = ptr; - params[0].data_size = sz; - - ret = cb(method, cb_ctx, params); - if (ret == -1) { - EVPerr(0, EVP_R_CTRL_NOT_IMPLEMENTED); - ret = 0; - } - return ret; -} diff --git a/crypto/include/internal/aes_platform.h b/crypto/include/internal/aes_platform.h new file mode 100644 index 0000000..115264e --- /dev/null +++ b/crypto/include/internal/aes_platform.h @@ -0,0 +1,391 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_INTERNAL_AES_PLATFORM_H +# define HEADER_INTERNAL_AES_PLATFORM_H + +# ifdef VPAES_ASM +int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +void vpaes_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void vpaes_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void vpaes_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +# endif /* VPAES_ASM */ + +# ifdef BSAES_ASM +void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char ivec[16], int enc); +void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + const unsigned char ivec[16]); +void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +# endif /* BSAES_ASM */ + +# ifdef AES_CTR_ASM +void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + const unsigned char ivec[AES_BLOCK_SIZE]); +# endif /* AES_CTR_ASM */ + +# ifdef AES_XTS_ASM +void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +# endif /* AES_XTS_ASM */ + +# if defined(OPENSSL_CPUID_OBJ) +# if (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) +# include "ppc_arch.h" +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) +# endif +# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) +# define HWAES_set_encrypt_key aes_p8_set_encrypt_key +# define HWAES_set_decrypt_key aes_p8_set_decrypt_key +# define HWAES_encrypt aes_p8_encrypt +# define HWAES_decrypt aes_p8_decrypt +# define HWAES_cbc_encrypt aes_p8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +# define HWAES_xts_encrypt aes_p8_xts_encrypt +# define HWAES_xts_decrypt aes_p8_xts_decrypt +# endif /* PPC */ + +# if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +# include "arm_arch.h" +# if __ARM_MAX_ARCH__>=7 +# if defined(BSAES_ASM) +# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif +# if defined(VPAES_ASM) +# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif +# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +# define HWAES_set_encrypt_key aes_v8_set_encrypt_key +# define HWAES_set_decrypt_key aes_v8_set_decrypt_key +# define HWAES_encrypt aes_v8_encrypt +# define HWAES_decrypt aes_v8_decrypt +# define HWAES_cbc_encrypt aes_v8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +# endif +# endif +# endif /* OPENSSL_CPUID_OBJ */ + +# if defined(AES_ASM) && !defined(I386_ONLY) && ( \ + ((defined(__i386) || defined(__i386__) || \ + defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +/* AES-NI section */ +extern unsigned int OPENSSL_ia32cap_P[]; + +# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif +# ifdef BSAES_ASM +# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif + +int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int aesni_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + +void aesni_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aesni_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void aesni_ecb_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, const AES_KEY *key, int enc); +void aesni_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +# ifndef OPENSSL_NO_OCB +void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# endif /* OPENSSL_NO_OCB */ + +void aesni_ctr32_encrypt_blocks(const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, const unsigned char *ivec); + +void aesni_xts_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_xts_decrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_ccm64_encrypt_blocks(const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void aesni_ccm64_decrypt_blocks(const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], u64 *Xi); +size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], u64 *Xi); +void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len); + +# define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && \ + ctx->gcm.ghash == gcm_ghash_avx) +# endif + + +# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) + +/* Fujitsu SPARC64 X support */ +extern unsigned int OPENSSL_sparcv9cap_P[]; +# include "sparc_arch.h" +# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) +# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) +# define HWAES_set_encrypt_key aes_fx_set_encrypt_key +# define HWAES_set_decrypt_key aes_fx_set_decrypt_key +# define HWAES_encrypt aes_fx_encrypt +# define HWAES_decrypt aes_fx_decrypt +# define HWAES_cbc_encrypt aes_fx_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks + +void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); +void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); +void aes_t4_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aes_t4_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +/* + * Key-length specific subroutines were chosen for following reason. + * Each SPARC T4 core can execute up to 8 threads which share core's + * resources. Loading as much key material to registers allows to + * minimize references to shared memory interface, as well as amount + * of instructions in inner loops [much needed on T4]. But then having + * non-key-length specific routines would require conditional branches + * either in inner loops or on subroutines' entries. Former is hardly + * acceptable, while latter means code size increase to size occupied + * by multiple key-length specific subroutines, so why fight? + */ +void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); +void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); +void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); +void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); + +# elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +/* IBM S390X support */ +# include "s390x_arch.h" + + +/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ +# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) + +/* Most modes of operation need km for partial block processing. */ +# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_256)) + +# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 1 +# define S390X_aes_256_cbc_CAPABLE 1 + +# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE +# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE +# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE + +# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256))) +# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256)) +# define S390X_aes_128_cfb1_CAPABLE 0 +# define S390X_aes_192_cfb1_CAPABLE 0 +# define S390X_aes_256_cfb1_CAPABLE 0 + +# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 1 +# define S390X_aes_256_ctr_CAPABLE 1 + +# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 1 + +# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_256))) +# define S390X_CCM_AAD_FLAG 0x40 + +# ifndef OPENSSL_NO_OCB +# define S390X_aes_128_ocb_CAPABLE 0 +# define S390X_aes_192_ocb_CAPABLE 0 +# define S390X_aes_256_ocb_CAPABLE 0 +# endif /* OPENSSL_NO_OCB */ + +# ifndef OPENSSL_NO_SIV +# define S390X_aes_128_siv_CAPABLE 0 +# define S390X_aes_192_siv_CAPABLE 0 +# define S390X_aes_256_siv_CAPABLE 0 +# endif /* OPENSSL_NO_SIV */ + +/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ +# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) +# endif + +# if defined(HWAES_CAPABLE) +int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void HWAES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + const unsigned char ivec[16]); +void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +# ifndef OPENSSL_NO_OCB +# ifdef HWAES_ocb_encrypt +void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# else +# define HWAES_ocb_encrypt ((ocb128_f)NULL) +# endif +# ifdef HWAES_ocb_decrypt +void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# else +# define HWAES_ocb_decrypt ((ocb128_f)NULL) +# endif +# endif /* OPENSSL_NO_OCB */ + +# endif /* HWAES_CAPABLE */ + +#endif /* HEADER_INTERNAL_AES_PLATFORM_H */ diff --git a/crypto/include/internal/modes_int.h b/crypto/include/internal/modes_int.h index 8a8ef6e..5230f08 100644 --- a/crypto/include/internal/modes_int.h +++ b/crypto/include/internal/modes_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,28 +7,213 @@ * https://www.openssl.org/source/license.html */ +/* TODO(3.0) Move this header into provider when dependencies are removed */ +#include + +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +typedef __int64 i64; +typedef unsigned __int64 u64; +# define U64(C) C##UI64 +#elif defined(__arch64__) +typedef long i64; +typedef unsigned long u64; +# define U64(C) C##UL +#else +typedef long long i64; +typedef unsigned long long u64; +# define U64(C) C##ULL +#endif + +typedef unsigned int u32; +typedef unsigned char u8; + +#define STRICT_ALIGNMENT 1 +#ifndef PEDANTIC +# if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__aarch64__) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +# endif +#endif + +#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__GNUC__) && __GNUC__>=2 +# if defined(__x86_64) || defined(__x86_64__) +# define BSWAP8(x) ({ u64 ret_=(x); \ + asm ("bswapq %0" \ + : "+r"(ret_)); ret_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ + asm ("bswapl %0" \ + : "+r"(ret_)); ret_; }) +# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + asm ("bswapl %0; bswapl %1" \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ + asm ("bswapl %0" \ + : "+r"(ret_)); ret_; }) +# elif defined(__aarch64__) +# define BSWAP8(x) ({ u64 ret_; \ + asm ("rev %0,%1" \ + : "=r"(ret_) : "r"(x)); ret_; }) +# define BSWAP4(x) ({ u32 ret_; \ + asm ("rev %w0,%w1" \ + : "=r"(ret_) : "r"(x)); ret_; }) +# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + asm ("rev %0,%0; rev %1,%1" \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_; \ + asm ("rev %0,%1" \ + : "=r"(ret_) : "r"((u32)(x))); \ + ret_; }) +# endif +# elif defined(_MSC_VER) +# if _MSC_VER>=1300 +# include +# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) +# define BSWAP8(x) _byteswap_uint64((u64)(x)) +# define BSWAP4(x) _byteswap_ulong((u32)(x)) +# elif defined(_M_IX86) +__inline u32 _bswap4(u32 val) +{ +_asm mov eax, val _asm bswap eax} +# define BSWAP4(x) _bswap4(x) +# endif +# endif +#endif +#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) +# define GETU32(p) BSWAP4(*(const u32 *)(p)) +# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +#else +# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) +# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) +#endif +/*- GCM definitions */ typedef struct { + u64 hi, lo; +} u128; + +#ifdef TABLE_BITS +# undef TABLE_BITS +#endif +/* + * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should + * never be set to 8 [or 1]. For further information see gcm128.c. + */ +#define TABLE_BITS 4 + +struct gcm128_context { + /* Following 6 names follow names in GCM specification */ + union { + u64 u[2]; + u32 d[4]; + u8 c[16]; + size_t t[16 / sizeof(size_t)]; + } Yi, EKi, EK0, len, Xi, H; + /* + * Relative position of Xi, H and pre-computed Htable is used in some + * assembler modules, i.e. don't change the order! + */ +#if TABLE_BITS==8 + u128 Htable[256]; +#else + u128 Htable[16]; + void (*gmult) (u64 Xi[2], const u128 Htable[16]); + void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp, + size_t len); +#endif + unsigned int mres, ares; + block128_f block; + void *key; +#if !defined(OPENSSL_SMALL_FOOTPRINT) + unsigned char Xn[48]; +#endif +}; + +/* + * The maximum permitted number of cipher blocks per data unit in XTS mode. + * Reference IEEE Std 1619-2018. + */ +#define XTS_MAX_BLOCKS_PER_DATA_UNIT (1<<20) + +struct xts128_context { + void *key1, *key2; + block128_f block1, block2; +}; + +struct ccm128_context { + union { + u64 u[2]; + u8 c[16]; + } nonce, cmac; + u64 blocks; + block128_f block; + void *key; +}; + +#ifndef OPENSSL_NO_OCB + +typedef union { + u64 a[2]; + unsigned char c[16]; +} OCB_BLOCK; +# define ocb_block16_xor(in1,in2,out) \ + ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ + (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) +# if STRICT_ALIGNMENT +# define ocb_block16_xor_misaligned(in1,in2,out) \ + ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) +# else +# define ocb_block16_xor_misaligned ocb_block16_xor +# endif + +struct ocb128_context { + /* Need both encrypt and decrypt key schedules for decryption */ + block128_f encrypt; + block128_f decrypt; + void *keyenc; + void *keydec; + ocb128_f stream; /* direction dependent */ + /* Key dependent variables. Can be reused if key remains the same */ + size_t l_index; + size_t max_l_index; + OCB_BLOCK l_star; + OCB_BLOCK l_dollar; + OCB_BLOCK *l; + /* Must be reset for each session */ + struct { + u64 blocks_hashed; + u64 blocks_processed; + OCB_BLOCK offset_aad; + OCB_BLOCK sum; + OCB_BLOCK offset; + OCB_BLOCK checksum; + } sess; +}; +#endif /* OPENSSL_NO_OCB */ + #ifndef OPENSSL_NO_SIV -typedef struct siv128_context SIV128_CONTEXT; - -SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, - EVP_CIPHER* cbc, EVP_CIPHER* ctr); -int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER* cbc, const EVP_CIPHER* ctr); -int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src); -int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, - size_t len); -int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len); -int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len); -int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx); -int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, - size_t len); -int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len); -int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx); -int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg); +#define SIV_LEN 16 + +typedef union siv_block_u { + uint64_t word[SIV_LEN/sizeof(uint64_t)]; + unsigned char byte[SIV_LEN]; +} SIV_BLOCK; + +struct siv128_context { + /* d stores intermediate results of S2V; it corresponds to D from the + pseudocode in section 2.4 of RFC 5297. */ + SIV_BLOCK d; + SIV_BLOCK tag; + EVP_CIPHER_CTX *cipher_ctx; + EVP_MAC_CTX *mac_ctx_init; + int final_ret; + int crypto_ok; +}; #endif /* OPENSSL_NO_SIV */ diff --git a/crypto/include/internal/modes_int.h b/crypto/include/internal/siv_int.h similarity index 100% copy from crypto/include/internal/modes_int.h copy to crypto/include/internal/siv_int.h diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index c510d96..eb8e06c 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) # define STRICT_ALIGNMENT 0 diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index bfa2d46..e97158a 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" /* * First you setup M and L parameters and pass the key schedule. This is diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c index 5352240..39644a2 100644 --- a/crypto/modes/cfb128.c +++ b/crypto/modes/cfb128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" /* * The input and output encrypted as though 128bit cfb mode is being used. diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index 177c955..1755b85 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" /* * NOTE: the IV/counter CTR mode is big-endian. The code itself is diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c index aca4ea8..b4f2f37 100644 --- a/crypto/modes/cts128.c +++ b/crypto/modes/cts128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" /* * Trouble with Ciphertext Stealing, CTS, mode is that there is no diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index b4d7215..371bf76 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) /* redefine, because alignment is ensured */ diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h deleted file mode 100644 index d4ce462..0000000 --- a/crypto/modes/modes_lcl.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -typedef __int64 i64; -typedef unsigned __int64 u64; -# define U64(C) C##UI64 -#elif defined(__arch64__) -typedef long i64; -typedef unsigned long u64; -# define U64(C) C##UL -#else -typedef long long i64; -typedef unsigned long long u64; -# define U64(C) C##ULL -#endif - -typedef unsigned int u32; -typedef unsigned char u8; - -#define STRICT_ALIGNMENT 1 -#ifndef PEDANTIC -# if defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__aarch64__) || \ - defined(__s390__) || defined(__s390x__) -# undef STRICT_ALIGNMENT -# endif -#endif - -#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__GNUC__) && __GNUC__>=2 -# if defined(__x86_64) || defined(__x86_64__) -# define BSWAP8(x) ({ u64 ret_=(x); \ - asm ("bswapq %0" \ - : "+r"(ret_)); ret_; }) -# define BSWAP4(x) ({ u32 ret_=(x); \ - asm ("bswapl %0" \ - : "+r"(ret_)); ret_; }) -# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) -# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ - asm ("bswapl %0; bswapl %1" \ - : "+r"(hi_),"+r"(lo_)); \ - (u64)hi_<<32|lo_; }) -# define BSWAP4(x) ({ u32 ret_=(x); \ - asm ("bswapl %0" \ - : "+r"(ret_)); ret_; }) -# elif defined(__aarch64__) -# define BSWAP8(x) ({ u64 ret_; \ - asm ("rev %0,%1" \ - : "=r"(ret_) : "r"(x)); ret_; }) -# define BSWAP4(x) ({ u32 ret_; \ - asm ("rev %w0,%w1" \ - : "=r"(ret_) : "r"(x)); ret_; }) -# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) -# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ - asm ("rev %0,%0; rev %1,%1" \ - : "+r"(hi_),"+r"(lo_)); \ - (u64)hi_<<32|lo_; }) -# define BSWAP4(x) ({ u32 ret_; \ - asm ("rev %0,%1" \ - : "=r"(ret_) : "r"((u32)(x))); \ - ret_; }) -# endif -# elif defined(_MSC_VER) -# if _MSC_VER>=1300 -# include -# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) -# define BSWAP8(x) _byteswap_uint64((u64)(x)) -# define BSWAP4(x) _byteswap_ulong((u32)(x)) -# elif defined(_M_IX86) -__inline u32 _bswap4(u32 val) -{ -_asm mov eax, val _asm bswap eax} -# define BSWAP4(x) _bswap4(x) -# endif -# endif -#endif -#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) -#else -# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) -# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) -#endif -/*- GCM definitions */ typedef struct { - u64 hi, lo; -} u128; - -#ifdef TABLE_BITS -# undef TABLE_BITS -#endif -/* - * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should - * never be set to 8 [or 1]. For further information see gcm128.c. - */ -#define TABLE_BITS 4 - -struct gcm128_context { - /* Following 6 names follow names in GCM specification */ - union { - u64 u[2]; - u32 d[4]; - u8 c[16]; - size_t t[16 / sizeof(size_t)]; - } Yi, EKi, EK0, len, Xi, H; - /* - * Relative position of Xi, H and pre-computed Htable is used in some - * assembler modules, i.e. don't change the order! - */ -#if TABLE_BITS==8 - u128 Htable[256]; -#else - u128 Htable[16]; - void (*gmult) (u64 Xi[2], const u128 Htable[16]); - void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -#endif - unsigned int mres, ares; - block128_f block; - void *key; -#if !defined(OPENSSL_SMALL_FOOTPRINT) - unsigned char Xn[48]; -#endif -}; - -/* - * The maximum permitted number of cipher blocks per data unit in XTS mode. - * Reference IEEE Std 1619-2018. - */ -#define XTS_MAX_BLOCKS_PER_DATA_UNIT (1<<20) - -struct xts128_context { - void *key1, *key2; - block128_f block1, block2; -}; - -struct ccm128_context { - union { - u64 u[2]; - u8 c[16]; - } nonce, cmac; - u64 blocks; - block128_f block; - void *key; -}; - -#ifndef OPENSSL_NO_OCB - -typedef union { - u64 a[2]; - unsigned char c[16]; -} OCB_BLOCK; -# define ocb_block16_xor(in1,in2,out) \ - ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ - (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) -# if STRICT_ALIGNMENT -# define ocb_block16_xor_misaligned(in1,in2,out) \ - ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) -# else -# define ocb_block16_xor_misaligned ocb_block16_xor -# endif - -struct ocb128_context { - /* Need both encrypt and decrypt key schedules for decryption */ - block128_f encrypt; - block128_f decrypt; - void *keyenc; - void *keydec; - ocb128_f stream; /* direction dependent */ - /* Key dependent variables. Can be reused if key remains the same */ - size_t l_index; - size_t max_l_index; - OCB_BLOCK l_star; - OCB_BLOCK l_dollar; - OCB_BLOCK *l; - /* Must be reset for each session */ - struct { - u64 blocks_hashed; - u64 blocks_processed; - OCB_BLOCK offset_aad; - OCB_BLOCK sum; - OCB_BLOCK offset; - OCB_BLOCK checksum; - } sess; -}; -#endif /* OPENSSL_NO_OCB */ - -#ifndef OPENSSL_NO_SIV - -#include - -#define SIV_LEN 16 - -typedef union siv_block_u { - uint64_t word[SIV_LEN/sizeof(uint64_t)]; - unsigned char byte[SIV_LEN]; -} SIV_BLOCK; - -struct siv128_context { - /* d stores intermediate results of S2V; it corresponds to D from the - pseudocode in section 2.4 of RFC 5297. */ - SIV_BLOCK d; - SIV_BLOCK tag; - EVP_CIPHER_CTX *cipher_ctx; - EVP_MAC_CTX *mac_ctx_init; - int final_ret; - int crypto_ok; -}; - -#endif /* OPENSSL_NO_SIV */ diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 7511101..9e7af60 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -10,7 +10,7 @@ #include #include #include -#include "modes_lcl.h" +#include "internal/modes_int.h" #ifndef OPENSSL_NO_OCB diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c index 96b15c7..b894cbb 100644 --- a/crypto/modes/ofb128.c +++ b/crypto/modes/ofb128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" /* * The input and output encrypted as though 128bit ofb mode is being used. diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index 4445cf3..359252f 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -10,8 +10,9 @@ #include #include #include +#include #include "internal/modes_int.h" -#include "modes_lcl.h" +#include "internal/siv_int.h" #ifndef OPENSSL_NO_SIV diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index 6c17fdc..03b83aa 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include "modes_lcl.h" #include +#include +#include "internal/modes_int.h" int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index e4dd733..4addcea 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -35,16 +35,20 @@ extern "C" { #define OSSL_PROV_PARAM_BUILDINFO "buildinfo" -/* Well known cipher parameters */ - -#define OSSL_CIPHER_PARAM_PADDING "padding" -#define OSSL_CIPHER_PARAM_MODE "mode" -#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* OSSL_PARAM_INTEGER */ -#define OSSL_CIPHER_PARAM_FLAGS "flags" /* OSSL_PARAM_UNSIGNED_INTEGER */ -#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* OSSL_PARAM_INTEGER */ -#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* OSSL_PARAM_INTEGER */ -#define OSSL_CIPHER_PARAM_IV "iv" /* OSSL_PARAM_OCTET_PTR */ -#define OSSL_CIPHER_PARAM_NUM "num" /* OSSL_PARAM_INTEGER */ +/* cipher parameters */ +#define OSSL_CIPHER_PARAM_PADDING "padding" /* int */ +#define OSSL_CIPHER_PARAM_MODE "mode" /* int */ +#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* int */ +#define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */ +#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* int */ +#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* int */ +#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ +#define OSSL_CIPHER_PARAM_NUM "num" /* int */ +#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_IVLEN "aeadivlen" /* size_t */ /* digest parameters */ #define OSSL_DIGEST_PARAM_XOFLEN "xoflen" diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 0542732..37a3170 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -181,6 +181,7 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_set_params, (void *vctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params, (void *vctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(unsigned long, OP_cipher_get_flags, (void)) /* Symmetric Ciphers */ diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c index 619386c..a1ca5a9 100644 --- a/providers/common/ciphers/aes_basic.c +++ b/providers/common/ciphers/aes_basic.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,102 +13,19 @@ #include #include #include +#include "internal/modes_int.h" #include "internal/evp_int.h" #include #include #include "ciphers_locl.h" #include "internal/providercommonerr.h" +#include "internal/aes_platform.h" #define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) -#ifdef VPAES_ASM -int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void vpaes_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void vpaes_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void vpaes_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); -#endif -#ifdef BSAES_ASM -void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[16], int enc); -void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - const unsigned char ivec[16]); -#endif -#ifdef AES_CTR_ASM -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char ivec[AES_BLOCK_SIZE]); -#endif - - -#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -# include "ppc_arch.h" -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) -# endif -# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) -# define HWAES_set_encrypt_key aes_p8_set_encrypt_key -# define HWAES_set_decrypt_key aes_p8_set_decrypt_key -# define HWAES_encrypt aes_p8_encrypt -# define HWAES_decrypt aes_p8_decrypt -# define HWAES_cbc_encrypt aes_p8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks -# define HWAES_xts_encrypt aes_p8_xts_encrypt -# define HWAES_xts_decrypt aes_p8_xts_decrypt -#endif - -#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ - ((defined(__i386) || defined(__i386__) || \ - defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) +#if defined(AESNI_CAPABLE) -extern unsigned int OPENSSL_ia32cap_P[]; - -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -# ifdef BSAES_ASM -# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -/* - * AES-NI section - */ -# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void aesni_ecb_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, const AES_KEY *key, int enc); -void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); - -void aesni_ctr32_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, const unsigned char *ivec); +/* AES-NI section. */ static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen) @@ -190,69 +107,7 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ { return AESNI_CAPABLE?&aesni_##mode:&aes_##mode; } -#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) - -# include "sparc_arch.h" - -extern unsigned int OPENSSL_sparcv9cap_P[]; - -/* - * Fujitsu SPARC64 X support - */ -# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) -# define HWAES_set_encrypt_key aes_fx_set_encrypt_key -# define HWAES_set_decrypt_key aes_fx_set_decrypt_key -# define HWAES_encrypt aes_fx_encrypt -# define HWAES_decrypt aes_fx_decrypt -# define HWAES_cbc_encrypt aes_fx_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks - -# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) - -void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); -void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); -void aes_t4_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aes_t4_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -/* - * Key-length specific subroutines were chosen for following reason. - * Each SPARC T4 core can execute up to 8 threads which share core's - * resources. Loading as much key material to registers allows to - * minimize references to shared memory interface, as well as amount - * of instructions in inner loops [much needed on T4]. But then having - * non-key-length specific routines would require conditional branches - * either in inner loops or on subroutines' entries. Former is hardly - * acceptable, while latter means code size increase to size occupied - * by multiple key-length specific subroutines, so why fight? - */ -void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); +#elif defined(SPARC_AES_CAPABLE) static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen) @@ -362,30 +217,15 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ { return SPARC_AES_CAPABLE?&aes_t4_##mode:&aes_##mode; } -#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +#elif defined(S390X_aes_128_CAPABLE) /* * IBM S390X support */ # include "s390x_arch.h" -/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ -# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) - -/* Most modes of operation need km for partial block processing. */ -# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_256)) - # define s390x_aes_init_key aes_init_key static int s390x_aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen); - -# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_cbc_CAPABLE 1 -# define S390X_aes_256_cbc_CAPABLE 1 # define S390X_AES_CBC_CTX PROV_AES_KEY # define s390x_aes_cbc_init_key aes_init_key @@ -394,10 +234,6 @@ static int s390x_aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, static int s390x_aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE -# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE -# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE - static int s390x_aes_ecb_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen) { @@ -417,16 +253,6 @@ static int s390x_aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out, return 1; } -# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_256))) - static int s390x_aes_ofb_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen) { @@ -477,16 +303,6 @@ static int s390x_aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out, return 1; } -# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256))) - static int s390x_aes_cfb_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen) { @@ -546,13 +362,6 @@ static int s390x_aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out, return 1; } -# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256)) - static int s390x_aes_cfb8_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen) { @@ -574,19 +383,11 @@ static int s390x_aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out, return 1; } -# define S390X_aes_128_cfb1_CAPABLE 0 -# define S390X_aes_192_cfb1_CAPABLE 0 -# define S390X_aes_256_cfb1_CAPABLE 0 - # define s390x_aes_cfb1_init_key aes_init_key # define s390x_aes_cfb1_cipher aes_cfb1_cipher static int s390x_aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out, const unsigned char *in, size_t len); - -# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_ctr_CAPABLE 1 -# define S390X_aes_256_ctr_CAPABLE 1 # define S390X_AES_CTR_CTX PROV_AES_KEY # define s390x_aes_ctr_init_key aes_init_key @@ -615,7 +416,7 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ } #else - +/* The generic case */ # define BLOCK_CIPHER_generic_prov(mode) \ static const PROV_AES_CIPHER aes_##mode = { \ aes_init_key, \ @@ -625,42 +426,6 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ #endif -#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -# include "arm_arch.h" -# if __ARM_MAX_ARCH__>=7 -# if defined(BSAES_ASM) -# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# if defined(VPAES_ASM) -# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -# define HWAES_set_encrypt_key aes_v8_set_encrypt_key -# define HWAES_set_decrypt_key aes_v8_set_decrypt_key -# define HWAES_encrypt aes_v8_encrypt -# define HWAES_decrypt aes_v8_decrypt -# define HWAES_cbc_encrypt aes_v8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks -# endif -#endif - -#if defined(HWAES_CAPABLE) -int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -void HWAES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void HWAES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); -void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - const unsigned char ivec[16]); -#endif - static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, size_t keylen) { diff --git a/test/build.info b/test/build.info index e38f142..6966149 100644 --- a/test/build.info +++ b/test/build.info @@ -504,7 +504,7 @@ IF[{- !$disabled{tests} -}] DEPEND[asn1_internal_test]=../libcrypto.a libtestutil.a SOURCE[modes_internal_test]=modes_internal_test.c - INCLUDE[modes_internal_test]=.. ../include ../apps/include + INCLUDE[modes_internal_test]=.. ../include ../apps/include ../crypto/include DEPEND[modes_internal_test]=../libcrypto.a libtestutil.a SOURCE[x509_internal_test]=x509_internal_test.c diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c index 656dfab..02e5c8d 100644 --- a/test/modes_internal_test.c +++ b/test/modes_internal_test.c @@ -14,8 +14,8 @@ #include #include -#include "../crypto/modes/modes_lcl.h" #include "testutil.h" +#include "internal/modes_int.h" #include "internal/nelem.h" typedef struct { From builds at travis-ci.org Tue Jul 16 00:25:48 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 00:25:48 +0000 Subject: Still Failing: openssl/openssl#26508 (master - 459b15d) In-Reply-To: Message-ID: <5d2d198c3afce_43fbe55a44dd83287fb@346a8847-3561-4999-bece-5b0bc2633b02.mail> Build Update for openssl/openssl ------------------------------------- Build: #26508 Status: Still Failing Duration: 20 mins and 5 secs Commit: 459b15d (master) Author: Shane Lontis Message: Add Common shared code needed to move aes ciphers to providers Custom aes ciphers will be placed into multiple new files (instead of the monolithic setup used in the e_aes.c legacy code) so it makes sense to have a header for the platform specific code that needs to be shared between files. modes_lcl.h has also moved to modes_int.h to allow sharing with the provider source. Code that will be common to AEAD ciphers has also been added. These will be used by seperate PR's for GCM, CCM & OCB. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9301) View the changeset: https://github.com/openssl/openssl/compare/0d03acea7aa4...459b15d45119 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559193124?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 16 02:29:05 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jul 2019 02:29:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1563244145.211636.15809.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 35e264c032 Coverity #1451596: check dirlen for being negative b481fbe68b Coverity #1451595: use correct free function. d5fdb6a695 util/opensslwrap.sh: adjust to define OPENSSL_MODULES as well 4674aaf4f2 In documentation, consistently refer to OpenSSL 3.0 2934be9134 Make sure all BIGNUM operations work within the FIPS provider 753149d97f Move the code for 'openssl list' to its own translation unit. 4b62b8ed49 Refactor apps/progs.* to be generate with 'make update' a161738a70 Fix wrong lock claimed in x509 dir lookup. 5fe6e2311d issue-9316: Update return documentation for RAND_set_rand_engine Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=172, Tests=1645, 257 wallclock secs ( 3.12 usr 0.35 sys + 242.12 cusr 23.03 csys = 268.62 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Tue Jul 16 03:22:52 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 16 Jul 2019 03:22:52 +0000 Subject: [openssl] master update Message-ID: <1563247372.350521.14045.nullmailer@dev.openssl.org> The branch master has been updated via 3d9b33b5e48d82d098a1f8c37dbf616a0d84621c (commit) from 459b15d451194ee90834ea58bfb8c91479e9ef9b (commit) - Log ----------------------------------------------------------------- commit 3d9b33b5e48d82d098a1f8c37dbf616a0d84621c Author: Pauli Date: Tue Jul 16 12:28:08 2019 +1000 Remove DRBG from SSL structure. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9390) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a4278b2..49c4510 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1645,7 +1645,6 @@ struct ssl_st { size_t block_padding; CRYPTO_RWLOCK *lock; - RAND_DRBG *drbg; /* The number of TLS1.3 tickets to automatically send */ size_t num_tickets; From levitte at openssl.org Tue Jul 16 03:26:53 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 16 Jul 2019 03:26:53 +0000 Subject: [openssl] master update Message-ID: <1563247613.899767.16720.nullmailer@dev.openssl.org> The branch master has been updated via cbfa5b03989ee6b8f5c13c4284d5bae02c562f20 (commit) via aac96e2797c34a6b2a839eb58c30ab3328a0cee8 (commit) from 3d9b33b5e48d82d098a1f8c37dbf616a0d84621c (commit) - Log ----------------------------------------------------------------- commit cbfa5b03989ee6b8f5c13c4284d5bae02c562f20 Author: Rich Salz Date: Thu Jul 11 14:01:56 2019 -0400 Regenerate mkerr files Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9058) commit aac96e2797c34a6b2a839eb58c30ab3328a0cee8 Author: Rich Salz Date: Fri May 31 13:52:45 2019 -0400 Remove function name from errors Deprecate all xxx_F_ defines. Removed some places that tested for a specific function. Use empty field for the function names in output. Update documentation. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9058) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 + apps/rsa.c | 1 - apps/speed.c | 1 - crypto/asn1/asn1_err.c | 146 +--- crypto/async/async_err.c | 19 +- crypto/bio/bio_err.c | 66 +- crypto/bn/bn_err.c | 70 +- crypto/buffer/buf_err.c | 13 +- crypto/cmp/cmp_err.c | 8 +- crypto/cms/cms_err.c | 150 +--- crypto/comp/comp_err.c | 15 +- crypto/conf/conf_err.c | 34 +- crypto/cpt_err.c | 69 +- crypto/crmf/crmf_err.c | 45 +- crypto/crmf/crmf_lib.c | 11 +- crypto/ct/ct_err.c | 45 +- crypto/dh/dh_err.c | 39 +- crypto/dsa/dsa_err.c | 36 +- crypto/dso/dso_err.c | 48 +- crypto/ec/ec_err.c | 279 +------ crypto/engine/eng_err.c | 70 +- crypto/err/err.c | 62 +- crypto/ess/ess_err.c | 22 +- crypto/evp/evp_err.c | 186 +---- crypto/include/internal/sm2err.h | 40 +- crypto/kdf/kdf_err.c | 67 +- crypto/objects/obj_err.c | 19 +- crypto/ocsp/ocsp_err.c | 33 +- crypto/pem/pem_err.c | 63 +- crypto/pkcs12/pk12err.c | 58 +- crypto/pkcs7/pkcs7err.c | 63 +- crypto/property/property_err.c | 17 +- crypto/rand/rand_err.c | 45 +- crypto/rsa/rsa_err.c | 107 +-- crypto/sm2/sm2_err.c | 30 +- crypto/store/store_err.c | 81 +- crypto/ts/ts_err.c | 89 +-- crypto/ui/ui_err.c | 36 +- crypto/ui/ui_lib.c | 7 - crypto/x509/v3err.c | 120 +-- crypto/x509/x509_err.c | 107 +-- doc/man3/ERR_GET_LIB.pod | 3 +- engines/e_afalg.txt | 2 +- engines/e_afalg_err.c | 15 +- engines/e_afalg_err.h | 22 +- engines/e_capi.txt | 2 +- engines/e_capi_err.c | 28 +- engines/e_capi_err.h | 50 +- engines/e_dasync.txt | 2 +- engines/e_dasync_err.c | 20 +- engines/e_dasync_err.h | 32 +- engines/e_ossltest.txt | 2 +- engines/e_ossltest_err.c | 10 +- engines/e_ossltest_err.h | 14 +- include/internal/dsoerr.h | 110 +-- include/internal/propertyerr.h | 24 +- include/openssl/asn1err.h | 238 +++--- include/openssl/asyncerr.h | 22 +- include/openssl/bioerr.h | 120 +-- include/openssl/bnerr.h | 109 +-- include/openssl/buffererr.h | 14 +- include/openssl/cmperr.h | 6 + include/openssl/cmserr.h | 178 ++--- include/openssl/comperr.h | 18 +- include/openssl/conferr.h | 54 +- include/openssl/crmferr.h | 48 +- include/openssl/cryptoerr.h | 80 +- include/openssl/cterr.h | 62 +- include/openssl/dherr.h | 64 +- include/openssl/dsaerr.h | 54 +- include/openssl/ecerr.h | 356 ++++----- include/openssl/engineerr.h | 88 +-- include/openssl/err.h | 82 +- include/openssl/esserr.h | 20 +- include/openssl/evperr.h | 274 +++---- include/openssl/kdferr.h | 102 +-- include/openssl/objectserr.h | 26 +- include/openssl/ocsperr.h | 40 +- include/openssl/pemerr.h | 92 +-- include/openssl/pkcs12err.h | 66 +- include/openssl/pkcs7err.h | 76 +- include/openssl/randerr.h | 62 +- include/openssl/rsaerr.h | 144 ++-- include/openssl/sslerr.h | 860 +++++++++++---------- include/openssl/storeerr.h | 84 +- include/openssl/tserr.h | 110 +-- include/openssl/uierr.h | 50 +- include/openssl/x509err.h | 140 ++-- include/openssl/x509v3err.h | 140 ++-- .../common/include/internal/providercommonerr.h | 38 +- providers/common/provider_err.c | 26 +- ssl/d1_lib.c | 2 +- ssl/ssl_err.c | 716 +---------------- ssl/statem/statem.h | 4 +- test/evp_test.c | 27 +- test/recipes/30-test_evp_data/evppkey.txt | 11 - test/recipes/30-test_evp_data/evppkey_ecc.txt | 84 -- test/sslapitest.c | 9 +- util/mkerr.pl | 56 +- 99 files changed, 2270 insertions(+), 5339 deletions(-) diff --git a/CHANGES b/CHANGES index c44dc0f..d826308 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Removed the function names from error messages and deprecated the + xxx_F_xxx define's. + [Rich Salz] + *) Removed NextStep support and the macro OPENSSL_UNISTD [Rich Salz] diff --git a/apps/rsa.c b/apps/rsa.c index 78958e0..7c0620c 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -227,7 +227,6 @@ int rsa_main(int argc, char **argv) while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && - ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX && ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); diff --git a/apps/speed.c b/apps/speed.c index 88e0069..d71b823 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3114,7 +3114,6 @@ int speed_main(int argc, char **argv) if (error == ERR_peek_last_error() && /* oldest and latest errors match */ /* check that the error origin matches */ ERR_GET_LIB(error) == ERR_LIB_EVP && - ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW && ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM) ERR_get_error(); /* pop error from queue */ if (ERR_peek_error()) { diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 0e1edc7..9d398f7 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -13,148 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA ASN1_str_functs[] = { - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2D_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0), - "ASN1_BIT_STRING_set_bit"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, 0), "asn1_check_tlen"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_COLLECT, 0), "asn1_collect"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_EX_PRIMITIVE, 0), - "asn1_d2i_ex_primitive"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_FP, 0), "ASN1_d2i_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, 0), "asn1_d2i_read_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DIGEST, 0), "ASN1_digest"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0), - "ASN1_GENERALIZEDTIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERATE_V3, 0), "ASN1_generate_v3"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_INT64, 0), "asn1_get_int64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, 0), "ASN1_get_object"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_UINT64, 0), "asn1_get_uint64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_BIO, 0), "ASN1_i2d_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_FP, 0), "ASN1_i2d_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_D2I_FP, 0), "ASN1_item_d2i_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_DUP, 0), "ASN1_item_dup"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_D2I, 0), - "asn1_item_embed_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0), - "asn1_item_embed_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0), - "asn1_item_flags_i2d"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN, 0), "ASN1_item_sign"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN_CTX, 0), - "ASN1_item_sign_ctx"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_UNPACK, 0), "ASN1_item_unpack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_VERIFY, 0), "ASN1_item_verify"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_MBSTRING_NCOPY, 0), - "ASN1_mbstring_ncopy"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0), - "asn1_primitive_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_INT64, 0), - "asn1_string_get_int64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_UINT64, 0), - "asn1_string_get_uint64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_SET, 0), "ASN1_STRING_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_ADD, 0), - "ASN1_STRING_TABLE_add"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TO_BN, 0), "asn1_string_to_bn"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TYPE_NEW, 0), - "ASN1_STRING_type_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0), - "asn1_template_ex_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0), - "asn1_template_noexp_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_ADJ, 0), "ASN1_TIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, 0), - "ASN1_TYPE_get_int_octetstring"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_OCTETSTRING, 0), - "ASN1_TYPE_get_octetstring"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_ADJ, 0), "ASN1_UTCTIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_VERIFY, 0), "ASN1_verify"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_READ_ASN1, 0), "b64_read_asn1"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_WRITE_ASN1, 0), "B64_write_ASN1"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_NEW_NDEF, 0), "BIO_new_NDEF"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BITSTR_CB, 0), "bitstr_cb"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_TO_ASN1_STRING, 0), "bn_to_asn1_string"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_BIT_STRING, 0), - "c2i_ASN1_BIT_STRING"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_IBUF, 0), "c2i_ibuf"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_UINT64_INT, 0), "c2i_uint64_int"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_COLLECT_DATA, 0), "collect_data"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_AUTOPRIVATEKEY, 0), - "d2i_AutoPrivateKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_KEYPARAMS, 0), "d2i_KeyParams"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0), - "i2d_ASN1_bio_stream"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_OBJECT, 0), "i2d_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_EC_PUBKEY, 0), "i2d_EC_PUBKEY"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_KEYPARAMS, 0), "i2d_KeyParams"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PRIVATEKEY, 0), "i2d_PrivateKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_SCRYPT, 0), - "PKCS5_pbe2_set_scrypt"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET, 0), "PKCS5_pbe_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET0_ALGOR, 0), - "PKCS5_pbe_set0_algor"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBKDF2_SET, 0), "PKCS5_pbkdf2_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0), - "X509_CRL_add0_revoked"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_ENCODE, 0), "x509_name_encode"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_D2I, 0), "x509_name_ex_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_NEW, 0), "x509_name_ex_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_PKEY_NEW, 0), "X509_PKEY_new"}, - {0, NULL} -}; - static const ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, @@ -343,10 +201,8 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { int ERR_load_ASN1_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) { - ERR_load_strings_const(ASN1_str_functs); + if (ERR_func_error_string(ASN1_str_reasons[0].error) == NULL) ERR_load_strings_const(ASN1_str_reasons); - } #endif return 1; } diff --git a/crypto/async/async_err.c b/crypto/async/async_err.c index 646cba9..f3643e1 100644 --- a/crypto/async/async_err.c +++ b/crypto/async/async_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,19 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA ASYNC_str_functs[] = { - {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_CTX_NEW, 0), "async_ctx_new"}, - {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_INIT_THREAD, 0), - "ASYNC_init_thread"}, - {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_JOB_NEW, 0), "async_job_new"}, - {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_PAUSE_JOB, 0), "ASYNC_pause_job"}, - {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_FUNC, 0), "async_start_func"}, - {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_JOB, 0), "ASYNC_start_job"}, - {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, 0), - "ASYNC_WAIT_CTX_set_wait_fd"}, - {0, NULL} -}; - static const ERR_STRING_DATA ASYNC_str_reasons[] = { {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL), "failed to set pool"}, @@ -42,10 +29,8 @@ static const ERR_STRING_DATA ASYNC_str_reasons[] = { int ERR_load_ASYNC_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) { - ERR_load_strings_const(ASYNC_str_functs); + if (ERR_func_error_string(ASYNC_str_reasons[0].error) == NULL) ERR_load_strings_const(ASYNC_str_reasons); - } #endif return 1; } diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index c7bea99..69f8d64 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,66 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA BIO_str_functs[] = { - {ERR_PACK(ERR_LIB_BIO, BIO_F_ACPT_STATE, 0), "acpt_state"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDRINFO_WRAP, 0), "addrinfo_wrap"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_NEW_INDEX, 0), "BIO_get_new_index"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_PORT, 0), "BIO_get_port"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LISTEN, 0), "BIO_listen"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP, 0), "BIO_lookup"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP_EX, 0), "BIO_lookup_ex"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_MAKE_PAIR, 0), "bio_make_pair"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_METH_NEW, 0), "BIO_meth_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW, 0), "BIO_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_DGRAM_SCTP, 0), "BIO_new_dgram_sctp"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_FILE, 0), "BIO_new_file"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_MEM_BUF, 0), "BIO_new_mem_buf"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD, 0), "BIO_nread"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD0, 0), "BIO_nread0"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE, 0), "BIO_nwrite"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE0, 0), "BIO_nwrite0"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PARSE_HOSTSERV, 0), "BIO_parse_hostserv"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PUTS, 0), "BIO_puts"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ, 0), "BIO_read"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_EX, 0), "BIO_read_ex"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_INTERN, 0), "bio_read_intern"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET, 0), "BIO_socket"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET_NBIO, 0), "BIO_socket_nbio"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INFO, 0), "BIO_sock_info"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INIT, 0), "BIO_sock_init"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE, 0), "BIO_write"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_EX, 0), "BIO_write_ex"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_INTERN, 0), "bio_write_intern"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_BUFFER_CTRL, 0), "buffer_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_CTRL, 0), "conn_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_STATE, 0), "conn_state"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_NEW, 0), "dgram_sctp_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_READ, 0), "dgram_sctp_read"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_WRITE, 0), "dgram_sctp_write"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_DOAPR_OUTCH, 0), "doapr_outch"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_CTRL, 0), "file_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_READ, 0), "file_read"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"}, - {ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"}, - {0, NULL} -}; - static const ERR_STRING_DATA BIO_str_reasons[] = { {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"}, {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), @@ -136,10 +76,8 @@ static const ERR_STRING_DATA BIO_str_reasons[] = { int ERR_load_BIO_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) { - ERR_load_strings_const(BIO_str_functs); + if (ERR_func_error_string(BIO_str_reasons[0].error) == NULL) ERR_load_strings_const(BIO_str_reasons); - } #endif return 1; } diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 9a59cfb..e1f260d 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -13,72 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA BN_str_functs[] = { - {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND, 0), "bnrand"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND_RANGE, 0), "bnrand_range"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CONVERT_EX, 0), - "BN_BLINDING_convert_ex"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CREATE_PARAM, 0), - "BN_BLINDING_create_param"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_INVERT_EX, 0), - "BN_BLINDING_invert_ex"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_NEW, 0), "BN_BLINDING_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_UPDATE, 0), "BN_BLINDING_update"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2DEC, 0), "BN_bn2dec"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2HEX, 0), "BN_bn2hex"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW_EX, 0), "BN_CTX_new_ex"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXP, 0), "BN_exp"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXPAND_INTERNAL, 0), "bn_expand_internal"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENCB_NEW, 0), "BN_GENCB_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_DSA_NONCE, 0), - "BN_generate_dsa_nonce"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0), - "BN_generate_prime_ex"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX2, 0), - "BN_generate_prime_ex2"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD, 0), - "BN_GF2m_mod_solve_quad"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, 0), - "BN_GF2m_mod_solve_quad_arr"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQR, 0), "BN_GF2m_mod_sqr"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQRT, 0), "BN_GF2m_mod_sqrt"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_LSHIFT, 0), "BN_lshift"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP2_MONT, 0), "BN_mod_exp2_mont"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT, 0), "BN_mod_exp_mont"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_CONSTTIME, 0), - "BN_mod_exp_mont_consttime"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_WORD, 0), - "BN_mod_exp_mont_word"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_RECP, 0), "BN_mod_exp_recp"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_SIMPLE, 0), "BN_mod_exp_simple"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE, 0), "BN_mod_inverse"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE_NO_BRANCH, 0), - "BN_mod_inverse_no_branch"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_LSHIFT_QUICK, 0), "BN_mod_lshift_quick"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_SQRT, 0), "BN_mod_sqrt"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MONT_CTX_NEW, 0), "BN_MONT_CTX_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_MPI2BN, 0), "BN_mpi2bn"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_NEW, 0), "BN_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_POOL_GET, 0), "BN_POOL_get"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND, 0), "BN_rand"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND_RANGE, 0), "BN_rand_range"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_RECP_CTX_NEW, 0), "BN_RECP_CTX_new"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_RSHIFT, 0), "BN_rshift"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"}, - {0, NULL} -}; - static const ERR_STRING_DATA BN_str_reasons[] = { {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"}, @@ -113,10 +47,8 @@ static const ERR_STRING_DATA BN_str_reasons[] = { int ERR_load_BN_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(BN_str_functs[0].error) == NULL) { - ERR_load_strings_const(BN_str_functs); + if (ERR_func_error_string(BN_str_reasons[0].error) == NULL) ERR_load_strings_const(BN_str_reasons); - } #endif return 1; } diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index 00b137d..066ce56 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,13 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA BUF_str_functs[] = { - {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW, 0), "BUF_MEM_grow"}, - {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW_CLEAN, 0), "BUF_MEM_grow_clean"}, - {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_NEW, 0), "BUF_MEM_new"}, - {0, NULL} -}; - static const ERR_STRING_DATA BUF_str_reasons[] = { {0, NULL} }; @@ -29,10 +22,8 @@ static const ERR_STRING_DATA BUF_str_reasons[] = { int ERR_load_BUF_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) { - ERR_load_strings_const(BUF_str_functs); + if (ERR_func_error_string(BUF_str_reasons[0].error) == NULL) ERR_load_strings_const(BUF_str_reasons); - } #endif return 1; } diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index b85b8ba..77e0aa1 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -13,10 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA CMP_str_functs[] = { - {0, NULL} -}; - static const ERR_STRING_DATA CMP_str_reasons[] = { {0, NULL} }; @@ -26,10 +22,8 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { int ERR_load_CMP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CMP_str_functs[0].error) == NULL) { - ERR_load_strings_const(CMP_str_functs); + if (ERR_func_error_string(CMP_str_reasons[0].error) == NULL) ERR_load_strings_const(CMP_str_reasons); - } #endif return 1; } diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index c05de0e..a5d5a47 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -13,152 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA CMS_str_functs[] = { - {ERR_PACK(ERR_LIB_CMS, CMS_F_CHECK_CONTENT, 0), "check_content"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_CERT, 0), "CMS_add0_cert"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_KEY, 0), - "CMS_add0_recipient_key"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 0), - "CMS_add0_recipient_password"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECEIPTREQUEST, 0), - "CMS_add1_ReceiptRequest"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECIPIENT_CERT, 0), - "CMS_add1_recipient_cert"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0), - "cms_add1_signingTime"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNING_CERT, 0), - "CMS_add1_signing_cert"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNING_CERT_V2, 0), - "CMS_add1_signing_cert_v2"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0), - "cms_CompressedData_create"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 0), - "cms_CompressedData_init_bio"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_CONTENT, 0), "cms_copy_content"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_MESSAGEDIGEST, 0), - "cms_copy_messageDigest"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATA, 0), "CMS_data"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAFINAL, 0), "CMS_dataFinal"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAINIT, 0), "CMS_dataInit"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT, 0), "CMS_decrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_KEY, 0), - "CMS_decrypt_set1_key"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PASSWORD, 0), - "CMS_decrypt_set1_password"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PKEY, 0), - "CMS_decrypt_set1_pkey"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 0), - "cms_DigestAlgorithm_find_ctx"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 0), - "cms_DigestAlgorithm_init_bio"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 0), - "cms_DigestedData_do_final"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0), - "cms_EncryptedContent_init"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0), - "cms_EncryptedContent_init_bio"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0), - "CMS_EncryptedData_decrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, 0), - "CMS_EncryptedData_encrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 0), - "CMS_EncryptedData_set1_key"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_CREATE, 0), - "CMS_EnvelopedData_create"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 0), - "cms_EnvelopedData_init_bio"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPED_DATA_INIT, 0), - "cms_enveloped_data_init"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENV_ASN1_CTRL, 0), "cms_env_asn1_ctrl"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_FINAL, 0), "CMS_final"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 0), - "cms_get0_certificate_choices"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CONTENT, 0), "CMS_get0_content"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ECONTENT_TYPE, 0), - "cms_get0_econtent_type"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ENVELOPED, 0), "cms_get0_enveloped"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_REVOCATION_CHOICES, 0), - "cms_get0_revocation_choices"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_SIGNED, 0), "cms_get0_signed"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_MSGSIGDIGEST_ADD1, 0), - "cms_msgSigDigest_add1"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPTREQUEST_CREATE0, 0), - "CMS_ReceiptRequest_create0"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPT_VERIFY, 0), "cms_Receipt_verify"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_DECRYPT, 0), - "CMS_RecipientInfo_decrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 0), - "CMS_RecipientInfo_encrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, 0), - "cms_RecipientInfo_kari_encrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 0), - "CMS_RecipientInfo_kari_get0_alg"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 0), - "CMS_RecipientInfo_kari_get0_orig_id"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 0), - "CMS_RecipientInfo_kari_get0_reks"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 0), - "CMS_RecipientInfo_kari_orig_id_cmp"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 0), - "cms_RecipientInfo_kekri_decrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 0), - "cms_RecipientInfo_kekri_encrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, 0), - "CMS_RecipientInfo_kekri_get0_id"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, 0), - "CMS_RecipientInfo_kekri_id_cmp"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 0), - "CMS_RecipientInfo_ktri_cert_cmp"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 0), - "cms_RecipientInfo_ktri_decrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 0), - "cms_RecipientInfo_ktri_encrypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 0), - "CMS_RecipientInfo_ktri_get0_algs"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 0), - "CMS_RecipientInfo_ktri_get0_signer_id"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 0), - "cms_RecipientInfo_pwri_crypt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_KEY, 0), - "CMS_RecipientInfo_set0_key"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, 0), - "CMS_RecipientInfo_set0_password"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 0), - "CMS_RecipientInfo_set0_pkey"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SD_ASN1_CTRL, 0), "cms_sd_asn1_ctrl"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_IAS, 0), "cms_set1_ias"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_KEYID, 0), "cms_set1_keyid"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_SIGNERIDENTIFIER, 0), - "cms_set1_SignerIdentifier"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET_DETACHED, 0), "CMS_set_detached"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN, 0), "CMS_sign"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNED_DATA_INIT, 0), - "cms_signed_data_init"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 0), - "cms_SignerInfo_content_sign"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_SIGN, 0), - "CMS_SignerInfo_sign"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY, 0), - "CMS_SignerInfo_verify"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 0), - "cms_signerinfo_verify_cert"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0), - "CMS_SignerInfo_verify_content"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SI_CHECK_ATTRIBUTES, 0), - "CMS_si_check_attributes"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"}, - {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"}, - {0, NULL} -}; - static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"}, @@ -292,10 +146,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { int ERR_load_CMS_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) { - ERR_load_strings_const(CMS_str_functs); + if (ERR_func_error_string(CMS_str_reasons[0].error) == NULL) ERR_load_strings_const(CMS_str_reasons); - } #endif return 1; } diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index ac91d0e..f29d0bc 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,15 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA COMP_str_functs[] = { - {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_FLUSH, 0), "bio_zlib_flush"}, - {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"}, - {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"}, - {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"}, - {ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"}, - {0, NULL} -}; - static const ERR_STRING_DATA COMP_str_reasons[] = { {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"}, @@ -37,10 +28,8 @@ static const ERR_STRING_DATA COMP_str_reasons[] = { int ERR_load_COMP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) { - ERR_load_strings_const(COMP_str_functs); + if (ERR_func_error_string(COMP_str_reasons[0].error) == NULL) ERR_load_strings_const(COMP_str_reasons); - } #endif return 1; } diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index e3e8b0e..f337700 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,34 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA CONF_str_functs[] = { - {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_DUMP_FP, 0), "CONF_dump_fp"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD, 0), "CONF_load"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD_FP, 0), "CONF_load_fp"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_PARSE_LIST, 0), "CONF_parse_list"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD, 0), "def_load"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD_BIO, 0), "def_load_bio"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_GET_NEXT_FILE, 0), "get_next_file"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_ADD, 0), "module_add"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_INIT, 0), "module_init"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_LOAD_DSO, 0), "module_load_dso"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_RUN, 0), "module_run"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_BIO, 0), "NCONF_dump_bio"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_FP, 0), "NCONF_dump_fp"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_NUMBER_E, 0), - "NCONF_get_number_e"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_SECTION, 0), "NCONF_get_section"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_STRING, 0), "NCONF_get_string"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD, 0), "NCONF_load"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_BIO, 0), "NCONF_load_bio"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_FP, 0), "NCONF_load_fp"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_NEW, 0), "NCONF_new"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_PROCESS_INCLUDE, 0), "process_include"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_SSL_MODULE_INIT, 0), "ssl_module_init"}, - {ERR_PACK(ERR_LIB_CONF, CONF_F_STR_COPY, 0), "str_copy"}, - {0, NULL} -}; - static const ERR_STRING_DATA CONF_str_reasons[] = { {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL), @@ -86,10 +58,8 @@ static const ERR_STRING_DATA CONF_str_reasons[] = { int ERR_load_CONF_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) { - ERR_load_strings_const(CONF_str_functs); + if (ERR_func_error_string(CONF_str_reasons[0].error) == NULL) ERR_load_strings_const(CONF_str_reasons); - } #endif return 1; } diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 25bb813..9408134 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -13,71 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA CRYPTO_str_functs[] = { - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0), - "CRYPTO_dup_ex_data"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0), - "CRYPTO_free_ex_data"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, 0), - "CRYPTO_get_ex_new_index"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX_EX, 0), - "CRYPTO_get_ex_new_index_ex"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0), - "CRYPTO_new_ex_data"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA_EX, 0), - "crypto_new_ex_data_ex"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0), - "CRYPTO_ocb128_copy_ctx"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0), - "CRYPTO_ocb128_init"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0), - "CRYPTO_set_ex_data"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_AND_LOCK, 0), "get_and_lock"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_PROVIDER_STORE, 0), - "get_provider_store"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_ATEXIT, 0), "OPENSSL_atexit"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_BUF2HEXSTR, 0), - "OPENSSL_buf2hexstr"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_FOPEN, 0), "openssl_fopen"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_HEXSTR2BUF, 0), - "OPENSSL_hexstr2buf"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0), - "OPENSSL_init_crypto"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0), - "OPENSSL_sk_deep_copy"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0), - "ossl_provider_activate"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN, 0), - "OSSL_PROVIDER_add_builtin"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER, 0), - "ossl_provider_add_parameter"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0), - "ossl_provider_new"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH, 0), - "ossl_provider_set_module_path"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0), - "pkey_poly1305_init"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0), - "pkey_siphash_init"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_ACTIVATE, 0), - "provider_activate"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_CONF_INIT, 0), - "provider_conf_init"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_CONF_LOAD, 0), - "provider_conf_load"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_NEW, 0), "provider_new"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_STORE_NEW, 0), - "provider_store_new"}, - {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"}, - {0, NULL} -}; - static const ERR_STRING_DATA CRYPTO_str_reasons[] = { {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, @@ -97,10 +32,8 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = { int ERR_load_CRYPTO_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) { - ERR_load_strings_const(CRYPTO_str_functs); + if (ERR_func_error_string(CRYPTO_str_reasons[0].error) == NULL) ERR_load_strings_const(CRYPTO_str_reasons); - } #endif return 1; } diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c index 62dc6bf..68d0d73 100644 --- a/crypto/crmf/crmf_err.c +++ b/crypto/crmf/crmf_err.c @@ -13,47 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA CRMF_str_functs[] = { - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_CRMF_POPOSIGNINGKEY_INIT, 0), - "CRMF_poposigningkey_init"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_CERTID_GEN, 0), - "OSSL_CRMF_CERTID_gen"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL, 0), - "OSSL_CRMF_CERTTEMPLATE_fill"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, 0), - "OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, 0), - "OSSL_CRMF_MSGS_verify_popo"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_CREATE_POPO, 0), - "OSSL_CRMF_MSG_create_popo"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_GET0_TMPL, 0), - "OSSL_CRMF_MSG_get0_tmpl"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID, 0), - "OSSL_CRMF_MSG_get_certReqId"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO, 0), - "OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION, 0), - "OSSL_CRMF_MSG_push0_extension"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL, 0), - "OSSL_CRMF_MSG_push0_regCtrl"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO, 0), - "OSSL_CRMF_MSG_push0_regInfo"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS, 0), - "OSSL_CRMF_MSG_set0_extensions"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO, 0), - "OSSL_CRMF_MSG_set0_SinglePubInfo"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID, 0), - "OSSL_CRMF_MSG_set_certReqId"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION, 0), - "OSSL_CRMF_MSG_set_PKIPublicationInfo_action"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY, 0), - "OSSL_CRMF_MSG_set_validity"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_PBMP_NEW, 0), - "OSSL_CRMF_pbmp_new"}, - {ERR_PACK(ERR_LIB_CRMF, CRMF_F_OSSL_CRMF_PBM_NEW, 0), "OSSL_CRMF_pbm_new"}, - {0, NULL} -}; - static const ERR_STRING_DATA CRMF_str_reasons[] = { {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_BAD_PBM_ITERATIONCOUNT), "bad pbm iterationcount"}, @@ -95,10 +54,8 @@ static const ERR_STRING_DATA CRMF_str_reasons[] = { int ERR_load_CRMF_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CRMF_str_functs[0].error) == NULL) { - ERR_load_strings_const(CRMF_str_functs); + if (ERR_func_error_string(CRMF_str_reasons[0].error) == NULL) ERR_load_strings_const(CRMF_str_reasons); - } #endif return 1; } diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 55f1f38..e777a34 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -299,20 +299,20 @@ int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid) } /* get ASN.1 encoded integer, return -1 on error */ -static int crmf_asn1_get_int(int func, const ASN1_INTEGER *a) +static int crmf_asn1_get_int(const ASN1_INTEGER *a) { int64_t res; if (!ASN1_INTEGER_get_int64(&res, a)) { - CRMFerr(func, ASN1_R_INVALID_NUMBER); + CRMFerr(0, ASN1_R_INVALID_NUMBER); return -1; } if (res < INT_MIN) { - CRMFerr(func, ASN1_R_TOO_SMALL); + CRMFerr(0, ASN1_R_TOO_SMALL); return -1; } if (res > INT_MAX) { - CRMFerr(func, ASN1_R_TOO_LARGE); + CRMFerr(0, ASN1_R_TOO_LARGE); return -1; } return (int)res; @@ -324,8 +324,7 @@ int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm) CRMFerr(CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID, CRMF_R_NULL_ARGUMENT); return -1; } - return crmf_asn1_get_int(CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID, - crm->certReq->certReqId); + return crmf_asn1_get_int(crm->certReq->certReqId); } diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c index 950c481..a960428 100644 --- a/crypto/ct/ct_err.c +++ b/crypto/ct/ct_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,45 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA CT_str_functs[] = { - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0), - "CTLOG_new_from_base64"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0), - "ctlog_store_load_ctx_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0), - "CTLOG_STORE_load_file"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0), - "ctlog_store_load_log"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0), - "CT_POLICY_EVAL_CTX_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0), - "ct_v1_log_id_from_pkey"}, - {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"}, - {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"}, - {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"}, - {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"}, - {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"}, - {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0), - "SCT_set_log_entry_type"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0), - "SCT_set_signature_nid"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"}, - {0, NULL} -}; - static const ERR_STRING_DATA CT_str_reasons[] = { {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"}, {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), @@ -87,10 +48,8 @@ static const ERR_STRING_DATA CT_str_reasons[] = { int ERR_load_CT_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CT_str_functs[0].error) == NULL) { - ERR_load_strings_const(CT_str_functs); + if (ERR_func_error_string(CT_str_reasons[0].error) == NULL) ERR_load_strings_const(CT_str_reasons); - } #endif return 1; } diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index a78a6a9..cbde260 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -13,41 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA DH_str_functs[] = { - {ERR_PACK(ERR_LIB_DH, DH_F_COMPUTE_KEY, 0), "compute_key"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUF2KEY, 0), "dh_buf2key"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0), - "dh_builtin_genparams"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), - "dh_cms_set_shared_info"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_KEY2BUF, 0), "dh_key2buf"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0), - "dh_pkey_public_check"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_ENCODE, 0), "dh_pub_encode"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DO_DH_PRINT, 0), "do_dh_print"}, - {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"}, - {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"}, - {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"}, - {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"}, - {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"}, - {0, NULL} -}; - static const ERR_STRING_DATA DH_str_reasons[] = { {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, @@ -94,10 +59,8 @@ static const ERR_STRING_DATA DH_str_reasons[] = { int ERR_load_DH_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DH_str_functs[0].error) == NULL) { - ERR_load_strings_const(DH_str_functs); + if (ERR_func_error_string(DH_str_reasons[0].error) == NULL) ERR_load_strings_const(DH_str_reasons); - } #endif return 1; } diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index f664dd5..211908c 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,36 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA DSA_str_functs[] = { - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0), - "dsa_builtin_paramgen"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0), - "dsa_builtin_paramgen2"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0), - "old_dsa_priv_decode"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"}, - {0, NULL} -}; - static const ERR_STRING_DATA DSA_str_reasons[] = { {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, @@ -67,10 +37,8 @@ static const ERR_STRING_DATA DSA_str_reasons[] = { int ERR_load_DSA_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) { - ERR_load_strings_const(DSA_str_functs); + if (ERR_func_error_string(DSA_str_reasons[0].error) == NULL) ERR_load_strings_const(DSA_str_reasons); - } #endif return 1; } diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index 03b0b5b..4afb106 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,48 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA DSO_str_functs[] = { - {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_BIND_FUNC, 0), "dlfcn_bind_func"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_LOAD, 0), "dlfcn_load"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_MERGER, 0), "dlfcn_merger"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_NAME_CONVERTER, 0), - "dlfcn_name_converter"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_UNLOAD, 0), "dlfcn_unload"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_BIND_FUNC, 0), "dl_bind_func"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_LOAD, 0), "dl_load"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_MERGER, 0), "dl_merger"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_NAME_CONVERTER, 0), "dl_name_converter"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_UNLOAD, 0), "dl_unload"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_BIND_FUNC, 0), "DSO_bind_func"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CONVERT_FILENAME, 0), - "DSO_convert_filename"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CTRL, 0), "DSO_ctrl"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_FREE, 0), "DSO_free"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GET_FILENAME, 0), "DSO_get_filename"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GLOBAL_LOOKUP, 0), "DSO_global_lookup"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_LOAD, 0), "DSO_load"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_MERGE, 0), "DSO_merge"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_NEW_METHOD, 0), "DSO_new_method"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_PATHBYADDR, 0), "DSO_pathbyaddr"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_SET_FILENAME, 0), "DSO_set_filename"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_UP_REF, 0), "DSO_up_ref"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_BIND_SYM, 0), "vms_bind_sym"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_LOAD, 0), "vms_load"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_MERGER, 0), "vms_merger"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_UNLOAD, 0), "vms_unload"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_BIND_FUNC, 0), "win32_bind_func"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_GLOBALLOOKUP, 0), "win32_globallookup"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_JOINER, 0), "win32_joiner"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_LOAD, 0), "win32_load"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_MERGER, 0), "win32_merger"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_NAME_CONVERTER, 0), - "win32_name_converter"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_PATHBYADDR, 0), ""}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_SPLITTER, 0), "win32_splitter"}, - {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_UNLOAD, 0), "win32_unload"}, - {0, NULL} -}; - static const ERR_STRING_DATA DSO_str_reasons[] = { {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed"}, {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded"}, @@ -91,10 +49,8 @@ static const ERR_STRING_DATA DSO_str_reasons[] = { int ERR_load_DSO_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) { - ERR_load_strings_const(DSO_str_functs); + if (ERR_func_error_string(DSO_str_reasons[0].error) == NULL) ERR_load_strings_const(DSO_str_reasons); - } #endif return 1; } diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index b7cf95b..d2fee05 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -13,281 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA EC_str_functs[] = { - {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, 0), "BN_to_felem"}, - {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPARAMETERS, 0), "d2i_ECParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPKPARAMETERS, 0), "d2i_ECPKParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPRIVATEKEY, 0), "d2i_ECPrivateKey"}, - {ERR_PACK(ERR_LIB_EC, EC_F_DO_EC_KEY_PRINT, 0), "do_EC_KEY_print"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_DECRYPT, 0), "ecdh_cms_decrypt"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_SET_SHARED_INFO, 0), - "ecdh_cms_set_shared_info"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_COMPUTE_KEY, 0), "ECDH_compute_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_SIMPLE_COMPUTE_KEY, 0), - "ecdh_simple_compute_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_DECODE, 0), "eckey_priv_decode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_ENCODE, 0), "eckey_priv_encode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_DECODE, 0), "eckey_pub_decode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_ENCODE, 0), "eckey_pub_encode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_TYPE2PARAM, 0), "eckey_type2param"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT, 0), "ECParameters_print"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT_FP, 0), - "ECParameters_print_fp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT, 0), - "ECPKParameters_print"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT_FP, 0), - "ECPKParameters_print_fp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_GET_AFFINE, 0), - "ecp_nistz256_get_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_INV_MOD_ORD, 0), - "ecp_nistz256_inv_mod_ord"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 0), - "ecp_nistz256_mult_precompute"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_POINTS_MUL, 0), - "ecp_nistz256_points_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_PRE_COMP_NEW, 0), - "ecp_nistz256_pre_comp_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_WINDOWED_MUL, 0), - "ecp_nistz256_windowed_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECX_KEY_OP, 0), "ecx_key_op"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PRIV_ENCODE, 0), "ecx_priv_encode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PUB_ENCODE, 0), "ecx_pub_encode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2CURVE, 0), "ec_asn1_group2curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2FIELDID, 0), - "ec_asn1_group2fieldid"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0), - "ec_GF2m_montgomery_point_multiply"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_FIELD_INV, 0), - "ec_GF2m_simple_field_inv"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), - "ec_GF2m_simple_group_check_discriminant"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0), - "ec_GF2m_simple_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0), - "ec_GF2m_simple_ladder_post"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0), - "ec_GF2m_simple_ladder_pre"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0), - "ec_GF2m_simple_oct2point"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0), - "ec_GF2m_simple_point2oct"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0), - "ec_GF2m_simple_points_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0), - "ec_GF2m_simple_point_get_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0), - "ec_GF2m_simple_point_set_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 0), - "ec_GF2m_simple_set_compressed_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_DECODE, 0), - "ec_GFp_mont_field_decode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0), - "ec_GFp_mont_field_encode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_INV, 0), - "ec_GFp_mont_field_inv"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0), - "ec_GFp_mont_field_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0), - "ec_GFp_mont_field_set_to_one"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SQR, 0), - "ec_GFp_mont_field_sqr"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_GROUP_SET_CURVE, 0), - "ec_GFp_mont_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 0), - "ec_GFp_nistp224_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINTS_MUL, 0), - "ec_GFp_nistp224_points_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 0), - "ec_GFp_nistp224_point_get_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 0), - "ec_GFp_nistp256_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINTS_MUL, 0), - "ec_GFp_nistp256_points_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 0), - "ec_GFp_nistp256_point_get_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 0), - "ec_GFp_nistp521_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINTS_MUL, 0), - "ec_GFp_nistp521_points_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 0), - "ec_GFp_nistp521_point_get_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_MUL, 0), - "ec_GFp_nist_field_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_SQR, 0), - "ec_GFp_nist_field_sqr"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0), - "ec_GFp_nist_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0), - "ec_GFp_simple_blind_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_FIELD_INV, 0), - "ec_GFp_simple_field_inv"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), - "ec_GFp_simple_group_check_discriminant"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0), - "ec_GFp_simple_group_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, 0), - "ec_GFp_simple_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_OCT2POINT, 0), - "ec_GFp_simple_oct2point"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT2OCT, 0), - "ec_GFp_simple_point2oct"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, 0), - "ec_GFp_simple_points_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0), - "ec_GFp_simple_point_get_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0), - "ec_GFp_simple_point_set_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 0), - "ec_GFp_simple_set_compressed_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK, 0), "EC_GROUP_check"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0), - "EC_GROUP_check_discriminant"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0), - "EC_GROUP_get_curve_GF2m"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0), - "EC_GROUP_get_curve_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_DEGREE, 0), "EC_GROUP_get_degree"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPARAMETERS, 0), - "EC_GROUP_get_ecparameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPKPARAMETERS, 0), - "EC_GROUP_get_ecpkparameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 0), - "EC_GROUP_get_pentanomial_basis"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 0), - "EC_GROUP_get_trinomial_basis"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW, 0), "EC_GROUP_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_BY_CURVE_NAME, 0), - "EC_GROUP_new_by_curve_name"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_DATA, 0), - "ec_group_new_from_data"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 0), - "EC_GROUP_new_from_ecparameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0), - "EC_GROUP_new_from_ecpkparameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0), - "EC_GROUP_set_curve_GF2m"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0), - "EC_GROUP_set_curve_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0), - "EC_GROUP_set_generator"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW, 0), "EC_KEY_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW_METHOD, 0), "EC_KEY_new_method"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0), - "EC_KEY_set_public_key_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0), - "ec_key_simple_check_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_OCT2PRIV, 0), - "ec_key_simple_oct2priv"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0), - "ec_key_simple_priv2oct"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0), - "EC_POINTs_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0), - "EC_POINT_get_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0), - "EC_POINT_get_affine_coordinates_GF2m"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0), - "EC_POINT_get_affine_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 0), - "EC_POINT_get_Jprojective_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_INVERT, 0), "EC_POINT_invert"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_AT_INFINITY, 0), - "EC_POINT_is_at_infinity"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_ON_CURVE, 0), - "EC_POINT_is_on_curve"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_MAKE_AFFINE, 0), - "EC_POINT_make_affine"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0), - "EC_POINT_set_affine_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0), - "EC_POINT_set_affine_coordinates_GF2m"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0), - "EC_POINT_set_affine_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0), - "EC_POINT_set_compressed_coordinates"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0), - "EC_POINT_set_compressed_coordinates_GF2m"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0), - "EC_POINT_set_compressed_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 0), - "EC_POINT_set_Jprojective_coordinates_GFp"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0), - "EC_POINT_set_to_infinity"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0), - "ec_scalar_mul_ladder"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"}, - {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0), - "ec_wNAF_precompute_mult"}, - {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPARAMETERS, 0), "i2d_ECParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPKPARAMETERS, 0), "i2d_ECPKParameters"}, - {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPRIVATEKEY, 0), "i2d_ECPrivateKey"}, - {ERR_PACK(ERR_LIB_EC, EC_F_I2O_ECPUBLICKEY, 0), "i2o_ECPublicKey"}, - {ERR_PACK(ERR_LIB_EC, EC_F_NISTP224_PRE_COMP_NEW, 0), - "nistp224_pre_comp_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_NISTP256_PRE_COMP_NEW, 0), - "nistp256_pre_comp_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_NISTP521_PRE_COMP_NEW, 0), - "nistp521_pre_comp_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_O2I_ECPUBLICKEY, 0), "o2i_ECPublicKey"}, - {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0), - "ossl_ecdh_compute_key"}, - {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"}, - {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0), - "ossl_ecdsa_verify_sig"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_CTRL, 0), "pkey_ecd_ctrl"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN, 0), "pkey_ecd_digestsign"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN25519, 0), - "pkey_ecd_digestsign25519"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0), - "pkey_ecd_digestsign448"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, - {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"}, - {0, NULL} -}; - static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"}, @@ -385,10 +110,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = { int ERR_load_EC_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(EC_str_functs[0].error) == NULL) { - ERR_load_strings_const(EC_str_functs); + if (ERR_func_error_string(EC_str_reasons[0].error) == NULL) ERR_load_strings_const(EC_str_reasons); - } #endif return 1; } diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index 1d47052..7509775 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,70 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA ENGINE_str_functs[] = { - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DIGEST_UPDATE, 0), "digest_update"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_CTRL, 0), "dynamic_ctrl"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_GET_DATA_CTX, 0), - "dynamic_get_data_ctx"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_LOAD, 0), "dynamic_load"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_SET_DATA_CTX, 0), - "dynamic_set_data_ctx"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_ADD, 0), "ENGINE_add"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_BY_ID, 0), "ENGINE_by_id"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, 0), - "ENGINE_cmd_is_executable"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL, 0), "ENGINE_ctrl"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD, 0), "ENGINE_ctrl_cmd"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD_STRING, 0), - "ENGINE_ctrl_cmd_string"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_FINISH, 0), "ENGINE_finish"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_CIPHER, 0), - "ENGINE_get_cipher"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_DIGEST, 0), - "ENGINE_get_digest"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_FIRST, 0), - "ENGINE_get_first"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_LAST, 0), "ENGINE_get_last"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_NEXT, 0), "ENGINE_get_next"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, 0), - "ENGINE_get_pkey_asn1_meth"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_METH, 0), - "ENGINE_get_pkey_meth"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PREV, 0), "ENGINE_get_prev"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_INIT, 0), "ENGINE_init"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_ADD, 0), "engine_list_add"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_REMOVE, 0), - "engine_list_remove"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 0), - "ENGINE_load_private_key"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 0), - "ENGINE_load_public_key"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, 0), - "ENGINE_load_ssl_client_cert"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_NEW, 0), "ENGINE_new"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, 0), - "ENGINE_pkey_asn1_find_str"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_REMOVE, 0), "ENGINE_remove"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_DEFAULT_STRING, 0), - "ENGINE_set_default_string"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_ID, 0), "ENGINE_set_id"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_NAME, 0), "ENGINE_set_name"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_TABLE_REGISTER, 0), - "engine_table_register"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UNLOCKED_FINISH, 0), - "engine_unlocked_finish"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UP_REF, 0), "ENGINE_up_ref"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CLEANUP_ITEM, 0), - "int_cleanup_item"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CTRL_HELPER, 0), "int_ctrl_helper"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_CONFIGURE, 0), - "int_engine_configure"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_MODULE_INIT, 0), - "int_engine_module_init"}, - {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_OSSL_HMAC_INIT, 0), "ossl_hmac_init"}, - {0, NULL} -}; - static const ERR_STRING_DATA ENGINE_str_reasons[] = { {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"}, {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), @@ -145,10 +81,8 @@ static const ERR_STRING_DATA ENGINE_str_reasons[] = { int ERR_load_ENGINE_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) { - ERR_load_strings_const(ENGINE_str_functs); + if (ERR_func_error_string(ENGINE_str_reasons[0].error) == NULL) ERR_load_strings_const(ENGINE_str_reasons); - } #endif return 1; } diff --git a/crypto/err/err.c b/crypto/err/err.c index 8752c11..c161dc2 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -71,36 +71,6 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {0, NULL}, }; -static ERR_STRING_DATA ERR_str_functs[] = { - {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"}, - {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"}, - {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"}, - {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"}, - {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"}, - {ERR_PACK(0, SYS_F_BIND, 0), "bind"}, - {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"}, - {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"}, -# ifdef OPENSSL_SYS_WINDOWS - {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"}, -# endif - {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, - {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, - {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"}, - {ERR_PACK(0, SYS_F_GETNAMEINFO, 0), "getnameinfo"}, - {ERR_PACK(0, SYS_F_SETSOCKOPT, 0), "setsockopt"}, - {ERR_PACK(0, SYS_F_GETSOCKOPT, 0), "getsockopt"}, - {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"}, - {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"}, - {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"}, - {ERR_PACK(0, SYS_F_OPEN, 0), "open"}, - {ERR_PACK(0, SYS_F_CLOSE, 0), "close"}, - {ERR_PACK(0, SYS_F_IOCTL, 0), "ioctl"}, - {ERR_PACK(0, SYS_F_STAT, 0), "stat"}, - {ERR_PACK(0, SYS_F_FCNTL, 0), "fcntl"}, - {ERR_PACK(0, SYS_F_FSTAT, 0), "fstat"}, - {0, NULL}, -}; - static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_SYS_LIB, "system lib"}, {ERR_R_BN_LIB, "BN lib"}, @@ -164,7 +134,7 @@ static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) unsigned long ret, l; l = a->error; - ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l); + ret = l ^ ERR_GET_LIB(l); return (ret ^ ret % 19 * 13); } @@ -354,8 +324,6 @@ int ERR_load_ERR_strings(void) err_load_strings(ERR_str_libraries); err_load_strings(ERR_str_reasons); - err_patch(ERR_LIB_SYS, ERR_str_functs); - err_load_strings(ERR_str_functs); build_SYS_str_reasons(); #endif return 1; @@ -588,9 +556,9 @@ static unsigned long get_error_values(int inc, int top, const char **file, void ERR_error_string_n(unsigned long e, char *buf, size_t len) { - char lsbuf[64], fsbuf[64], rsbuf[64]; - const char *ls, *fs, *rs; - unsigned long l, f, r; + char lsbuf[64], rsbuf[64]; + const char *ls, *rs; + unsigned long f = 0, l, r; if (len == 0) return; @@ -602,13 +570,6 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) ls = lsbuf; } - fs = ERR_func_error_string(e); - f = ERR_GET_FUNC(e); - if (fs == NULL) { - BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); - fs = fsbuf; - } - rs = ERR_reason_error_string(e); r = ERR_GET_REASON(e); if (rs == NULL) { @@ -616,7 +577,7 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) rs = rsbuf; } - BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs); + BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, "", rs); if (strlen(buf) == len - 1) { /* Didn't fit; use a minimal format. */ BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r); @@ -654,18 +615,9 @@ const char *ERR_lib_error_string(unsigned long e) const char *ERR_func_error_string(unsigned long e) { - ERR_STRING_DATA d, *p; - unsigned long l, f; - - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { + if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return NULL; - } - - l = ERR_GET_LIB(e); - f = ERR_GET_FUNC(e); - d.error = ERR_PACK(l, f, 0); - p = int_err_get_item(&d); - return ((p == NULL) ? NULL : p->string); + return ERR_GET_LIB(e) == ERR_LIB_SYS ? "system library" : NULL; } const char *ERR_reason_error_string(unsigned long e) diff --git a/crypto/ess/ess_err.c b/crypto/ess/ess_err.c index 215b7f1..0b58227 100644 --- a/crypto/ess/ess_err.c +++ b/crypto/ess/ess_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,22 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA ESS_str_functs[] = { - {ERR_PACK(ERR_LIB_ESS, ESS_F_ESS_CERT_ID_NEW_INIT, 0), - "ESS_CERT_ID_new_init"}, - {ERR_PACK(ERR_LIB_ESS, ESS_F_ESS_CERT_ID_V2_NEW_INIT, 0), - "ESS_CERT_ID_V2_new_init"}, - {ERR_PACK(ERR_LIB_ESS, ESS_F_ESS_SIGNING_CERT_ADD, 0), - "ESS_SIGNING_CERT_add"}, - {ERR_PACK(ERR_LIB_ESS, ESS_F_ESS_SIGNING_CERT_NEW_INIT, 0), - "ESS_SIGNING_CERT_new_init"}, - {ERR_PACK(ERR_LIB_ESS, ESS_F_ESS_SIGNING_CERT_V2_ADD, 0), - "ESS_SIGNING_CERT_V2_add"}, - {ERR_PACK(ERR_LIB_ESS, ESS_F_ESS_SIGNING_CERT_V2_NEW_INIT, 0), - "ESS_SIGNING_CERT_V2_new_init"}, - {0, NULL} -}; - static const ERR_STRING_DATA ESS_str_reasons[] = { {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERTIFICATE_ERROR), "ess signing certificate error"}, @@ -44,10 +28,8 @@ static const ERR_STRING_DATA ESS_str_reasons[] = { int ERR_load_ESS_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ESS_str_functs[0].error) == NULL) { - ERR_load_strings_const(ESS_str_functs); + if (ERR_func_error_string(ESS_str_reasons[0].error) == NULL) ERR_load_strings_const(ESS_str_reasons); - } #endif return 1; } diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 99535c0..d517099 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -13,188 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA EVP_str_functs[] = { - {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_TLS_CIPHER, 0), "aes_gcm_tls_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), - "aes_t4_xts_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_B64_NEW, 0), "b64_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_BLAKE2B_MAC_CTRL, 0), "blake2b_mac_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_BLAKE2B_MAC_INIT, 0), "blake2b_mac_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_BLAKE2S_MAC_CTRL, 0), "blake2s_mac_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_BLAKE2S_MAC_INIT, 0), "blake2s_mac_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0), - "chacha20_poly1305_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_CMLL_T4_INIT_KEY, 0), "cmll_t4_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_DES_EDE3_WRAP_CIPHER, 0), - "des_ede3_wrap_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_ASN1_TO_PARAM, 0), - "EVP_CIPHER_asn1_to_param"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0), - "EVP_CIPHER_CTX_copy"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, 0), - "EVP_CIPHER_CTX_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0), - "EVP_CIPHER_CTX_set_key_length"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_PADDING, 0), - "EVP_CIPHER_CTX_set_padding"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_FROM_DISPATCH, 0), - "evp_cipher_from_dispatch"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_MODE, 0), "EVP_CIPHER_mode"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0), - "EVP_CIPHER_param_to_asn1"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0), - "EVP_DecryptFinal_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINAL_EX, 0), "EVP_DigestFinal_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTUPDATE, 0), "EVP_DigestUpdate"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTDECRYPTUPDATE, 0), - "evp_EncryptDecryptUpdate"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), - "EVP_EncryptFinal_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL, 0), "EVP_KDF_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL_STR, 0), "EVP_KDF_ctrl_str"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW, 0), "EVP_KDF_CTX_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW_ID, 0), "EVP_KDF_CTX_new_id"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL, 0), "EVP_MAC_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL_STR, 0), "EVP_MAC_ctrl_str"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_DUP, 0), "EVP_MAC_CTX_dup"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_NEW, 0), "EVP_MAC_CTX_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_INIT, 0), "EVP_MAC_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_BLOCK_SIZE, 0), "EVP_MD_block_size"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD, 0), "EVP_PBE_alg_add"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD_TYPE, 0), - "EVP_PBE_alg_add_type"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_CIPHERINIT, 0), "EVP_PBE_CipherInit"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_SCRYPT, 0), "EVP_PBE_scrypt"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKCS82PKEY, 0), "EVP_PKCS82PKEY"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY2PKCS8, 0), "EVP_PKEY2PKCS8"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ASN1_ADD0, 0), "EVP_PKEY_asn1_add0"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CHECK, 0), "EVP_PKEY_check"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_COPY_PARAMETERS, 0), - "EVP_PKEY_copy_parameters"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, 0), "EVP_PKEY_CTX_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL_STR, 0), - "EVP_PKEY_CTX_ctrl_str"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_DUP, 0), "EVP_PKEY_CTX_dup"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_MD, 0), "EVP_PKEY_CTX_md"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT, 0), "EVP_PKEY_decrypt"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_INIT, 0), - "EVP_PKEY_decrypt_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_OLD, 0), - "EVP_PKEY_decrypt_old"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE, 0), "EVP_PKEY_derive"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_INIT, 0), - "EVP_PKEY_derive_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, 0), - "EVP_PKEY_derive_set_peer"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT, 0), "EVP_PKEY_encrypt"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_INIT, 0), - "EVP_PKEY_encrypt_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_OLD, 0), - "EVP_PKEY_encrypt_old"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DH, 0), "EVP_PKEY_get0_DH"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DSA, 0), "EVP_PKEY_get0_DSA"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_EC_KEY, 0), - "EVP_PKEY_get0_EC_KEY"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_HMAC, 0), "EVP_PKEY_get0_hmac"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_POLY1305, 0), - "EVP_PKEY_get0_poly1305"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_RSA, 0), "EVP_PKEY_get0_RSA"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_SIPHASH, 0), - "EVP_PKEY_get0_siphash"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, 0), - "EVP_PKEY_get_raw_private_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, 0), - "EVP_PKEY_get_raw_public_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0), - "EVP_PKEY_keygen_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0), - "EVP_PKEY_new_CMAC_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0), - "EVP_PKEY_new_raw_private_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0), - "EVP_PKEY_new_raw_public_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0), - "EVP_PKEY_paramgen_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAM_CHECK, 0), - "EVP_PKEY_param_check"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PUBLIC_CHECK, 0), - "EVP_PKEY_public_check"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0), - "EVP_PKEY_set1_engine"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET_ALIAS_TYPE, 0), - "EVP_PKEY_set_alias_type"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN_INIT, 0), "EVP_PKEY_sign_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY, 0), "EVP_PKEY_verify"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_INIT, 0), - "EVP_PKEY_verify_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER, 0), - "EVP_PKEY_verify_recover"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, 0), - "EVP_PKEY_verify_recover_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SET_DEFAULT_PROPERTIES, 0), - "EVP_set_default_properties"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_GMAC_CTRL, 0), "gmac_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_INT_CTX_NEW, 0), "int_ctx_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_KMAC_CTRL, 0), "kmac_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_KMAC_INIT, 0), "kmac_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_OK_NEW, 0), "ok_new"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_PBE_KEYIVGEN, 0), "PKCS5_PBE_keyivgen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBE_KEYIVGEN, 0), - "PKCS5_v2_PBE_keyivgen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 0), - "PKCS5_v2_PBKDF2_keyivgen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0), - "PKCS5_v2_scrypt_keyivgen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_COPY, 0), "pkey_mac_copy"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_INIT, 0), "pkey_mac_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_POLY1305_CTRL, 0), "poly1305_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), - "r_32_12_16_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_TLS_CIPHER, 0), - "s390x_aes_gcm_tls_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, - {0, NULL} -}; - static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, @@ -336,10 +154,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { int ERR_load_EVP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) { - ERR_load_strings_const(EVP_str_functs); + if (ERR_func_error_string(EVP_str_reasons[0].error) == NULL) ERR_load_strings_const(EVP_str_reasons); - } #endif return 1; } diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h index 2f404e0..923bb6c 100644 --- a/crypto/include/internal/sm2err.h +++ b/crypto/include/internal/sm2err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,10 @@ # define HEADER_SM2ERR_H # include +# include + + +# include # ifndef OPENSSL_NO_SM2 @@ -23,22 +27,24 @@ int ERR_load_SM2_strings(void); /* * SM2 function codes. */ -# define SM2_F_PKEY_SM2_COPY 115 -# define SM2_F_PKEY_SM2_CTRL 109 -# define SM2_F_PKEY_SM2_CTRL_STR 110 -# define SM2_F_PKEY_SM2_DIGEST_CUSTOM 114 -# define SM2_F_PKEY_SM2_INIT 111 -# define SM2_F_PKEY_SM2_SIGN 112 -# define SM2_F_SM2_COMPUTE_MSG_HASH 100 -# define SM2_F_SM2_COMPUTE_USERID_DIGEST 101 -# define SM2_F_SM2_COMPUTE_Z_DIGEST 113 -# define SM2_F_SM2_DECRYPT 102 -# define SM2_F_SM2_ENCRYPT 103 -# define SM2_F_SM2_PLAINTEXT_SIZE 104 -# define SM2_F_SM2_SIGN 105 -# define SM2_F_SM2_SIG_GEN 106 -# define SM2_F_SM2_SIG_VERIFY 107 -# define SM2_F_SM2_VERIFY 108 +# if !OPENSSL_API_3 +# define SM2_F_PKEY_SM2_COPY 0 +# define SM2_F_PKEY_SM2_CTRL 0 +# define SM2_F_PKEY_SM2_CTRL_STR 0 +# define SM2_F_PKEY_SM2_DIGEST_CUSTOM 0 +# define SM2_F_PKEY_SM2_INIT 0 +# define SM2_F_PKEY_SM2_SIGN 0 +# define SM2_F_SM2_COMPUTE_MSG_HASH 0 +# define SM2_F_SM2_COMPUTE_USERID_DIGEST 0 +# define SM2_F_SM2_COMPUTE_Z_DIGEST 0 +# define SM2_F_SM2_DECRYPT 0 +# define SM2_F_SM2_ENCRYPT 0 +# define SM2_F_SM2_PLAINTEXT_SIZE 0 +# define SM2_F_SM2_SIGN 0 +# define SM2_F_SM2_SIG_GEN 0 +# define SM2_F_SM2_SIG_VERIFY 0 +# define SM2_F_SM2_VERIFY 0 +# endif /* * SM2 reason codes. diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c index 1b6e784..d7d4b1e 100644 --- a/crypto/kdf/kdf_err.c +++ b/crypto/kdf/kdf_err.c @@ -13,69 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA KDF_str_functs[] = { - {ERR_PACK(ERR_LIB_KDF, KDF_F_HKDF_EXTRACT, 0), "HKDF_Extract"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_DERIVE, 0), "kdf_hkdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_NEW, 0), "kdf_hkdf_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_SIZE, 0), "kdf_hkdf_size"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_MD2CTRL, 0), "kdf_md2ctrl"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_CTRL, 0), "kdf_pbkdf2_ctrl"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_CTRL_STR, 0), - "kdf_pbkdf2_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_DERIVE, 0), "kdf_pbkdf2_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_NEW, 0), "kdf_pbkdf2_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_STR, 0), - "kdf_scrypt_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT32, 0), - "kdf_scrypt_ctrl_uint32"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT64, 0), - "kdf_scrypt_ctrl_uint64"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_DERIVE, 0), "kdf_scrypt_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_NEW, 0), "kdf_scrypt_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL, 0), "kdf_sshkdf_ctrl"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL_STR, 0), - "kdf_sshkdf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_DERIVE, 0), "kdf_sshkdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_NEW, 0), "kdf_sshkdf_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_CTRL_STR, 0), - "kdf_tls1_prf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0), - "kdf_tls1_prf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_NEW, 0), "kdf_tls1_prf_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PBKDF2_DERIVE, 0), "pbkdf2_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PBKDF2_SET_MEMBUF, 0), "pbkdf2_set_membuf"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0), - "pkey_scrypt_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0), - "pkey_scrypt_ctrl_uint64"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0), - "pkey_scrypt_set_membuf"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0), - "pkey_tls1_prf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), - "pkey_tls1_prf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_SCRYPT_SET_MEMBUF, 0), "scrypt_set_membuf"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_CTRL_STR, 0), "sskdf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_DERIVE, 0), "sskdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_MAC2CTRL, 0), "sskdf_mac2ctrl"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_NEW, 0), "sskdf_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_SIZE, 0), "sskdf_size"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_CTRL, 0), "x942kdf_ctrl"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_DERIVE, 0), "x942kdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_HASH_KDM, 0), "x942kdf_hash_kdm"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_NEW, 0), "x942kdf_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_X942KDF_SIZE, 0), "x942kdf_size"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_X963KDF_DERIVE, 0), "x963kdf_derive"}, - {0, NULL} -}; - static const ERR_STRING_DATA KDF_str_reasons[] = { {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_BAD_ENCODING), "bad encoding"}, {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_BAD_LENGTH), "bad length"}, @@ -119,10 +56,8 @@ static const ERR_STRING_DATA KDF_str_reasons[] = { int ERR_load_KDF_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) { - ERR_load_strings_const(KDF_str_functs); + if (ERR_func_error_string(KDF_str_reasons[0].error) == NULL) ERR_load_strings_const(KDF_str_reasons); - } #endif return 1; } diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c index 16d6e65..f8b48fe 100644 --- a/crypto/objects/obj_err.c +++ b/crypto/objects/obj_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,19 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA OBJ_str_functs[] = { - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_OBJECT, 0), "OBJ_add_object"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_SIGID, 0), "OBJ_add_sigid"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_CREATE, 0), "OBJ_create"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_DUP, 0), "OBJ_dup"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NAME_NEW_INDEX, 0), "OBJ_NAME_new_index"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2LN, 0), "OBJ_nid2ln"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2OBJ, 0), "OBJ_nid2obj"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2SN, 0), "OBJ_nid2sn"}, - {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_TXT2OBJ, 0), "OBJ_txt2obj"}, - {0, NULL} -}; - static const ERR_STRING_DATA OBJ_str_reasons[] = { {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"}, {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"}, @@ -37,10 +24,8 @@ static const ERR_STRING_DATA OBJ_str_reasons[] = { int ERR_load_OBJ_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) { - ERR_load_strings_const(OBJ_str_functs); + if (ERR_func_error_string(OBJ_str_reasons[0].error) == NULL) ERR_load_strings_const(OBJ_str_reasons); - } #endif return 1; } diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c index f72ed4c..fd479bcd 100644 --- a/crypto/ocsp/ocsp_err.c +++ b/crypto/ocsp/ocsp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,33 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA OCSP_str_functs[] = { - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_D2I_OCSP_NONCE, 0), "d2i_ocsp_nonce"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_ADD1_STATUS, 0), - "OCSP_basic_add1_status"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN, 0), "OCSP_basic_sign"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN_CTX, 0), - "OCSP_basic_sign_ctx"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_VERIFY, 0), "OCSP_basic_verify"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CERT_ID_NEW, 0), "OCSP_cert_id_new"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_DELEGATED, 0), - "ocsp_check_delegated"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_IDS, 0), "ocsp_check_ids"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_ISSUER, 0), "ocsp_check_issuer"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_VALIDITY, 0), - "OCSP_check_validity"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_MATCH_ISSUERID, 0), - "ocsp_match_issuerid"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_PARSE_URL, 0), "OCSP_parse_url"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_SIGN, 0), "OCSP_request_sign"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_VERIFY, 0), - "OCSP_request_verify"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_RESPONSE_GET1_BASIC, 0), - "OCSP_response_get1_basic"}, - {ERR_PACK(ERR_LIB_OCSP, OCSP_F_PARSE_HTTP_LINE1, 0), "parse_http_line1"}, - {0, NULL} -}; - static const ERR_STRING_DATA OCSP_str_reasons[] = { {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, @@ -92,10 +65,8 @@ static const ERR_STRING_DATA OCSP_str_reasons[] = { int ERR_load_OCSP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { - ERR_load_strings_const(OCSP_str_functs); + if (ERR_func_error_string(OCSP_str_reasons[0].error) == NULL) ERR_load_strings_const(OCSP_str_reasons); - } #endif return 1; } diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c index 80c65f7..a4743d1 100644 --- a/crypto/pem/pem_err.c +++ b/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,63 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA PEM_str_functs[] = { - {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_DSS, 0), "b2i_dss"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_PVK_BIO, 0), "b2i_PVK_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_RSA, 0), "b2i_rsa"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_DSA, 0), "check_bitlen_dsa"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_RSA, 0), "check_bitlen_rsa"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, 0), - "d2i_PKCS8PrivateKey_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_FP, 0), - "d2i_PKCS8PrivateKey_fp"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I, 0), "do_b2i"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I_BIO, 0), "do_b2i_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_BLOB_HEADER, 0), "do_blob_header"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_I2B, 0), "do_i2b"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY, 0), "do_pk8pkey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY_FP, 0), "do_pk8pkey_fp"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_BODY, 0), "do_PVK_body"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_HEADER, 0), "do_PVK_header"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, 0), - "get_header_and_data"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, 0), "get_name"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK, 0), "i2b_PVK"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK_BIO, 0), "i2b_PVK_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_LOAD_IV, 0), "load_iv"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ, 0), "PEM_ASN1_read"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ_BIO, 0), "PEM_ASN1_read_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE, 0), "PEM_ASN1_write"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE_BIO, 0), "PEM_ASN1_write_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DEF_CALLBACK, 0), "PEM_def_callback"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, 0), "PEM_do_header"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_GET_EVP_CIPHER_INFO, 0), - "PEM_get_EVP_CIPHER_INFO"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ, 0), "PEM_read"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, 0), "PEM_read_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_DHPARAMS, 0), - "PEM_read_bio_DHparams"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_EX, 0), "PEM_read_bio_ex"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PARAMETERS, 0), - "PEM_read_bio_Parameters"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, 0), - "PEM_read_bio_PrivateKey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_DHPARAMS, 0), "PEM_read_DHparams"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_PRIVATEKEY, 0), - "PEM_read_PrivateKey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0), - "PEM_write_PrivateKey"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ_BIO, 0), - "PEM_X509_INFO_read_bio"}, - {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_WRITE_BIO, 0), - "PEM_X509_INFO_write_bio"}, - {0, NULL} -}; - static const ERR_STRING_DATA PEM_str_reasons[] = { {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"}, {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"}, @@ -117,10 +60,8 @@ static const ERR_STRING_DATA PEM_str_reasons[] = { int ERR_load_PEM_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) { - ERR_load_strings_const(PEM_str_functs); + if (ERR_func_error_string(PEM_str_reasons[0].error) == NULL) ERR_load_strings_const(PEM_str_reasons); - } #endif return 1; } diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index dd07b6d..c9fd1d7 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,58 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA PKCS12_str_functs[] = { - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0), - "OPENSSL_uni2utf8"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0), - "OPENSSL_utf82uni"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 0), - "PKCS12_item_decrypt_d2i"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 0), - "PKCS12_item_i2d_encrypt"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 0), - "PKCS12_item_pack_safebag"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_ASC, 0), - "PKCS12_key_gen_asc"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UNI, 0), - "PKCS12_key_gen_uni"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UTF8, 0), - "PKCS12_key_gen_utf8"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_NEWPASS, 0), "PKCS12_newpass"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7DATA, 0), - "PKCS12_pack_p7data"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7ENCDATA, 0), - "PKCS12_pack_p7encdata"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PARSE, 0), "PKCS12_parse"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, 0), - "PKCS12_pbe_crypt"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_KEYIVGEN, 0), - "PKCS12_PBE_keyivgen"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, 0), - "PKCS12_SAFEBAG_create0_p8inf"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, 0), - "PKCS12_SAFEBAG_create0_pkcs8"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, 0), - "PKCS12_SAFEBAG_create_pkcs8_encrypt"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SETUP_MAC, 0), - "PKCS12_setup_mac"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SET_MAC, 0), "PKCS12_set_mac"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 0), - "PKCS12_unpack_authsafes"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0), - "PKCS12_unpack_p7data"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0), - "PKCS12_verify_mac"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"}, - {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_SET0_PBE, 0), "PKCS8_set0_pbe"}, - {0, NULL} -}; - static const ERR_STRING_DATA PKCS12_str_reasons[] = { {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"}, @@ -108,10 +56,8 @@ static const ERR_STRING_DATA PKCS12_str_reasons[] = { int ERR_load_PKCS12_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) { - ERR_load_strings_const(PKCS12_str_functs); + if (ERR_func_error_string(PKCS12_str_reasons[0].error) == NULL) ERR_load_strings_const(PKCS12_str_reasons); - } #endif return 1; } diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index c613821..2420124 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,63 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA PKCS7_str_functs[] = { - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 0), - "do_pkcs7_signed_attrib"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 0), - "PKCS7_add0_attrib_signing_time"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, 0), - "PKCS7_add_attrib_smimecap"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CERTIFICATE, 0), - "PKCS7_add_certificate"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CRL, 0), "PKCS7_add_crl"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 0), - "PKCS7_add_recipient_info"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNATURE, 0), - "PKCS7_add_signature"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNER, 0), "PKCS7_add_signer"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_BIO_ADD_DIGEST, 0), - "PKCS7_bio_add_digest"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 0), - "pkcs7_copy_existing_digest"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_CTRL, 0), "PKCS7_ctrl"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATADECODE, 0), "PKCS7_dataDecode"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAFINAL, 0), "PKCS7_dataFinal"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAINIT, 0), "PKCS7_dataInit"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAVERIFY, 0), "PKCS7_dataVerify"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT, 0), "PKCS7_decrypt"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT_RINFO, 0), - "pkcs7_decrypt_rinfo"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCODE_RINFO, 0), - "pkcs7_encode_rinfo"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCRYPT, 0), "PKCS7_encrypt"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FINAL, 0), "PKCS7_final"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FIND_DIGEST, 0), - "PKCS7_find_digest"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_GET0_SIGNERS, 0), - "PKCS7_get0_signers"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_RECIP_INFO_SET, 0), - "PKCS7_RECIP_INFO_set"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CIPHER, 0), "PKCS7_set_cipher"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CONTENT, 0), - "PKCS7_set_content"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_DIGEST, 0), "PKCS7_set_digest"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_TYPE, 0), "PKCS7_set_type"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN, 0), "PKCS7_sign"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNATUREVERIFY, 0), - "PKCS7_signatureVerify"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SET, 0), - "PKCS7_SIGNER_INFO_set"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SIGN, 0), - "PKCS7_SIGNER_INFO_sign"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 0), - "PKCS7_sign_add_signer"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIMPLE_SMIMECAP, 0), - "PKCS7_simple_smimecap"}, - {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_VERIFY, 0), "PKCS7_verify"}, - {0, NULL} -}; - static const ERR_STRING_DATA PKCS7_str_reasons[] = { {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, @@ -147,10 +90,8 @@ static const ERR_STRING_DATA PKCS7_str_reasons[] = { int ERR_load_PKCS7_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) { - ERR_load_strings_const(PKCS7_str_functs); + if (ERR_func_error_string(PKCS7_str_reasons[0].error) == NULL) ERR_load_strings_const(PKCS7_str_reasons); - } #endif return 1; } diff --git a/crypto/property/property_err.c b/crypto/property/property_err.c index 619e5e7..49dc525 100644 --- a/crypto/property/property_err.c +++ b/crypto/property/property_err.c @@ -13,19 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA PROP_str_functs[] = { - {ERR_PACK(ERR_LIB_PROP, PROP_F_OSSL_PARSE_PROPERTY, 0), - "ossl_parse_property"}, - {ERR_PACK(ERR_LIB_PROP, PROP_F_OSSL_PARSE_QUERY, 0), "ossl_parse_query"}, - {ERR_PACK(ERR_LIB_PROP, PROP_F_PARSE_HEX, 0), "parse_hex"}, - {ERR_PACK(ERR_LIB_PROP, PROP_F_PARSE_NAME, 0), "parse_name"}, - {ERR_PACK(ERR_LIB_PROP, PROP_F_PARSE_NUMBER, 0), "parse_number"}, - {ERR_PACK(ERR_LIB_PROP, PROP_F_PARSE_OCT, 0), "parse_oct"}, - {ERR_PACK(ERR_LIB_PROP, PROP_F_PARSE_STRING, 0), "parse_string"}, - {ERR_PACK(ERR_LIB_PROP, PROP_F_PARSE_UNQUOTED, 0), "parse_unquoted"}, - {0, NULL} -}; - static const ERR_STRING_DATA PROP_str_reasons[] = { {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NAME_TOO_LONG), "name too long"}, {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_ASCII_CHARACTER), @@ -52,10 +39,8 @@ static const ERR_STRING_DATA PROP_str_reasons[] = { int ERR_load_PROP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PROP_str_functs[0].error) == NULL) { - ERR_load_strings_const(PROP_str_functs); + if (ERR_func_error_string(PROP_str_reasons[0].error) == NULL) ERR_load_strings_const(PROP_str_reasons); - } #endif return 1; } diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index d729441..fa6be1e 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -13,47 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA RAND_str_functs[] = { - {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_CTR_INIT, 0), "drbg_ctr_init"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES_EX, 0), "rand_bytes_ex"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0), - "rand_drbg_enable_locking"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0), - "RAND_DRBG_generate"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0), - "rand_drbg_get_entropy"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0), - "rand_drbg_get_nonce"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0), - "RAND_DRBG_instantiate"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0), - "RAND_DRBG_set_defaults"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0), - "RAND_DRBG_uninstantiate"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0), - "rand_pool_acquire_entropy"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0), - "rand_pool_add_begin"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0), - "rand_pool_bytes_needed"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, - {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"}, - {0, NULL} -}; - static const ERR_STRING_DATA RAND_str_reasons[] = { {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG), "additional input too long"}, @@ -130,10 +89,8 @@ static const ERR_STRING_DATA RAND_str_reasons[] = { int ERR_load_RAND_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) { - ERR_load_strings_const(RAND_str_functs); + if (ERR_func_error_string(RAND_str_reasons[0].error) == NULL) ERR_load_strings_const(RAND_str_reasons); - } #endif return 1; } diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 936413d..50409de 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -13,109 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA RSA_str_functs[] = { - {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0), - "old_rsa_priv_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_PSS_INIT, 0), "pkey_pss_init"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, 0), "pkey_rsa_ctrl"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL_STR, 0), "pkey_rsa_ctrl_str"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_SIGN, 0), "pkey_rsa_sign"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFY, 0), "pkey_rsa_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFYRECOVER, 0), - "pkey_rsa_verifyrecover"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ALGOR_TO_MD, 0), "rsa_algor_to_md"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_BUILTIN_KEYGEN, 0), "rsa_builtin_keygen"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY, 0), "RSA_check_key"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES, 0), - "rsa_fips186_4_gen_prob_primes"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_SET1_NAME, 0), "RSA_meth_set1_name"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MGF1_TO_MD, 0), ""}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MULTIP_INFO_NEW, 0), - "rsa_multip_info_new"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NEW_METHOD, 0), "RSA_new_method"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL, 0), ""}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_DECRYPT, 0), ""}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_ENCRYPT, 0), ""}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_DECRYPT, 0), ""}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_ENCRYPT, 0), ""}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, 0), - "rsa_ossl_private_decrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, 0), - "rsa_ossl_private_encrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, 0), - "rsa_ossl_public_decrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, 0), - "rsa_ossl_public_encrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_NONE, 0), - "RSA_padding_add_none"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 0), - "RSA_padding_add_PKCS1_OAEP"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, 0), - "RSA_padding_add_PKCS1_OAEP_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS, 0), - "RSA_padding_add_PKCS1_PSS"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 0), - "RSA_padding_add_PKCS1_PSS_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, 0), - "RSA_padding_add_PKCS1_type_1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, 0), - "RSA_padding_add_PKCS1_type_2"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_SSLV23, 0), - "RSA_padding_add_SSLv23"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_X931, 0), - "RSA_padding_add_X931"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_NONE, 0), - "RSA_padding_check_none"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 0), - "RSA_padding_check_PKCS1_OAEP"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, 0), - "RSA_padding_check_PKCS1_OAEP_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 0), - "RSA_padding_check_PKCS1_type_1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 0), - "RSA_padding_check_PKCS1_type_2"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_SSLV23, 0), - "RSA_padding_check_SSLv23"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_X931, 0), - "RSA_padding_check_X931"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0), - "RSA_sign_ASN1_OCTET_STRING"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SP800_56B_CHECK_KEYPAIR, 0), - "rsa_sp800_56b_check_keypair"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SP800_56B_CHECK_PUBLIC, 0), - "rsa_sp800_56b_check_public"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SP800_56B_PAIRWISE_TEST, 0), - "rsa_sp800_56b_pairwise_test"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH, 0), - "rsa_sp800_56b_validate_strength"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY, 0), "RSA_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 0), - "RSA_verify_ASN1_OCTET_STRING"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0), - "RSA_verify_PKCS1_PSS_mgf1"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, - {0, NULL} -}; - static const ERR_STRING_DATA RSA_str_reasons[] = { {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"}, @@ -256,10 +153,8 @@ static const ERR_STRING_DATA RSA_str_reasons[] = { int ERR_load_RSA_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) { - ERR_load_strings_const(RSA_str_functs); + if (ERR_func_error_string(RSA_str_reasons[0].error) == NULL) ERR_load_strings_const(RSA_str_reasons); - } #endif return 1; } diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c index 95b0e11..24ecdf5 100644 --- a/crypto/sm2/sm2_err.c +++ b/crypto/sm2/sm2_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,30 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA SM2_str_functs[] = { - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_COPY, 0), "pkey_sm2_copy"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_DIGEST_CUSTOM, 0), - "pkey_sm2_digest_custom"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0), - "sm2_compute_msg_hash"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0), - "sm2_compute_userid_digest"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_Z_DIGEST, 0), - "sm2_compute_z_digest"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "sm2_decrypt"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "sm2_encrypt"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_PLAINTEXT_SIZE, 0), "sm2_plaintext_size"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "sm2_sign"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "sm2_sig_gen"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "sm2_sig_verify"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "sm2_verify"}, - {0, NULL} -}; - static const ERR_STRING_DATA SM2_str_reasons[] = { {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"}, @@ -60,10 +36,8 @@ static const ERR_STRING_DATA SM2_str_reasons[] = { int ERR_load_SM2_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) { - ERR_load_strings_const(SM2_str_functs); + if (ERR_func_error_string(SM2_str_reasons[0].error) == NULL) ERR_load_strings_const(SM2_str_reasons); - } #endif return 1; } diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c index 254defc..417aa49 100644 --- a/crypto/store/store_err.c +++ b/crypto/store/store_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,81 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA OSSL_STORE_str_functs[] = { - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_CTRL, 0), "file_ctrl"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_FIND, 0), "file_find"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_GET_PASS, 0), - "file_get_pass"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD, 0), "file_load"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD_TRY_DECODE, 0), - "file_load_try_decode"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_NAME_TO_URI, 0), - "file_name_to_uri"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0), - "ossl_store_attach_pem_bio"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0), - "OSSL_STORE_expect"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0), - "ossl_store_file_attach_pem_bio_int"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0), - "OSSL_STORE_find"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0), - "ossl_store_get0_loader_int"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0), - "OSSL_STORE_INFO_get1_CERT"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, 0), - "OSSL_STORE_INFO_get1_CRL"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, 0), - "OSSL_STORE_INFO_get1_NAME"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, 0), - "OSSL_STORE_INFO_get1_NAME_description"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, 0), - "OSSL_STORE_INFO_get1_PARAMS"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, 0), - "OSSL_STORE_INFO_get1_PKEY"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, 0), - "OSSL_STORE_INFO_new_CERT"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, 0), - "OSSL_STORE_INFO_new_CRL"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, 0), - "ossl_store_info_new_EMBEDDED"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, 0), - "OSSL_STORE_INFO_new_NAME"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, 0), - "OSSL_STORE_INFO_new_PARAMS"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, 0), - "OSSL_STORE_INFO_new_PKEY"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, 0), - "OSSL_STORE_INFO_set0_NAME_description"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INIT_ONCE, 0), - "ossl_store_init_once"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_LOADER_NEW, 0), - "OSSL_STORE_LOADER_new"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN, 0), - "OSSL_STORE_open"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0), - "ossl_store_register_loader_int"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0), - "OSSL_STORE_SEARCH_by_alias"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0), - "OSSL_STORE_SEARCH_by_issuer_serial"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0), - "OSSL_STORE_SEARCH_by_key_fingerprint"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0), - "OSSL_STORE_SEARCH_by_name"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0), - "ossl_store_unregister_loader_int"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0), - "try_decode_params"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS12, 0), - "try_decode_PKCS12"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, 0), - "try_decode_PKCS8Encrypted"}, - {0, NULL} -}; - static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = { {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE), "ambiguous content type"}, @@ -137,10 +62,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = { int ERR_load_OSSL_STORE_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(OSSL_STORE_str_functs[0].error) == NULL) { - ERR_load_strings_const(OSSL_STORE_str_functs); + if (ERR_func_error_string(OSSL_STORE_str_reasons[0].error) == NULL) ERR_load_strings_const(OSSL_STORE_str_reasons); - } #endif return 1; } diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c index c971d47..b020315 100644 --- a/crypto/ts/ts_err.c +++ b/crypto/ts/ts_err.c @@ -13,91 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA TS_str_functs[] = { - {ERR_PACK(ERR_LIB_TS, TS_F_DEF_SERIAL_CB, 0), "def_serial_cb"}, - {ERR_PACK(ERR_LIB_TS, TS_F_DEF_TIME_CB, 0), "def_time_cb"}, - {ERR_PACK(ERR_LIB_TS, TS_F_INT_TS_RESP_VERIFY_TOKEN, 0), - "int_ts_RESP_verify_token"}, - {ERR_PACK(ERR_LIB_TS, TS_F_PKCS7_TO_TS_TST_INFO, 0), - "PKCS7_to_TS_TST_INFO"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MICROS, 0), - "TS_ACCURACY_set_micros"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MILLIS, 0), - "TS_ACCURACY_set_millis"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_SECONDS, 0), - "TS_ACCURACY_set_seconds"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_IMPRINTS, 0), "ts_check_imprints"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_NONCES, 0), "ts_check_nonces"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_POLICY, 0), "ts_check_policy"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_SIGNING_CERTS, 0), - "ts_check_signing_certs"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_STATUS_INFO, 0), - "ts_check_status_info"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_COMPUTE_IMPRINT, 0), "ts_compute_imprint"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_INVALID, 0), "ts_CONF_invalid"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERT, 0), "TS_CONF_load_cert"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERTS, 0), "TS_CONF_load_certs"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_KEY, 0), "TS_CONF_load_key"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOOKUP_FAIL, 0), "ts_CONF_lookup_fail"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_SET_DEFAULT_ENGINE, 0), - "TS_CONF_set_default_engine"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_GET_STATUS_TEXT, 0), "ts_get_status_text"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_MSG_IMPRINT_SET_ALGO, 0), - "TS_MSG_IMPRINT_set_algo"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_MSG_IMPRINT, 0), - "TS_REQ_set_msg_imprint"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_NONCE, 0), "TS_REQ_set_nonce"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_POLICY_ID, 0), - "TS_REQ_set_policy_id"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_RESPONSE, 0), - "TS_RESP_create_response"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_TST_INFO, 0), - "ts_RESP_create_tst_info"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, 0), - "TS_RESP_CTX_add_failure_info"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_MD, 0), "TS_RESP_CTX_add_md"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_POLICY, 0), - "TS_RESP_CTX_add_policy"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_NEW, 0), "TS_RESP_CTX_new"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_ACCURACY, 0), - "TS_RESP_CTX_set_accuracy"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_CERTS, 0), - "TS_RESP_CTX_set_certs"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_DEF_POLICY, 0), - "TS_RESP_CTX_set_def_policy"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 0), - "TS_RESP_CTX_set_signer_cert"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_STATUS_INFO, 0), - "TS_RESP_CTX_set_status_info"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_GET_POLICY, 0), "ts_RESP_get_policy"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, 0), - "TS_RESP_set_genTime_with_precision"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_STATUS_INFO, 0), - "TS_RESP_set_status_info"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_TST_INFO, 0), - "TS_RESP_set_tst_info"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SIGN, 0), "ts_RESP_sign"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_VERIFY_SIGNATURE, 0), - "TS_RESP_verify_signature"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_ACCURACY, 0), - "TS_TST_INFO_set_accuracy"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_MSG_IMPRINT, 0), - "TS_TST_INFO_set_msg_imprint"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_NONCE, 0), - "TS_TST_INFO_set_nonce"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_POLICY_ID, 0), - "TS_TST_INFO_set_policy_id"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_SERIAL, 0), - "TS_TST_INFO_set_serial"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TIME, 0), - "TS_TST_INFO_set_time"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TSA, 0), "TS_TST_INFO_set_tsa"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY, 0), ""}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CERT, 0), "ts_verify_cert"}, - {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CTX_NEW, 0), "TS_VERIFY_CTX_new"}, - {0, NULL} -}; - static const ERR_STRING_DATA TS_str_reasons[] = { {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"}, @@ -163,10 +78,8 @@ static const ERR_STRING_DATA TS_str_reasons[] = { int ERR_load_TS_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(TS_str_functs[0].error) == NULL) { - ERR_load_strings_const(TS_str_functs); + if (ERR_func_error_string(TS_str_reasons[0].error) == NULL) ERR_load_strings_const(TS_str_reasons); - } #endif return 1; } diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c index 431987d..7d6352b 100644 --- a/crypto/ui/ui_err.c +++ b/crypto/ui/ui_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,36 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA UI_str_functs[] = { - {ERR_PACK(ERR_LIB_UI, UI_F_CLOSE_CONSOLE, 0), "close_console"}, - {ERR_PACK(ERR_LIB_UI, UI_F_ECHO_CONSOLE, 0), "echo_console"}, - {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_BOOLEAN, 0), - "general_allocate_boolean"}, - {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_PROMPT, 0), - "general_allocate_prompt"}, - {ERR_PACK(ERR_LIB_UI, UI_F_NOECHO_CONSOLE, 0), "noecho_console"}, - {ERR_PACK(ERR_LIB_UI, UI_F_OPEN_CONSOLE, 0), "open_console"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_CONSTRUCT_PROMPT, 0), "UI_construct_prompt"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_CREATE_METHOD, 0), "UI_create_method"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_CTRL, 0), "UI_ctrl"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_ERROR_STRING, 0), "UI_dup_error_string"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INFO_STRING, 0), "UI_dup_info_string"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_BOOLEAN, 0), - "UI_dup_input_boolean"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_STRING, 0), "UI_dup_input_string"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_USER_DATA, 0), "UI_dup_user_data"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_VERIFY_STRING, 0), - "UI_dup_verify_string"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET0_RESULT, 0), "UI_get0_result"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET_RESULT_LENGTH, 0), - "UI_get_result_length"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_NEW_METHOD, 0), "UI_new_method"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_PROCESS, 0), "UI_process"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT, 0), "UI_set_result"}, - {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT_EX, 0), "UI_set_result_ex"}, - {0, NULL} -}; - static const ERR_STRING_DATA UI_str_reasons[] = { {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), "common ok and cancel characters"}, @@ -69,10 +39,8 @@ static const ERR_STRING_DATA UI_str_reasons[] = { int ERR_load_UI_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(UI_str_functs[0].error) == NULL) { - ERR_load_strings_const(UI_str_functs); + if (ERR_func_error_string(UI_str_reasons[0].error) == NULL) ERR_load_strings_const(UI_str_reasons); - } #endif return 1; } diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 8c3502e..d039351 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -874,13 +874,6 @@ int UI_get_result_maxsize(UI_STRING *uis) int UI_set_result(UI *ui, UI_STRING *uis, const char *result) { -#if 0 - /* - * This is placed here solely to preserve UI_F_UI_SET_RESULT - * To be removed for OpenSSL 1.2.0 - */ - UIerr(UI_F_UI_SET_RESULT, ERR_R_DISABLED); -#endif return UI_set_result_ex(ui, uis, result, strlen(result)); } diff --git a/crypto/x509/v3err.c b/crypto/x509/v3err.c index 421d936..c02e1d2 100644 --- a/crypto/x509/v3err.c +++ b/crypto/x509/v3err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,120 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA X509V3_str_functs[] = { - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_A2I_GENERAL_NAME, 0), - "a2i_GENERAL_NAME"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, 0), - "addr_validate_path_internal"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, 0), - "ASIdentifierChoice_canonize"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, 0), - "ASIdentifierChoice_is_canonical"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_BIGNUM_TO_STRING, 0), - "bignum_to_string"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_EMAIL, 0), "copy_email"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_ISSUER, 0), "copy_issuer"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_DIRNAME, 0), "do_dirname"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_I2D, 0), "do_ext_i2d"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_NCONF, 0), "do_ext_nconf"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_GNAMES_FROM_SECTNAME, 0), - "gnames_from_sectname"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_ENUMERATED, 0), - "i2s_ASN1_ENUMERATED"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_IA5STRING, 0), - "i2s_ASN1_IA5STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_INTEGER, 0), - "i2s_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0), - "i2v_AUTHORITY_INFO_ACCESS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0), - "policy_cache_create"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0), - "policy_cache_new"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0), - "process_pci_value"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_CERTPOL, 0), "r2i_certpol"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_PCI, 0), "r2i_pci"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_IA5STRING, 0), - "s2i_ASN1_IA5STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_INTEGER, 0), - "s2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_OCTET_STRING, 0), - "s2i_ASN1_OCTET_STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_SKEY_ID, 0), "s2i_skey_id"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SET_DIST_POINT_NAME, 0), - "set_dist_point_name"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ASC, 0), - "SXNET_add_id_asc"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_INTEGER, 0), - "SXNET_add_id_INTEGER"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ULONG, 0), - "SXNET_add_id_ulong"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ASC, 0), - "SXNET_get_id_asc"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ULONG, 0), - "SXNET_get_id_ulong"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_TREE_INIT, 0), "tree_init"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASIDENTIFIERS, 0), - "v2i_ASIdentifiers"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASN1_BIT_STRING, 0), - "v2i_ASN1_BIT_STRING"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_INFO_ACCESS, 0), - "v2i_AUTHORITY_INFO_ACCESS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_KEYID, 0), - "v2i_AUTHORITY_KEYID"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_BASIC_CONSTRAINTS, 0), - "v2i_BASIC_CONSTRAINTS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_CRLD, 0), "v2i_crld"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_EXTENDED_KEY_USAGE, 0), - "v2i_EXTENDED_KEY_USAGE"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAMES, 0), - "v2i_GENERAL_NAMES"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAME_EX, 0), - "v2i_GENERAL_NAME_ex"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IDP, 0), "v2i_idp"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IPADDRBLOCKS, 0), - "v2i_IPAddrBlocks"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ISSUER_ALT, 0), "v2i_issuer_alt"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_NAME_CONSTRAINTS, 0), - "v2i_NAME_CONSTRAINTS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_CONSTRAINTS, 0), - "v2i_POLICY_CONSTRAINTS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_MAPPINGS, 0), - "v2i_POLICY_MAPPINGS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_SUBJECT_ALT, 0), "v2i_subject_alt"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_TLS_FEATURE, 0), "v2i_TLS_FEATURE"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0), - "v3_generic_extension"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0), - "X509V3_add_value"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD_ALIAS, 0), - "X509V3_EXT_add_alias"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_I2D, 0), "X509V3_EXT_i2d"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_NCONF, 0), - "X509V3_EXT_nconf"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_SECTION, 0), - "X509V3_get_section"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_STRING, 0), - "X509V3_get_string"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_VALUE_BOOL, 0), - "X509V3_get_value_bool"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_PARSE_LIST, 0), - "X509V3_parse_list"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_ADD, 0), - "X509_PURPOSE_add"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_SET, 0), - "X509_PURPOSE_set"}, - {0, NULL} -}; - static const ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"}, {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"}, @@ -248,10 +134,8 @@ static const ERR_STRING_DATA X509V3_str_reasons[] = { int ERR_load_X509V3_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) { - ERR_load_strings_const(X509V3_str_functs); + if (ERR_func_error_string(X509V3_str_reasons[0].error) == NULL) ERR_load_strings_const(X509V3_str_reasons); - } #endif return 1; } diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 1d0c518..ff6d273 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -13,109 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA X509_str_functs[] = { - {ERR_PACK(ERR_LIB_X509, X509_F_ADD_CERT_DIR, 0), "add_cert_dir"}, - {ERR_PACK(ERR_LIB_X509, X509_F_BUILD_CHAIN, 0), "build_chain"}, - {ERR_PACK(ERR_LIB_X509, X509_F_BY_FILE_CTRL, 0), "by_file_ctrl"}, - {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_NAME_CONSTRAINTS, 0), - "check_name_constraints"}, - {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_POLICY, 0), "check_policy"}, - {ERR_PACK(ERR_LIB_X509, X509_F_COMMON_VERIFY_SM2, 0), "common_verify_sm2"}, - {ERR_PACK(ERR_LIB_X509, X509_F_DANE_I2D, 0), "dane_i2d"}, - {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"}, - {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0), - "get_cert_by_subject"}, - {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"}, - {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"}, - {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0), - "NETSCAPE_SPKI_b64_decode"}, - {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0), - "NETSCAPE_SPKI_b64_encode"}, - {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0), - "X509_ATTRIBUTE_create_by_NID"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, 0), - "X509_ATTRIBUTE_create_by_OBJ"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, 0), - "X509_ATTRIBUTE_create_by_txt"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_GET0_DATA, 0), - "X509_ATTRIBUTE_get0_data"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_SET1_DATA, 0), - "X509_ATTRIBUTE_set1_data"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0), - "X509_check_private_key"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0), - "X509_CRL_METHOD_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0), - "X509_EXTENSION_create_by_NID"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_OBJ, 0), - "X509_EXTENSION_create_by_OBJ"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_GET_PUBKEY_PARAMETERS, 0), - "X509_get_pubkey_parameters"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_CRL_FILE, 0), - "X509_load_cert_crl_file"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_FILE, 0), - "X509_load_cert_file"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0), - "X509_load_crl_file"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0), - "X509_LOOKUP_meth_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0), - "X509_NAME_add_entry"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0), - "X509_NAME_ENTRY_create_by_NID"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0), - "X509_NAME_ENTRY_create_by_txt"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_SET_OBJECT, 0), - "X509_NAME_ENTRY_set_object"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ONELINE, 0), "X509_NAME_oneline"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_PRINT, 0), "X509_NAME_print"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_OBJECT_NEW, 0), "X509_OBJECT_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0), - "x509_pubkey_decode"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0), - "X509_REQ_check_private_key"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_EX, 0), "X509_REQ_print_ex"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_FP, 0), "X509_REQ_print_fp"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_TO_X509, 0), "X509_REQ_to_X509"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_VERIFY, 0), "X509_REQ_verify"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_VERIFY_SM2, 0), - "x509_req_verify_sm2"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CERT, 0), - "X509_STORE_add_cert"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0), - "X509_STORE_add_crl"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0), - "X509_STORE_add_lookup"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0), - "X509_STORE_CTX_get1_issuer"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0), - "X509_STORE_CTX_init"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_NEW, 0), - "X509_STORE_CTX_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0), - "X509_STORE_CTX_purpose_inherit"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY, 0), "X509_verify"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0), - "X509_VERIFY_PARAM_new"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_SM2, 0), "x509_verify_sm2"}, - {0, NULL} -}; - static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"}, @@ -180,10 +77,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = { int ERR_load_X509_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { - ERR_load_strings_const(X509_str_functs); + if (ERR_func_error_string(X509_str_reasons[0].error) == NULL) ERR_load_strings_const(X509_str_reasons); - } #endif return 1; } diff --git a/doc/man3/ERR_GET_LIB.pod b/doc/man3/ERR_GET_LIB.pod index 6f14a09..2046159 100644 --- a/doc/man3/ERR_GET_LIB.pod +++ b/doc/man3/ERR_GET_LIB.pod @@ -38,12 +38,13 @@ unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number. ERR_GET_LIB(), ERR_GET_FUNC(), ERR_GET_REASON(), and ERR_FATAL_ERROR() - are macros. +are macros. =head1 RETURN VALUES The library number, function code, reason code, and whether the error is fatal, respectively. +Starting with OpenSSL 3.0.0, the function code is always set to zero. =head1 SEE ALSO diff --git a/engines/e_afalg.txt b/engines/e_afalg.txt index e32c880..7de1fe9 100644 --- a/engines/e_afalg.txt +++ b/engines/e_afalg.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_afalg_err.c b/engines/e_afalg_err.c index cd5b7b2..c436f10 100644 --- a/engines/e_afalg_err.c +++ b/engines/e_afalg_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,17 +13,6 @@ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA AFALG_str_functs[] = { - {ERR_PACK(0, AFALG_F_AFALG_CHK_PLATFORM, 0), "afalg_chk_platform"}, - {ERR_PACK(0, AFALG_F_AFALG_CREATE_SK, 0), "afalg_create_sk"}, - {ERR_PACK(0, AFALG_F_AFALG_INIT_AIO, 0), "afalg_init_aio"}, - {ERR_PACK(0, AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, 0), - "afalg_setup_async_event_notification"}, - {ERR_PACK(0, AFALG_F_AFALG_SET_KEY, 0), "afalg_set_key"}, - {ERR_PACK(0, AFALG_F_BIND_AFALG, 0), "bind_afalg"}, - {0, NULL} -}; - static ERR_STRING_DATA AFALG_str_reasons[] = { {ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"}, {ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO), @@ -56,7 +45,6 @@ static int ERR_load_AFALG_strings(void) if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(lib_code, AFALG_str_functs); ERR_load_strings(lib_code, AFALG_str_reasons); #endif error_loaded = 1; @@ -68,7 +56,6 @@ static void ERR_unload_AFALG_strings(void) { if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(lib_code, AFALG_str_functs); ERR_unload_strings(lib_code, AFALG_str_reasons); #endif error_loaded = 0; diff --git a/engines/e_afalg_err.h b/engines/e_afalg_err.h index bd1dd15..27cdcd3 100644 --- a/engines/e_afalg_err.h +++ b/engines/e_afalg_err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,18 +11,24 @@ #ifndef HEADER_AFALGERR_H # define HEADER_AFALGERR_H -# define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) +# include +# include + + +# define AFALGerr(f, r) ERR_AFALG_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * AFALG function codes. */ -# define AFALG_F_AFALG_CHK_PLATFORM 100 -# define AFALG_F_AFALG_CREATE_SK 101 -# define AFALG_F_AFALG_INIT_AIO 102 -# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 103 -# define AFALG_F_AFALG_SET_KEY 104 -# define AFALG_F_BIND_AFALG 105 +# if !OPENSSL_API_3 +# define AFALG_F_AFALG_CHK_PLATFORM 0 +# define AFALG_F_AFALG_CREATE_SK 0 +# define AFALG_F_AFALG_INIT_AIO 0 +# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 0 +# define AFALG_F_AFALG_SET_KEY 0 +# define AFALG_F_BIND_AFALG 0 +# endif /* * AFALG reason codes. diff --git a/engines/e_capi.txt b/engines/e_capi.txt index 29724e6..303a1ed 100644 --- a/engines/e_capi.txt +++ b/engines/e_capi.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c index 923723a..acbec41 100644 --- a/engines/e_capi_err.c +++ b/engines/e_capi_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,30 +13,6 @@ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA CAPI_str_functs[] = { - {ERR_PACK(0, CAPI_F_CAPI_CERT_GET_FNAME, 0), "capi_cert_get_fname"}, - {ERR_PACK(0, CAPI_F_CAPI_CTRL, 0), "capi_ctrl"}, - {ERR_PACK(0, CAPI_F_CAPI_CTX_NEW, 0), "capi_ctx_new"}, - {ERR_PACK(0, CAPI_F_CAPI_CTX_SET_PROVNAME, 0), "capi_ctx_set_provname"}, - {ERR_PACK(0, CAPI_F_CAPI_DSA_DO_SIGN, 0), "capi_dsa_do_sign"}, - {ERR_PACK(0, CAPI_F_CAPI_GET_KEY, 0), "capi_get_key"}, - {ERR_PACK(0, CAPI_F_CAPI_GET_PKEY, 0), "capi_get_pkey"}, - {ERR_PACK(0, CAPI_F_CAPI_GET_PROVNAME, 0), "capi_get_provname"}, - {ERR_PACK(0, CAPI_F_CAPI_GET_PROV_INFO, 0), "capi_get_prov_info"}, - {ERR_PACK(0, CAPI_F_CAPI_INIT, 0), "capi_init"}, - {ERR_PACK(0, CAPI_F_CAPI_LIST_CONTAINERS, 0), "capi_list_containers"}, - {ERR_PACK(0, CAPI_F_CAPI_LOAD_PRIVKEY, 0), "capi_load_privkey"}, - {ERR_PACK(0, CAPI_F_CAPI_OPEN_STORE, 0), "capi_open_store"}, - {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_DEC, 0), "capi_rsa_priv_dec"}, - {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_ENC, 0), "capi_rsa_priv_enc"}, - {ERR_PACK(0, CAPI_F_CAPI_RSA_SIGN, 0), "capi_rsa_sign"}, - {ERR_PACK(0, CAPI_F_CAPI_VTRACE, 0), "capi_vtrace"}, - {ERR_PACK(0, CAPI_F_CERT_SELECT_DIALOG, 0), "cert_select_dialog"}, - {ERR_PACK(0, CAPI_F_CLIENT_CERT_SELECT, 0), ""}, - {ERR_PACK(0, CAPI_F_WIDE_TO_ASC, 0), "wide_to_asc"}, - {0, NULL} -}; - static ERR_STRING_DATA CAPI_str_reasons[] = { {ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"}, {ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"}, @@ -92,7 +68,6 @@ static int ERR_load_CAPI_strings(void) if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(lib_code, CAPI_str_functs); ERR_load_strings(lib_code, CAPI_str_reasons); #endif error_loaded = 1; @@ -104,7 +79,6 @@ static void ERR_unload_CAPI_strings(void) { if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(lib_code, CAPI_str_functs); ERR_unload_strings(lib_code, CAPI_str_reasons); #endif error_loaded = 0; diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h index 544f7fe..a9389ec 100644 --- a/engines/e_capi_err.h +++ b/engines/e_capi_err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,32 +11,38 @@ #ifndef HEADER_CAPIERR_H # define HEADER_CAPIERR_H -# define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) +# include +# include + + +# define CAPIerr(f, r) ERR_CAPI_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * CAPI function codes. */ -# define CAPI_F_CAPI_CERT_GET_FNAME 99 -# define CAPI_F_CAPI_CTRL 100 -# define CAPI_F_CAPI_CTX_NEW 101 -# define CAPI_F_CAPI_CTX_SET_PROVNAME 102 -# define CAPI_F_CAPI_DSA_DO_SIGN 114 -# define CAPI_F_CAPI_GET_KEY 103 -# define CAPI_F_CAPI_GET_PKEY 115 -# define CAPI_F_CAPI_GET_PROVNAME 104 -# define CAPI_F_CAPI_GET_PROV_INFO 105 -# define CAPI_F_CAPI_INIT 106 -# define CAPI_F_CAPI_LIST_CONTAINERS 107 -# define CAPI_F_CAPI_LOAD_PRIVKEY 108 -# define CAPI_F_CAPI_OPEN_STORE 109 -# define CAPI_F_CAPI_RSA_PRIV_DEC 110 -# define CAPI_F_CAPI_RSA_PRIV_ENC 111 -# define CAPI_F_CAPI_RSA_SIGN 112 -# define CAPI_F_CAPI_VTRACE 118 -# define CAPI_F_CERT_SELECT_DIALOG 117 -# define CAPI_F_CLIENT_CERT_SELECT 116 -# define CAPI_F_WIDE_TO_ASC 113 +# if !OPENSSL_API_3 +# define CAPI_F_CAPI_CERT_GET_FNAME 0 +# define CAPI_F_CAPI_CTRL 0 +# define CAPI_F_CAPI_CTX_NEW 0 +# define CAPI_F_CAPI_CTX_SET_PROVNAME 0 +# define CAPI_F_CAPI_DSA_DO_SIGN 0 +# define CAPI_F_CAPI_GET_KEY 0 +# define CAPI_F_CAPI_GET_PKEY 0 +# define CAPI_F_CAPI_GET_PROVNAME 0 +# define CAPI_F_CAPI_GET_PROV_INFO 0 +# define CAPI_F_CAPI_INIT 0 +# define CAPI_F_CAPI_LIST_CONTAINERS 0 +# define CAPI_F_CAPI_LOAD_PRIVKEY 0 +# define CAPI_F_CAPI_OPEN_STORE 0 +# define CAPI_F_CAPI_RSA_PRIV_DEC 0 +# define CAPI_F_CAPI_RSA_PRIV_ENC 0 +# define CAPI_F_CAPI_RSA_SIGN 0 +# define CAPI_F_CAPI_VTRACE 0 +# define CAPI_F_CERT_SELECT_DIALOG 0 +# define CAPI_F_CLIENT_CERT_SELECT 0 +# define CAPI_F_WIDE_TO_ASC 0 +# endif /* * CAPI reason codes. diff --git a/engines/e_dasync.txt b/engines/e_dasync.txt index 9a7b498..819ff6f 100644 --- a/engines/e_dasync.txt +++ b/engines/e_dasync.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_dasync_err.c b/engines/e_dasync_err.c index f71f6fe..0920690 100644 --- a/engines/e_dasync_err.c +++ b/engines/e_dasync_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,22 +13,6 @@ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA DASYNC_str_functs[] = { - {ERR_PACK(0, DASYNC_F_BIND_DASYNC, 0), "bind_dasync"}, - {ERR_PACK(0, DASYNC_F_CIPHER_AES_128_CBC_CODE, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_AES128_INIT_KEY, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_BN_MOD_EXP, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 0), - "dasync_cipher_init_key_helper"}, - {ERR_PACK(0, DASYNC_F_DASYNC_MOD_EXP, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_DECRYPT, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_ENCRYPT, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_DECRYPT, 0), ""}, - {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_ENCRYPT, 0), ""}, - {0, NULL} -}; - static ERR_STRING_DATA DASYNC_str_reasons[] = { {ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed"}, {0, NULL} @@ -46,7 +30,6 @@ static int ERR_load_DASYNC_strings(void) if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(lib_code, DASYNC_str_functs); ERR_load_strings(lib_code, DASYNC_str_reasons); #endif error_loaded = 1; @@ -58,7 +41,6 @@ static void ERR_unload_DASYNC_strings(void) { if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(lib_code, DASYNC_str_functs); ERR_unload_strings(lib_code, DASYNC_str_reasons); #endif error_loaded = 0; diff --git a/engines/e_dasync_err.h b/engines/e_dasync_err.h index 844615e..907ba88 100644 --- a/engines/e_dasync_err.h +++ b/engines/e_dasync_err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,23 +11,29 @@ #ifndef HEADER_DASYNCERR_H # define HEADER_DASYNCERR_H -# define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) +# include +# include + + +# define DASYNCerr(f, r) ERR_DASYNC_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * DASYNC function codes. */ -# define DASYNC_F_BIND_DASYNC 107 -# define DASYNC_F_CIPHER_AES_128_CBC_CODE 100 -# define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY 109 -# define DASYNC_F_DASYNC_AES128_INIT_KEY 108 -# define DASYNC_F_DASYNC_BN_MOD_EXP 101 -# define DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER 110 -# define DASYNC_F_DASYNC_MOD_EXP 102 -# define DASYNC_F_DASYNC_PRIVATE_DECRYPT 103 -# define DASYNC_F_DASYNC_PRIVATE_ENCRYPT 104 -# define DASYNC_F_DASYNC_PUBLIC_DECRYPT 105 -# define DASYNC_F_DASYNC_PUBLIC_ENCRYPT 106 +# if !OPENSSL_API_3 +# define DASYNC_F_BIND_DASYNC 0 +# define DASYNC_F_CIPHER_AES_128_CBC_CODE 0 +# define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY 0 +# define DASYNC_F_DASYNC_AES128_INIT_KEY 0 +# define DASYNC_F_DASYNC_BN_MOD_EXP 0 +# define DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER 0 +# define DASYNC_F_DASYNC_MOD_EXP 0 +# define DASYNC_F_DASYNC_PRIVATE_DECRYPT 0 +# define DASYNC_F_DASYNC_PRIVATE_ENCRYPT 0 +# define DASYNC_F_DASYNC_PUBLIC_DECRYPT 0 +# define DASYNC_F_DASYNC_PUBLIC_ENCRYPT 0 +# endif /* * DASYNC reason codes. diff --git a/engines/e_ossltest.txt b/engines/e_ossltest.txt index b16c4aa..f40e60c 100644 --- a/engines/e_ossltest.txt +++ b/engines/e_ossltest.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_ossltest_err.c b/engines/e_ossltest_err.c index 57c71e3..b81e00b 100644 --- a/engines/e_ossltest_err.c +++ b/engines/e_ossltest_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,12 +13,6 @@ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA OSSLTEST_str_functs[] = { - {ERR_PACK(0, OSSLTEST_F_BIND_OSSLTEST, 0), "bind_ossltest"}, - {ERR_PACK(0, OSSLTEST_F_OSSLTEST_AES128_INIT_KEY, 0), ""}, - {0, NULL} -}; - static ERR_STRING_DATA OSSLTEST_str_reasons[] = { {ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed"}, {0, NULL} @@ -36,7 +30,6 @@ static int ERR_load_OSSLTEST_strings(void) if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(lib_code, OSSLTEST_str_functs); ERR_load_strings(lib_code, OSSLTEST_str_reasons); #endif error_loaded = 1; @@ -48,7 +41,6 @@ static void ERR_unload_OSSLTEST_strings(void) { if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(lib_code, OSSLTEST_str_functs); ERR_unload_strings(lib_code, OSSLTEST_str_reasons); #endif error_loaded = 0; diff --git a/engines/e_ossltest_err.h b/engines/e_ossltest_err.h index 03f7bfb..b575a80 100644 --- a/engines/e_ossltest_err.h +++ b/engines/e_ossltest_err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,14 +11,20 @@ #ifndef HEADER_OSSLTESTERR_H # define HEADER_OSSLTESTERR_H -# define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) +# include +# include + + +# define OSSLTESTerr(f, r) ERR_OSSLTEST_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * OSSLTEST function codes. */ -# define OSSLTEST_F_BIND_OSSLTEST 100 -# define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY 101 +# if !OPENSSL_API_3 +# define OSSLTEST_F_BIND_OSSLTEST 0 +# define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY 0 +# endif /* * OSSLTEST reason codes. diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index 8347d85..da51e5f 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -11,11 +11,9 @@ #ifndef HEADER_DSOERR_H # define HEADER_DSOERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif - # include +# include + # ifdef __cplusplus extern "C" @@ -25,60 +23,62 @@ int ERR_load_DSO_strings(void); /* * DSO function codes. */ -# define DSO_F_DLFCN_BIND_FUNC 100 -# define DSO_F_DLFCN_LOAD 102 -# define DSO_F_DLFCN_MERGER 130 -# define DSO_F_DLFCN_NAME_CONVERTER 123 -# define DSO_F_DLFCN_UNLOAD 103 -# define DSO_F_DL_BIND_FUNC 104 -# define DSO_F_DL_LOAD 106 -# define DSO_F_DL_MERGER 131 -# define DSO_F_DL_NAME_CONVERTER 124 -# define DSO_F_DL_UNLOAD 107 -# define DSO_F_DSO_BIND_FUNC 108 -# define DSO_F_DSO_CONVERT_FILENAME 126 -# define DSO_F_DSO_CTRL 110 -# define DSO_F_DSO_FREE 111 -# define DSO_F_DSO_GET_FILENAME 127 -# define DSO_F_DSO_GLOBAL_LOOKUP 139 -# define DSO_F_DSO_LOAD 112 -# define DSO_F_DSO_MERGE 132 -# define DSO_F_DSO_NEW_METHOD 113 -# define DSO_F_DSO_PATHBYADDR 105 -# define DSO_F_DSO_SET_FILENAME 129 -# define DSO_F_DSO_UP_REF 114 -# define DSO_F_VMS_BIND_SYM 115 -# define DSO_F_VMS_LOAD 116 -# define DSO_F_VMS_MERGER 133 -# define DSO_F_VMS_UNLOAD 117 -# define DSO_F_WIN32_BIND_FUNC 101 -# define DSO_F_WIN32_GLOBALLOOKUP 142 -# define DSO_F_WIN32_JOINER 135 -# define DSO_F_WIN32_LOAD 120 -# define DSO_F_WIN32_MERGER 134 -# define DSO_F_WIN32_NAME_CONVERTER 125 -# define DSO_F_WIN32_PATHBYADDR 109 -# define DSO_F_WIN32_SPLITTER 136 -# define DSO_F_WIN32_UNLOAD 121 +# if !OPENSSL_API_3 +# define DSO_F_DLFCN_BIND_FUNC 0 +# define DSO_F_DLFCN_LOAD 0 +# define DSO_F_DLFCN_MERGER 0 +# define DSO_F_DLFCN_NAME_CONVERTER 0 +# define DSO_F_DLFCN_UNLOAD 0 +# define DSO_F_DL_BIND_FUNC 0 +# define DSO_F_DL_LOAD 0 +# define DSO_F_DL_MERGER 0 +# define DSO_F_DL_NAME_CONVERTER 0 +# define DSO_F_DL_UNLOAD 0 +# define DSO_F_DSO_BIND_FUNC 0 +# define DSO_F_DSO_CONVERT_FILENAME 0 +# define DSO_F_DSO_CTRL 0 +# define DSO_F_DSO_FREE 0 +# define DSO_F_DSO_GET_FILENAME 0 +# define DSO_F_DSO_GLOBAL_LOOKUP 0 +# define DSO_F_DSO_LOAD 0 +# define DSO_F_DSO_MERGE 0 +# define DSO_F_DSO_NEW_METHOD 0 +# define DSO_F_DSO_PATHBYADDR 0 +# define DSO_F_DSO_SET_FILENAME 0 +# define DSO_F_DSO_UP_REF 0 +# define DSO_F_VMS_BIND_SYM 0 +# define DSO_F_VMS_LOAD 0 +# define DSO_F_VMS_MERGER 0 +# define DSO_F_VMS_UNLOAD 0 +# define DSO_F_WIN32_BIND_FUNC 0 +# define DSO_F_WIN32_GLOBALLOOKUP 0 +# define DSO_F_WIN32_JOINER 0 +# define DSO_F_WIN32_LOAD 0 +# define DSO_F_WIN32_MERGER 0 +# define DSO_F_WIN32_NAME_CONVERTER 0 +# define DSO_F_WIN32_PATHBYADDR 0 +# define DSO_F_WIN32_SPLITTER 0 +# define DSO_F_WIN32_UNLOAD 0 +# endif /* * DSO reason codes. */ -# define DSO_R_CTRL_FAILED 100 -# define DSO_R_DSO_ALREADY_LOADED 110 -# define DSO_R_EMPTY_FILE_STRUCTURE 113 -# define DSO_R_FAILURE 114 -# define DSO_R_FILENAME_TOO_BIG 101 -# define DSO_R_FINISH_FAILED 102 -# define DSO_R_INCORRECT_FILE_SYNTAX 115 -# define DSO_R_LOAD_FAILED 103 -# define DSO_R_NAME_TRANSLATION_FAILED 109 -# define DSO_R_NO_FILENAME 111 -# define DSO_R_NULL_HANDLE 104 -# define DSO_R_SET_FILENAME_FAILED 112 -# define DSO_R_STACK_ERROR 105 -# define DSO_R_SYM_FAILURE 106 -# define DSO_R_UNLOAD_FAILED 107 -# define DSO_R_UNSUPPORTED 108 +# define DSO_R_CTRL_FAILED 100 +# define DSO_R_DSO_ALREADY_LOADED 110 +# define DSO_R_EMPTY_FILE_STRUCTURE 113 +# define DSO_R_FAILURE 114 +# define DSO_R_FILENAME_TOO_BIG 101 +# define DSO_R_FINISH_FAILED 102 +# define DSO_R_INCORRECT_FILE_SYNTAX 115 +# define DSO_R_LOAD_FAILED 103 +# define DSO_R_NAME_TRANSLATION_FAILED 109 +# define DSO_R_NO_FILENAME 111 +# define DSO_R_NULL_HANDLE 104 +# define DSO_R_SET_FILENAME_FAILED 112 +# define DSO_R_STACK_ERROR 105 +# define DSO_R_SYM_FAILURE 106 +# define DSO_R_UNLOAD_FAILED 107 +# define DSO_R_UNSUPPORTED 108 #endif diff --git a/include/internal/propertyerr.h b/include/internal/propertyerr.h index d400297..a5d5125 100644 --- a/include/internal/propertyerr.h +++ b/include/internal/propertyerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_PROPERR_H # define HEADER_PROPERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,14 +23,16 @@ int ERR_load_PROP_strings(void); /* * PROP function codes. */ -# define PROP_F_OSSL_PARSE_PROPERTY 100 -# define PROP_F_OSSL_PARSE_QUERY 101 -# define PROP_F_PARSE_HEX 102 -# define PROP_F_PARSE_NAME 103 -# define PROP_F_PARSE_NUMBER 104 -# define PROP_F_PARSE_OCT 105 -# define PROP_F_PARSE_STRING 106 -# define PROP_F_PARSE_UNQUOTED 107 +# if !OPENSSL_API_3 +# define PROP_F_OSSL_PARSE_PROPERTY 0 +# define PROP_F_OSSL_PARSE_QUERY 0 +# define PROP_F_PARSE_HEX 0 +# define PROP_F_PARSE_NAME 0 +# define PROP_F_PARSE_NUMBER 0 +# define PROP_F_PARSE_OCT 0 +# define PROP_F_PARSE_STRING 0 +# define PROP_F_PARSE_UNQUOTED 0 +# endif /* * PROP reason codes. diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index 2ae486f..d2d271b 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -11,9 +11,9 @@ #ifndef HEADER_ASN1ERR_H # define HEADER_ASN1ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,121 +23,123 @@ int ERR_load_ASN1_strings(void); /* * ASN1 function codes. */ -# define ASN1_F_A2D_ASN1_OBJECT 100 -# define ASN1_F_A2I_ASN1_INTEGER 102 -# define ASN1_F_A2I_ASN1_STRING 103 -# define ASN1_F_APPEND_EXP 176 -# define ASN1_F_ASN1_BIO_INIT 113 -# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 -# define ASN1_F_ASN1_CB 177 -# define ASN1_F_ASN1_CHECK_TLEN 104 -# define ASN1_F_ASN1_COLLECT 106 -# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 -# define ASN1_F_ASN1_D2I_FP 109 -# define ASN1_F_ASN1_D2I_READ_BIO 107 -# define ASN1_F_ASN1_DIGEST 184 -# define ASN1_F_ASN1_DO_ADB 110 -# define ASN1_F_ASN1_DO_LOCK 233 -# define ASN1_F_ASN1_DUP 111 -# define ASN1_F_ASN1_ENC_SAVE 115 -# define ASN1_F_ASN1_EX_C2I 204 -# define ASN1_F_ASN1_FIND_END 190 -# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 -# define ASN1_F_ASN1_GENERATE_V3 178 -# define ASN1_F_ASN1_GET_INT64 224 -# define ASN1_F_ASN1_GET_OBJECT 114 -# define ASN1_F_ASN1_GET_UINT64 225 -# define ASN1_F_ASN1_I2D_BIO 116 -# define ASN1_F_ASN1_I2D_FP 117 -# define ASN1_F_ASN1_ITEM_D2I_FP 206 -# define ASN1_F_ASN1_ITEM_DUP 191 -# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 -# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 -# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 -# define ASN1_F_ASN1_ITEM_I2D_BIO 192 -# define ASN1_F_ASN1_ITEM_I2D_FP 193 -# define ASN1_F_ASN1_ITEM_PACK 198 -# define ASN1_F_ASN1_ITEM_SIGN 195 -# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 -# define ASN1_F_ASN1_ITEM_UNPACK 199 -# define ASN1_F_ASN1_ITEM_VERIFY 197 -# define ASN1_F_ASN1_MBSTRING_NCOPY 122 -# define ASN1_F_ASN1_OBJECT_NEW 123 -# define ASN1_F_ASN1_OUTPUT_DATA 214 -# define ASN1_F_ASN1_PCTX_NEW 205 -# define ASN1_F_ASN1_PRIMITIVE_NEW 119 -# define ASN1_F_ASN1_SCTX_NEW 221 -# define ASN1_F_ASN1_SIGN 128 -# define ASN1_F_ASN1_STR2TYPE 179 -# define ASN1_F_ASN1_STRING_GET_INT64 227 -# define ASN1_F_ASN1_STRING_GET_UINT64 230 -# define ASN1_F_ASN1_STRING_SET 186 -# define ASN1_F_ASN1_STRING_TABLE_ADD 129 -# define ASN1_F_ASN1_STRING_TO_BN 228 -# define ASN1_F_ASN1_STRING_TYPE_NEW 130 -# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 -# define ASN1_F_ASN1_TEMPLATE_NEW 133 -# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 -# define ASN1_F_ASN1_TIME_ADJ 217 -# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 -# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 -# define ASN1_F_ASN1_UTCTIME_ADJ 218 -# define ASN1_F_ASN1_VERIFY 137 -# define ASN1_F_B64_READ_ASN1 209 -# define ASN1_F_B64_WRITE_ASN1 210 -# define ASN1_F_BIO_NEW_NDEF 208 -# define ASN1_F_BITSTR_CB 180 -# define ASN1_F_BN_TO_ASN1_STRING 229 -# define ASN1_F_C2I_ASN1_BIT_STRING 189 -# define ASN1_F_C2I_ASN1_INTEGER 194 -# define ASN1_F_C2I_ASN1_OBJECT 196 -# define ASN1_F_C2I_IBUF 226 -# define ASN1_F_C2I_UINT64_INT 101 -# define ASN1_F_COLLECT_DATA 140 -# define ASN1_F_D2I_ASN1_OBJECT 147 -# define ASN1_F_D2I_ASN1_UINTEGER 150 -# define ASN1_F_D2I_AUTOPRIVATEKEY 207 -# define ASN1_F_D2I_KEYPARAMS 144 -# define ASN1_F_D2I_PRIVATEKEY 154 -# define ASN1_F_D2I_PUBLICKEY 155 -# define ASN1_F_DO_BUF 142 -# define ASN1_F_DO_CREATE 124 -# define ASN1_F_DO_DUMP 125 -# define ASN1_F_DO_TCREATE 222 -# define ASN1_F_I2A_ASN1_OBJECT 126 -# define ASN1_F_I2D_ASN1_BIO_STREAM 211 -# define ASN1_F_I2D_ASN1_OBJECT 143 -# define ASN1_F_I2D_DSA_PUBKEY 161 -# define ASN1_F_I2D_EC_PUBKEY 181 -# define ASN1_F_I2D_KEYPARAMS 145 -# define ASN1_F_I2D_PRIVATEKEY 163 -# define ASN1_F_I2D_PUBLICKEY 164 -# define ASN1_F_I2D_RSA_PUBKEY 165 -# define ASN1_F_LONG_C2I 166 -# define ASN1_F_NDEF_PREFIX 127 -# define ASN1_F_NDEF_SUFFIX 136 -# define ASN1_F_OID_MODULE_INIT 174 -# define ASN1_F_PARSE_TAGGING 182 -# define ASN1_F_PKCS5_PBE2_SET_IV 167 -# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 -# define ASN1_F_PKCS5_PBE_SET 202 -# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 -# define ASN1_F_PKCS5_PBKDF2_SET 219 -# define ASN1_F_PKCS5_SCRYPT_SET 232 -# define ASN1_F_SMIME_READ_ASN1 212 -# define ASN1_F_SMIME_TEXT 213 -# define ASN1_F_STABLE_GET 138 -# define ASN1_F_STBL_MODULE_INIT 223 -# define ASN1_F_UINT32_C2I 105 -# define ASN1_F_UINT32_NEW 139 -# define ASN1_F_UINT64_C2I 112 -# define ASN1_F_UINT64_NEW 141 -# define ASN1_F_X509_CRL_ADD0_REVOKED 169 -# define ASN1_F_X509_INFO_NEW 170 -# define ASN1_F_X509_NAME_ENCODE 203 -# define ASN1_F_X509_NAME_EX_D2I 158 -# define ASN1_F_X509_NAME_EX_NEW 171 -# define ASN1_F_X509_PKEY_NEW 173 +# if !OPENSSL_API_3 +# define ASN1_F_A2D_ASN1_OBJECT 0 +# define ASN1_F_A2I_ASN1_INTEGER 0 +# define ASN1_F_A2I_ASN1_STRING 0 +# define ASN1_F_APPEND_EXP 0 +# define ASN1_F_ASN1_BIO_INIT 0 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 0 +# define ASN1_F_ASN1_CB 0 +# define ASN1_F_ASN1_CHECK_TLEN 0 +# define ASN1_F_ASN1_COLLECT 0 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 0 +# define ASN1_F_ASN1_D2I_FP 0 +# define ASN1_F_ASN1_D2I_READ_BIO 0 +# define ASN1_F_ASN1_DIGEST 0 +# define ASN1_F_ASN1_DO_ADB 0 +# define ASN1_F_ASN1_DO_LOCK 0 +# define ASN1_F_ASN1_DUP 0 +# define ASN1_F_ASN1_ENC_SAVE 0 +# define ASN1_F_ASN1_EX_C2I 0 +# define ASN1_F_ASN1_FIND_END 0 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 0 +# define ASN1_F_ASN1_GENERATE_V3 0 +# define ASN1_F_ASN1_GET_INT64 0 +# define ASN1_F_ASN1_GET_OBJECT 0 +# define ASN1_F_ASN1_GET_UINT64 0 +# define ASN1_F_ASN1_I2D_BIO 0 +# define ASN1_F_ASN1_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_D2I_FP 0 +# define ASN1_F_ASN1_ITEM_DUP 0 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 0 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 0 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 0 +# define ASN1_F_ASN1_ITEM_I2D_BIO 0 +# define ASN1_F_ASN1_ITEM_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_PACK 0 +# define ASN1_F_ASN1_ITEM_SIGN 0 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 0 +# define ASN1_F_ASN1_ITEM_UNPACK 0 +# define ASN1_F_ASN1_ITEM_VERIFY 0 +# define ASN1_F_ASN1_MBSTRING_NCOPY 0 +# define ASN1_F_ASN1_OBJECT_NEW 0 +# define ASN1_F_ASN1_OUTPUT_DATA 0 +# define ASN1_F_ASN1_PCTX_NEW 0 +# define ASN1_F_ASN1_PRIMITIVE_NEW 0 +# define ASN1_F_ASN1_SCTX_NEW 0 +# define ASN1_F_ASN1_SIGN 0 +# define ASN1_F_ASN1_STR2TYPE 0 +# define ASN1_F_ASN1_STRING_GET_INT64 0 +# define ASN1_F_ASN1_STRING_GET_UINT64 0 +# define ASN1_F_ASN1_STRING_SET 0 +# define ASN1_F_ASN1_STRING_TABLE_ADD 0 +# define ASN1_F_ASN1_STRING_TO_BN 0 +# define ASN1_F_ASN1_STRING_TYPE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 0 +# define ASN1_F_ASN1_TEMPLATE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 0 +# define ASN1_F_ASN1_TIME_ADJ 0 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 0 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 0 +# define ASN1_F_ASN1_UTCTIME_ADJ 0 +# define ASN1_F_ASN1_VERIFY 0 +# define ASN1_F_B64_READ_ASN1 0 +# define ASN1_F_B64_WRITE_ASN1 0 +# define ASN1_F_BIO_NEW_NDEF 0 +# define ASN1_F_BITSTR_CB 0 +# define ASN1_F_BN_TO_ASN1_STRING 0 +# define ASN1_F_C2I_ASN1_BIT_STRING 0 +# define ASN1_F_C2I_ASN1_INTEGER 0 +# define ASN1_F_C2I_ASN1_OBJECT 0 +# define ASN1_F_C2I_IBUF 0 +# define ASN1_F_C2I_UINT64_INT 0 +# define ASN1_F_COLLECT_DATA 0 +# define ASN1_F_D2I_ASN1_OBJECT 0 +# define ASN1_F_D2I_ASN1_UINTEGER 0 +# define ASN1_F_D2I_AUTOPRIVATEKEY 0 +# define ASN1_F_D2I_KEYPARAMS 0 +# define ASN1_F_D2I_PRIVATEKEY 0 +# define ASN1_F_D2I_PUBLICKEY 0 +# define ASN1_F_DO_BUF 0 +# define ASN1_F_DO_CREATE 0 +# define ASN1_F_DO_DUMP 0 +# define ASN1_F_DO_TCREATE 0 +# define ASN1_F_I2A_ASN1_OBJECT 0 +# define ASN1_F_I2D_ASN1_BIO_STREAM 0 +# define ASN1_F_I2D_ASN1_OBJECT 0 +# define ASN1_F_I2D_DSA_PUBKEY 0 +# define ASN1_F_I2D_EC_PUBKEY 0 +# define ASN1_F_I2D_KEYPARAMS 0 +# define ASN1_F_I2D_PRIVATEKEY 0 +# define ASN1_F_I2D_PUBLICKEY 0 +# define ASN1_F_I2D_RSA_PUBKEY 0 +# define ASN1_F_LONG_C2I 0 +# define ASN1_F_NDEF_PREFIX 0 +# define ASN1_F_NDEF_SUFFIX 0 +# define ASN1_F_OID_MODULE_INIT 0 +# define ASN1_F_PARSE_TAGGING 0 +# define ASN1_F_PKCS5_PBE2_SET_IV 0 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 0 +# define ASN1_F_PKCS5_PBE_SET 0 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 0 +# define ASN1_F_PKCS5_PBKDF2_SET 0 +# define ASN1_F_PKCS5_SCRYPT_SET 0 +# define ASN1_F_SMIME_READ_ASN1 0 +# define ASN1_F_SMIME_TEXT 0 +# define ASN1_F_STABLE_GET 0 +# define ASN1_F_STBL_MODULE_INIT 0 +# define ASN1_F_UINT32_C2I 0 +# define ASN1_F_UINT32_NEW 0 +# define ASN1_F_UINT64_C2I 0 +# define ASN1_F_UINT64_NEW 0 +# define ASN1_F_X509_CRL_ADD0_REVOKED 0 +# define ASN1_F_X509_INFO_NEW 0 +# define ASN1_F_X509_NAME_ENCODE 0 +# define ASN1_F_X509_NAME_EX_D2I 0 +# define ASN1_F_X509_NAME_EX_NEW 0 +# define ASN1_F_X509_PKEY_NEW 0 +# endif /* * ASN1 reason codes. diff --git a/include/openssl/asyncerr.h b/include/openssl/asyncerr.h index 84f381d..9612190 100644 --- a/include/openssl/asyncerr.h +++ b/include/openssl/asyncerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_ASYNCERR_H # define HEADER_ASYNCERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,13 +23,15 @@ int ERR_load_ASYNC_strings(void); /* * ASYNC function codes. */ -# define ASYNC_F_ASYNC_CTX_NEW 100 -# define ASYNC_F_ASYNC_INIT_THREAD 101 -# define ASYNC_F_ASYNC_JOB_NEW 102 -# define ASYNC_F_ASYNC_PAUSE_JOB 103 -# define ASYNC_F_ASYNC_START_FUNC 104 -# define ASYNC_F_ASYNC_START_JOB 105 -# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 +# if !OPENSSL_API_3 +# define ASYNC_F_ASYNC_CTX_NEW 0 +# define ASYNC_F_ASYNC_INIT_THREAD 0 +# define ASYNC_F_ASYNC_JOB_NEW 0 +# define ASYNC_F_ASYNC_PAUSE_JOB 0 +# define ASYNC_F_ASYNC_START_FUNC 0 +# define ASYNC_F_ASYNC_START_JOB 0 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 0 +# endif /* * ASYNC reason codes. diff --git a/include/openssl/bioerr.h b/include/openssl/bioerr.h index e5c0deb..79a6c9e 100644 --- a/include/openssl/bioerr.h +++ b/include/openssl/bioerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_BIOERR_H # define HEADER_BIOERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,62 +23,64 @@ int ERR_load_BIO_strings(void); /* * BIO function codes. */ -# define BIO_F_ACPT_STATE 100 -# define BIO_F_ADDRINFO_WRAP 148 -# define BIO_F_ADDR_STRINGS 134 -# define BIO_F_BIO_ACCEPT 101 -# define BIO_F_BIO_ACCEPT_EX 137 -# define BIO_F_BIO_ACCEPT_NEW 152 -# define BIO_F_BIO_ADDR_NEW 144 -# define BIO_F_BIO_BIND 147 -# define BIO_F_BIO_CALLBACK_CTRL 131 -# define BIO_F_BIO_CONNECT 138 -# define BIO_F_BIO_CONNECT_NEW 153 -# define BIO_F_BIO_CTRL 103 -# define BIO_F_BIO_GETS 104 -# define BIO_F_BIO_GET_HOST_IP 106 -# define BIO_F_BIO_GET_NEW_INDEX 102 -# define BIO_F_BIO_GET_PORT 107 -# define BIO_F_BIO_LISTEN 139 -# define BIO_F_BIO_LOOKUP 135 -# define BIO_F_BIO_LOOKUP_EX 143 -# define BIO_F_BIO_MAKE_PAIR 121 -# define BIO_F_BIO_METH_NEW 146 -# define BIO_F_BIO_NEW 108 -# define BIO_F_BIO_NEW_DGRAM_SCTP 145 -# define BIO_F_BIO_NEW_FILE 109 -# define BIO_F_BIO_NEW_MEM_BUF 126 -# define BIO_F_BIO_NREAD 123 -# define BIO_F_BIO_NREAD0 124 -# define BIO_F_BIO_NWRITE 125 -# define BIO_F_BIO_NWRITE0 122 -# define BIO_F_BIO_PARSE_HOSTSERV 136 -# define BIO_F_BIO_PUTS 110 -# define BIO_F_BIO_READ 111 -# define BIO_F_BIO_READ_EX 105 -# define BIO_F_BIO_READ_INTERN 120 -# define BIO_F_BIO_SOCKET 140 -# define BIO_F_BIO_SOCKET_NBIO 142 -# define BIO_F_BIO_SOCK_INFO 141 -# define BIO_F_BIO_SOCK_INIT 112 -# define BIO_F_BIO_WRITE 113 -# define BIO_F_BIO_WRITE_EX 119 -# define BIO_F_BIO_WRITE_INTERN 128 -# define BIO_F_BUFFER_CTRL 114 -# define BIO_F_CONN_CTRL 127 -# define BIO_F_CONN_STATE 115 -# define BIO_F_DGRAM_SCTP_NEW 149 -# define BIO_F_DGRAM_SCTP_READ 132 -# define BIO_F_DGRAM_SCTP_WRITE 133 -# define BIO_F_DOAPR_OUTCH 150 -# define BIO_F_FILE_CTRL 116 -# define BIO_F_FILE_READ 130 -# define BIO_F_LINEBUFFER_CTRL 129 -# define BIO_F_LINEBUFFER_NEW 151 -# define BIO_F_MEM_WRITE 117 -# define BIO_F_NBIOF_NEW 154 -# define BIO_F_SLG_WRITE 155 -# define BIO_F_SSL_NEW 118 +# if !OPENSSL_API_3 +# define BIO_F_ACPT_STATE 0 +# define BIO_F_ADDRINFO_WRAP 0 +# define BIO_F_ADDR_STRINGS 0 +# define BIO_F_BIO_ACCEPT 0 +# define BIO_F_BIO_ACCEPT_EX 0 +# define BIO_F_BIO_ACCEPT_NEW 0 +# define BIO_F_BIO_ADDR_NEW 0 +# define BIO_F_BIO_BIND 0 +# define BIO_F_BIO_CALLBACK_CTRL 0 +# define BIO_F_BIO_CONNECT 0 +# define BIO_F_BIO_CONNECT_NEW 0 +# define BIO_F_BIO_CTRL 0 +# define BIO_F_BIO_GETS 0 +# define BIO_F_BIO_GET_HOST_IP 0 +# define BIO_F_BIO_GET_NEW_INDEX 0 +# define BIO_F_BIO_GET_PORT 0 +# define BIO_F_BIO_LISTEN 0 +# define BIO_F_BIO_LOOKUP 0 +# define BIO_F_BIO_LOOKUP_EX 0 +# define BIO_F_BIO_MAKE_PAIR 0 +# define BIO_F_BIO_METH_NEW 0 +# define BIO_F_BIO_NEW 0 +# define BIO_F_BIO_NEW_DGRAM_SCTP 0 +# define BIO_F_BIO_NEW_FILE 0 +# define BIO_F_BIO_NEW_MEM_BUF 0 +# define BIO_F_BIO_NREAD 0 +# define BIO_F_BIO_NREAD0 0 +# define BIO_F_BIO_NWRITE 0 +# define BIO_F_BIO_NWRITE0 0 +# define BIO_F_BIO_PARSE_HOSTSERV 0 +# define BIO_F_BIO_PUTS 0 +# define BIO_F_BIO_READ 0 +# define BIO_F_BIO_READ_EX 0 +# define BIO_F_BIO_READ_INTERN 0 +# define BIO_F_BIO_SOCKET 0 +# define BIO_F_BIO_SOCKET_NBIO 0 +# define BIO_F_BIO_SOCK_INFO 0 +# define BIO_F_BIO_SOCK_INIT 0 +# define BIO_F_BIO_WRITE 0 +# define BIO_F_BIO_WRITE_EX 0 +# define BIO_F_BIO_WRITE_INTERN 0 +# define BIO_F_BUFFER_CTRL 0 +# define BIO_F_CONN_CTRL 0 +# define BIO_F_CONN_STATE 0 +# define BIO_F_DGRAM_SCTP_NEW 0 +# define BIO_F_DGRAM_SCTP_READ 0 +# define BIO_F_DGRAM_SCTP_WRITE 0 +# define BIO_F_DOAPR_OUTCH 0 +# define BIO_F_FILE_CTRL 0 +# define BIO_F_FILE_READ 0 +# define BIO_F_LINEBUFFER_CTRL 0 +# define BIO_F_LINEBUFFER_NEW 0 +# define BIO_F_MEM_WRITE 0 +# define BIO_F_NBIOF_NEW 0 +# define BIO_F_SLG_WRITE 0 +# define BIO_F_SSL_NEW 0 +# endif /* * BIO reason codes. diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h index b9958cb..fa5398c 100644 --- a/include/openssl/bnerr.h +++ b/include/openssl/bnerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_BNERR_H # define HEADER_BNERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,57 +23,58 @@ int ERR_load_BN_strings(void); /* * BN function codes. */ -# define BN_F_BNRAND 127 -# define BN_F_BNRAND_RANGE 138 -# define BN_F_BN_BLINDING_CONVERT_EX 100 -# define BN_F_BN_BLINDING_CREATE_PARAM 128 -# define BN_F_BN_BLINDING_INVERT_EX 101 -# define BN_F_BN_BLINDING_NEW 102 -# define BN_F_BN_BLINDING_UPDATE 103 -# define BN_F_BN_BN2DEC 104 -# define BN_F_BN_BN2HEX 105 -# define BN_F_BN_COMPUTE_WNAF 142 -# define BN_F_BN_CTX_GET 116 -# define BN_F_BN_CTX_NEW 106 -# define BN_F_BN_CTX_NEW_EX 151 -# define BN_F_BN_CTX_START 129 -# define BN_F_BN_DIV 107 -# define BN_F_BN_DIV_RECP 130 -# define BN_F_BN_EXP 123 -# define BN_F_BN_EXPAND_INTERNAL 120 -# define BN_F_BN_GENCB_NEW 143 -# define BN_F_BN_GENERATE_DSA_NONCE 140 -# define BN_F_BN_GENERATE_PRIME_EX 141 -# define BN_F_BN_GENERATE_PRIME_EX2 152 -# define BN_F_BN_GF2M_MOD 131 -# define BN_F_BN_GF2M_MOD_EXP 132 -# define BN_F_BN_GF2M_MOD_MUL 133 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 -# define BN_F_BN_GF2M_MOD_SQR 136 -# define BN_F_BN_GF2M_MOD_SQRT 137 -# define BN_F_BN_LSHIFT 145 -# define BN_F_BN_MOD_EXP2_MONT 118 -# define BN_F_BN_MOD_EXP_MONT 109 -# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 -# define BN_F_BN_MOD_EXP_MONT_WORD 117 -# define BN_F_BN_MOD_EXP_RECP 125 -# define BN_F_BN_MOD_EXP_SIMPLE 126 -# define BN_F_BN_MOD_INVERSE 110 -# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 -# define BN_F_BN_MOD_LSHIFT_QUICK 119 -# define BN_F_BN_MOD_SQRT 121 -# define BN_F_BN_MONT_CTX_NEW 149 -# define BN_F_BN_MPI2BN 112 -# define BN_F_BN_NEW 113 -# define BN_F_BN_POOL_GET 147 -# define BN_F_BN_RAND 114 -# define BN_F_BN_RAND_RANGE 122 -# define BN_F_BN_RECP_CTX_NEW 150 -# define BN_F_BN_RSHIFT 146 -# define BN_F_BN_SET_WORDS 144 -# define BN_F_BN_STACK_PUSH 148 -# define BN_F_BN_USUB 115 +# if !OPENSSL_API_3 +# define BN_F_BNRAND 0 +# define BN_F_BNRAND_RANGE 0 +# define BN_F_BN_BLINDING_CONVERT_EX 0 +# define BN_F_BN_BLINDING_CREATE_PARAM 0 +# define BN_F_BN_BLINDING_INVERT_EX 0 +# define BN_F_BN_BLINDING_NEW 0 +# define BN_F_BN_BLINDING_UPDATE 0 +# define BN_F_BN_BN2DEC 0 +# define BN_F_BN_BN2HEX 0 +# define BN_F_BN_COMPUTE_WNAF 0 +# define BN_F_BN_CTX_GET 0 +# define BN_F_BN_CTX_NEW 0 +# define BN_F_BN_CTX_NEW_EX 0 +# define BN_F_BN_CTX_START 0 +# define BN_F_BN_DIV 0 +# define BN_F_BN_DIV_RECP 0 +# define BN_F_BN_EXP 0 +# define BN_F_BN_EXPAND_INTERNAL 0 +# define BN_F_BN_GENCB_NEW 0 +# define BN_F_BN_GENERATE_DSA_NONCE 0 +# define BN_F_BN_GENERATE_PRIME_EX 0 +# define BN_F_BN_GF2M_MOD 0 +# define BN_F_BN_GF2M_MOD_EXP 0 +# define BN_F_BN_GF2M_MOD_MUL 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 0 +# define BN_F_BN_GF2M_MOD_SQR 0 +# define BN_F_BN_GF2M_MOD_SQRT 0 +# define BN_F_BN_LSHIFT 0 +# define BN_F_BN_MOD_EXP2_MONT 0 +# define BN_F_BN_MOD_EXP_MONT 0 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 0 +# define BN_F_BN_MOD_EXP_MONT_WORD 0 +# define BN_F_BN_MOD_EXP_RECP 0 +# define BN_F_BN_MOD_EXP_SIMPLE 0 +# define BN_F_BN_MOD_INVERSE 0 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 0 +# define BN_F_BN_MOD_LSHIFT_QUICK 0 +# define BN_F_BN_MOD_SQRT 0 +# define BN_F_BN_MONT_CTX_NEW 0 +# define BN_F_BN_MPI2BN 0 +# define BN_F_BN_NEW 0 +# define BN_F_BN_POOL_GET 0 +# define BN_F_BN_RAND 0 +# define BN_F_BN_RAND_RANGE 0 +# define BN_F_BN_RECP_CTX_NEW 0 +# define BN_F_BN_RSHIFT 0 +# define BN_F_BN_SET_WORDS 0 +# define BN_F_BN_STACK_PUSH 0 +# define BN_F_BN_USUB 0 +# endif /* * BN reason codes. diff --git a/include/openssl/buffererr.h b/include/openssl/buffererr.h index 7f2af2a..6408123 100644 --- a/include/openssl/buffererr.h +++ b/include/openssl/buffererr.h @@ -11,9 +11,9 @@ #ifndef HEADER_BUFERR_H # define HEADER_BUFERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,9 +23,11 @@ int ERR_load_BUF_strings(void); /* * BUF function codes. */ -# define BUF_F_BUF_MEM_GROW 100 -# define BUF_F_BUF_MEM_GROW_CLEAN 105 -# define BUF_F_BUF_MEM_NEW 101 +# if !OPENSSL_API_3 +# define BUF_F_BUF_MEM_GROW 0 +# define BUF_F_BUF_MEM_GROW_CLEAN 0 +# define BUF_F_BUF_MEM_NEW 0 +# endif /* * BUF reason codes. diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index 7c1402c..7b864c6 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -12,6 +12,10 @@ # define HEADER_CMPERR_H # include +# include + + +# include # ifndef OPENSSL_NO_CMP @@ -23,6 +27,8 @@ int ERR_load_CMP_strings(void); /* * CMP function codes. */ +# if !OPENSSL_API_3 +# endif /* * CMP reason codes. diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index eba163a..fe26195 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -11,9 +11,9 @@ #ifndef HEADER_CMSERR_H # define HEADER_CMSERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,91 +27,93 @@ int ERR_load_CMS_strings(void); /* * CMS function codes. */ -# define CMS_F_CHECK_CONTENT 99 -# define CMS_F_CMS_ADD0_CERT 164 -# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 -# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 -# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 -# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 -# define CMS_F_CMS_ADD1_SIGNER 102 -# define CMS_F_CMS_ADD1_SIGNINGTIME 103 -# define CMS_F_CMS_ADD1_SIGNING_CERT 181 -# define CMS_F_CMS_ADD1_SIGNING_CERT_V2 182 -# define CMS_F_CMS_COMPRESS 104 -# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 -# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 -# define CMS_F_CMS_COPY_CONTENT 107 -# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 -# define CMS_F_CMS_DATA 109 -# define CMS_F_CMS_DATAFINAL 110 -# define CMS_F_CMS_DATAINIT 111 -# define CMS_F_CMS_DECRYPT 112 -# define CMS_F_CMS_DECRYPT_SET1_KEY 113 -# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 -# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 -# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 -# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 -# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 -# define CMS_F_CMS_DIGEST_VERIFY 118 -# define CMS_F_CMS_ENCODE_RECEIPT 161 -# define CMS_F_CMS_ENCRYPT 119 -# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 -# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 -# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 -# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 -# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 -# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 -# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 -# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 -# define CMS_F_CMS_ENV_ASN1_CTRL 171 -# define CMS_F_CMS_FINAL 127 -# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 -# define CMS_F_CMS_GET0_CONTENT 129 -# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 -# define CMS_F_CMS_GET0_ENVELOPED 131 -# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 -# define CMS_F_CMS_GET0_SIGNED 133 -# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 -# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 -# define CMS_F_CMS_RECEIPT_VERIFY 160 -# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 -# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 -# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 -# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 -# define CMS_F_CMS_SD_ASN1_CTRL 170 -# define CMS_F_CMS_SET1_IAS 176 -# define CMS_F_CMS_SET1_KEYID 177 -# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 -# define CMS_F_CMS_SET_DETACHED 147 -# define CMS_F_CMS_SIGN 148 -# define CMS_F_CMS_SIGNED_DATA_INIT 149 -# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 -# define CMS_F_CMS_SIGNERINFO_SIGN 151 -# define CMS_F_CMS_SIGNERINFO_VERIFY 152 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 -# define CMS_F_CMS_SIGN_RECEIPT 163 -# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183 -# define CMS_F_CMS_STREAM 155 -# define CMS_F_CMS_UNCOMPRESS 156 -# define CMS_F_CMS_VERIFY 157 -# define CMS_F_KEK_UNWRAP_KEY 180 +# if !OPENSSL_API_3 +# define CMS_F_CHECK_CONTENT 0 +# define CMS_F_CMS_ADD0_CERT 0 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 0 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 0 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 0 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 0 +# define CMS_F_CMS_ADD1_SIGNER 0 +# define CMS_F_CMS_ADD1_SIGNINGTIME 0 +# define CMS_F_CMS_ADD1_SIGNING_CERT 0 +# define CMS_F_CMS_ADD1_SIGNING_CERT_V2 0 +# define CMS_F_CMS_COMPRESS 0 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 0 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 0 +# define CMS_F_CMS_COPY_CONTENT 0 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 0 +# define CMS_F_CMS_DATA 0 +# define CMS_F_CMS_DATAFINAL 0 +# define CMS_F_CMS_DATAINIT 0 +# define CMS_F_CMS_DECRYPT 0 +# define CMS_F_CMS_DECRYPT_SET1_KEY 0 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 0 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 0 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 0 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 0 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 0 +# define CMS_F_CMS_DIGEST_VERIFY 0 +# define CMS_F_CMS_ENCODE_RECEIPT 0 +# define CMS_F_CMS_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 0 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 0 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 0 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 0 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 0 +# define CMS_F_CMS_ENV_ASN1_CTRL 0 +# define CMS_F_CMS_FINAL 0 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 0 +# define CMS_F_CMS_GET0_CONTENT 0 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 0 +# define CMS_F_CMS_GET0_ENVELOPED 0 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 0 +# define CMS_F_CMS_GET0_SIGNED 0 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 0 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 0 +# define CMS_F_CMS_RECEIPT_VERIFY 0 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 0 +# define CMS_F_CMS_SD_ASN1_CTRL 0 +# define CMS_F_CMS_SET1_IAS 0 +# define CMS_F_CMS_SET1_KEYID 0 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 0 +# define CMS_F_CMS_SET_DETACHED 0 +# define CMS_F_CMS_SIGN 0 +# define CMS_F_CMS_SIGNED_DATA_INIT 0 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 0 +# define CMS_F_CMS_SIGN_RECEIPT 0 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 0 +# define CMS_F_CMS_STREAM 0 +# define CMS_F_CMS_UNCOMPRESS 0 +# define CMS_F_CMS_VERIFY 0 +# define CMS_F_KEK_UNWRAP_KEY 0 +# endif /* * CMS reason codes. diff --git a/include/openssl/comperr.h b/include/openssl/comperr.h index ab87f7d..45e1448 100644 --- a/include/openssl/comperr.h +++ b/include/openssl/comperr.h @@ -11,9 +11,9 @@ #ifndef HEADER_COMPERR_H # define HEADER_COMPERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,11 +27,13 @@ int ERR_load_COMP_strings(void); /* * COMP function codes. */ -# define COMP_F_BIO_ZLIB_FLUSH 99 -# define COMP_F_BIO_ZLIB_NEW 100 -# define COMP_F_BIO_ZLIB_READ 101 -# define COMP_F_BIO_ZLIB_WRITE 102 -# define COMP_F_COMP_CTX_NEW 103 +# if !OPENSSL_API_3 +# define COMP_F_BIO_ZLIB_FLUSH 0 +# define COMP_F_BIO_ZLIB_NEW 0 +# define COMP_F_BIO_ZLIB_READ 0 +# define COMP_F_BIO_ZLIB_WRITE 0 +# define COMP_F_COMP_CTX_NEW 0 +# endif /* * COMP reason codes. diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h index 0a24b7e..69110cb 100644 --- a/include/openssl/conferr.h +++ b/include/openssl/conferr.h @@ -11,9 +11,9 @@ #ifndef HEADER_CONFERR_H # define HEADER_CONFERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,29 +23,31 @@ int ERR_load_CONF_strings(void); /* * CONF function codes. */ -# define CONF_F_CONF_DUMP_FP 104 -# define CONF_F_CONF_LOAD 100 -# define CONF_F_CONF_LOAD_FP 103 -# define CONF_F_CONF_PARSE_LIST 119 -# define CONF_F_DEF_LOAD 120 -# define CONF_F_DEF_LOAD_BIO 121 -# define CONF_F_GET_NEXT_FILE 107 -# define CONF_F_MODULE_ADD 122 -# define CONF_F_MODULE_INIT 115 -# define CONF_F_MODULE_LOAD_DSO 117 -# define CONF_F_MODULE_RUN 118 -# define CONF_F_NCONF_DUMP_BIO 105 -# define CONF_F_NCONF_DUMP_FP 106 -# define CONF_F_NCONF_GET_NUMBER_E 112 -# define CONF_F_NCONF_GET_SECTION 108 -# define CONF_F_NCONF_GET_STRING 109 -# define CONF_F_NCONF_LOAD 113 -# define CONF_F_NCONF_LOAD_BIO 110 -# define CONF_F_NCONF_LOAD_FP 114 -# define CONF_F_NCONF_NEW 111 -# define CONF_F_PROCESS_INCLUDE 116 -# define CONF_F_SSL_MODULE_INIT 123 -# define CONF_F_STR_COPY 101 +# if !OPENSSL_API_3 +# define CONF_F_CONF_DUMP_FP 0 +# define CONF_F_CONF_LOAD 0 +# define CONF_F_CONF_LOAD_FP 0 +# define CONF_F_CONF_PARSE_LIST 0 +# define CONF_F_DEF_LOAD 0 +# define CONF_F_DEF_LOAD_BIO 0 +# define CONF_F_GET_NEXT_FILE 0 +# define CONF_F_MODULE_ADD 0 +# define CONF_F_MODULE_INIT 0 +# define CONF_F_MODULE_LOAD_DSO 0 +# define CONF_F_MODULE_RUN 0 +# define CONF_F_NCONF_DUMP_BIO 0 +# define CONF_F_NCONF_DUMP_FP 0 +# define CONF_F_NCONF_GET_NUMBER_E 0 +# define CONF_F_NCONF_GET_SECTION 0 +# define CONF_F_NCONF_GET_STRING 0 +# define CONF_F_NCONF_LOAD 0 +# define CONF_F_NCONF_LOAD_BIO 0 +# define CONF_F_NCONF_LOAD_FP 0 +# define CONF_F_NCONF_NEW 0 +# define CONF_F_PROCESS_INCLUDE 0 +# define CONF_F_SSL_MODULE_INIT 0 +# define CONF_F_STR_COPY 0 +# endif /* * CONF reason codes. diff --git a/include/openssl/crmferr.h b/include/openssl/crmferr.h index 1a8b199..59c5243 100644 --- a/include/openssl/crmferr.h +++ b/include/openssl/crmferr.h @@ -2,7 +2,7 @@ * Generated by util/mkerr.pl DO NOT EDIT * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -12,6 +12,10 @@ # define HEADER_CRMFERR_H # include +# include + + +# include # ifndef OPENSSL_NO_CRMF @@ -23,31 +27,32 @@ int ERR_load_CRMF_strings(void); /* * CRMF function codes. */ -# define CRMF_F_CRMF_POPOSIGNINGKEY_INIT 100 -# define CRMF_F_OSSL_CRMF_CERTID_GEN 101 -# define CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL 102 -# define CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT 103 -# define CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO 104 -# define CRMF_F_OSSL_CRMF_MSG_CREATE_POPO 105 -# define CRMF_F_OSSL_CRMF_MSG_GET0_TMPL 106 -# define CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID 107 -# define CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO 108 -# define CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION 109 -# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL 110 -# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO 111 -# define CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS 112 -# define CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO 113 -# define CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID 114 -# define CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION 115 -# define CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY 116 -# define CRMF_F_OSSL_CRMF_PBMP_NEW 117 -# define CRMF_F_OSSL_CRMF_PBM_NEW 118 +# if !OPENSSL_API_3 +# define CRMF_F_CRMF_POPOSIGNINGKEY_INIT 0 +# define CRMF_F_OSSL_CRMF_CERTID_GEN 0 +# define CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL 0 +# define CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT 0 +# define CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO 0 +# define CRMF_F_OSSL_CRMF_MSG_CREATE_POPO 0 +# define CRMF_F_OSSL_CRMF_MSG_GET0_TMPL 0 +# define CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID 0 +# define CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS 0 +# define CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY 0 +# define CRMF_F_OSSL_CRMF_PBMP_NEW 0 +# define CRMF_F_OSSL_CRMF_PBM_NEW 0 +# endif /* * CRMF reason codes. */ # define CRMF_R_BAD_PBM_ITERATIONCOUNT 100 -# define CRMF_R_MALFORMED_IV 101 # define CRMF_R_CRMFERROR 102 # define CRMF_R_ERROR 103 # define CRMF_R_ERROR_DECODING_CERTIFICATE 104 @@ -55,6 +60,7 @@ int ERR_load_CRMF_strings(void); # define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY 106 # define CRMF_R_FAILURE_OBTAINING_RANDOM 107 # define CRMF_R_ITERATIONCOUNT_BELOW_100 108 +# define CRMF_R_MALFORMED_IV 101 # define CRMF_R_NULL_ARGUMENT 109 # define CRMF_R_SETTING_MAC_ALGOR_FAILURE 110 # define CRMF_R_SETTING_OWF_ALGOR_FAILURE 111 diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index b9eb62c..5df2247 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_CRYPTOERR_H # define HEADER_CRYPTOERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,42 +23,44 @@ int ERR_load_CRYPTO_strings(void); /* * CRYPTO function codes. */ -# define CRYPTO_F_CMAC_CTX_NEW 120 -# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 -# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 -# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 -# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX_EX 141 -# define CRYPTO_F_CRYPTO_MEMDUP 115 -# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 -# define CRYPTO_F_CRYPTO_NEW_EX_DATA_EX 142 -# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 -# define CRYPTO_F_CRYPTO_OCB128_INIT 122 -# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 -# define CRYPTO_F_FIPS_MODE_SET 109 -# define CRYPTO_F_GET_AND_LOCK 113 -# define CRYPTO_F_GET_PROVIDER_STORE 133 -# define CRYPTO_F_OPENSSL_ATEXIT 114 -# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 -# define CRYPTO_F_OPENSSL_FOPEN 119 -# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 -# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 -# define CRYPTO_F_OPENSSL_LH_NEW 126 -# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 -# define CRYPTO_F_OPENSSL_SK_DUP 128 -# define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 130 -# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN 132 -# define CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER 139 -# define CRYPTO_F_OSSL_PROVIDER_NEW 131 -# define CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH 140 -# define CRYPTO_F_PKEY_HMAC_INIT 123 -# define CRYPTO_F_PKEY_POLY1305_INIT 124 -# define CRYPTO_F_PKEY_SIPHASH_INIT 125 -# define CRYPTO_F_PROVIDER_ACTIVATE 134 -# define CRYPTO_F_PROVIDER_CONF_INIT 137 -# define CRYPTO_F_PROVIDER_CONF_LOAD 138 -# define CRYPTO_F_PROVIDER_NEW 135 -# define CRYPTO_F_PROVIDER_STORE_NEW 136 -# define CRYPTO_F_SK_RESERVE 129 +# if !OPENSSL_API_3 +# define CRYPTO_F_CMAC_CTX_NEW 0 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 0 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 0 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 0 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX_EX 0 +# define CRYPTO_F_CRYPTO_MEMDUP 0 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 0 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA_EX 0 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 0 +# define CRYPTO_F_CRYPTO_OCB128_INIT 0 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 0 +# define CRYPTO_F_FIPS_MODE_SET 0 +# define CRYPTO_F_GET_AND_LOCK 0 +# define CRYPTO_F_GET_PROVIDER_STORE 0 +# define CRYPTO_F_OPENSSL_ATEXIT 0 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 0 +# define CRYPTO_F_OPENSSL_FOPEN 0 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 0 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 0 +# define CRYPTO_F_OPENSSL_LH_NEW 0 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 0 +# define CRYPTO_F_OPENSSL_SK_DUP 0 +# define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 0 +# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN 0 +# define CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER 0 +# define CRYPTO_F_OSSL_PROVIDER_NEW 0 +# define CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH 0 +# define CRYPTO_F_PKEY_HMAC_INIT 0 +# define CRYPTO_F_PKEY_POLY1305_INIT 0 +# define CRYPTO_F_PKEY_SIPHASH_INIT 0 +# define CRYPTO_F_PROVIDER_ACTIVATE 0 +# define CRYPTO_F_PROVIDER_CONF_INIT 0 +# define CRYPTO_F_PROVIDER_CONF_LOAD 0 +# define CRYPTO_F_PROVIDER_NEW 0 +# define CRYPTO_F_PROVIDER_STORE_NEW 0 +# define CRYPTO_F_SK_RESERVE 0 +# endif /* * CRYPTO reason codes. diff --git a/include/openssl/cterr.h b/include/openssl/cterr.h index 16ef932..3989996 100644 --- a/include/openssl/cterr.h +++ b/include/openssl/cterr.h @@ -11,9 +11,9 @@ #ifndef HEADER_CTERR_H # define HEADER_CTERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,33 +27,35 @@ int ERR_load_CT_strings(void); /* * CT function codes. */ -# define CT_F_CTLOG_NEW 117 -# define CT_F_CTLOG_NEW_FROM_BASE64 118 -# define CT_F_CTLOG_NEW_FROM_CONF 119 -# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 -# define CT_F_CTLOG_STORE_LOAD_FILE 123 -# define CT_F_CTLOG_STORE_LOAD_LOG 130 -# define CT_F_CTLOG_STORE_NEW 131 -# define CT_F_CT_BASE64_DECODE 124 -# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 -# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 -# define CT_F_I2O_SCT 107 -# define CT_F_I2O_SCT_LIST 108 -# define CT_F_I2O_SCT_SIGNATURE 109 -# define CT_F_O2I_SCT 110 -# define CT_F_O2I_SCT_LIST 111 -# define CT_F_O2I_SCT_SIGNATURE 112 -# define CT_F_SCT_CTX_NEW 126 -# define CT_F_SCT_CTX_VERIFY 128 -# define CT_F_SCT_NEW 100 -# define CT_F_SCT_NEW_FROM_BASE64 127 -# define CT_F_SCT_SET0_LOG_ID 101 -# define CT_F_SCT_SET1_EXTENSIONS 114 -# define CT_F_SCT_SET1_LOG_ID 115 -# define CT_F_SCT_SET1_SIGNATURE 116 -# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 -# define CT_F_SCT_SET_SIGNATURE_NID 103 -# define CT_F_SCT_SET_VERSION 104 +# if !OPENSSL_API_3 +# define CT_F_CTLOG_NEW 0 +# define CT_F_CTLOG_NEW_FROM_BASE64 0 +# define CT_F_CTLOG_NEW_FROM_CONF 0 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 0 +# define CT_F_CTLOG_STORE_LOAD_FILE 0 +# define CT_F_CTLOG_STORE_LOAD_LOG 0 +# define CT_F_CTLOG_STORE_NEW 0 +# define CT_F_CT_BASE64_DECODE 0 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 0 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 0 +# define CT_F_I2O_SCT 0 +# define CT_F_I2O_SCT_LIST 0 +# define CT_F_I2O_SCT_SIGNATURE 0 +# define CT_F_O2I_SCT 0 +# define CT_F_O2I_SCT_LIST 0 +# define CT_F_O2I_SCT_SIGNATURE 0 +# define CT_F_SCT_CTX_NEW 0 +# define CT_F_SCT_CTX_VERIFY 0 +# define CT_F_SCT_NEW 0 +# define CT_F_SCT_NEW_FROM_BASE64 0 +# define CT_F_SCT_SET0_LOG_ID 0 +# define CT_F_SCT_SET1_EXTENSIONS 0 +# define CT_F_SCT_SET1_LOG_ID 0 +# define CT_F_SCT_SET1_SIGNATURE 0 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 0 +# define CT_F_SCT_SET_SIGNATURE_NID 0 +# define CT_F_SCT_SET_VERSION 0 +# endif /* * CT reason codes. diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h index 83f0e59..1e3451b 100644 --- a/include/openssl/dherr.h +++ b/include/openssl/dherr.h @@ -11,9 +11,9 @@ #ifndef HEADER_DHERR_H # define HEADER_DHERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,34 +27,36 @@ int ERR_load_DH_strings(void); /* * DH function codes. */ -# define DH_F_COMPUTE_KEY 102 -# define DH_F_DHPARAMS_PRINT_FP 101 -# define DH_F_DH_BUF2KEY 126 -# define DH_F_DH_BUILTIN_GENPARAMS 106 -# define DH_F_DH_CHECK_EX 121 -# define DH_F_DH_CHECK_PARAMS_EX 122 -# define DH_F_DH_CHECK_PUB_KEY_EX 123 -# define DH_F_DH_CMS_DECRYPT 114 -# define DH_F_DH_CMS_SET_PEERKEY 115 -# define DH_F_DH_CMS_SET_SHARED_INFO 116 -# define DH_F_DH_KEY2BUF 127 -# define DH_F_DH_METH_DUP 117 -# define DH_F_DH_METH_NEW 118 -# define DH_F_DH_METH_SET1_NAME 119 -# define DH_F_DH_NEW_BY_NID 104 -# define DH_F_DH_NEW_METHOD 105 -# define DH_F_DH_PARAM_DECODE 107 -# define DH_F_DH_PKEY_PUBLIC_CHECK 124 -# define DH_F_DH_PRIV_DECODE 110 -# define DH_F_DH_PRIV_ENCODE 111 -# define DH_F_DH_PUB_DECODE 108 -# define DH_F_DH_PUB_ENCODE 109 -# define DH_F_DO_DH_PRINT 100 -# define DH_F_GENERATE_KEY 103 -# define DH_F_PKEY_DH_CTRL_STR 120 -# define DH_F_PKEY_DH_DERIVE 112 -# define DH_F_PKEY_DH_INIT 125 -# define DH_F_PKEY_DH_KEYGEN 113 +# if !OPENSSL_API_3 +# define DH_F_COMPUTE_KEY 0 +# define DH_F_DHPARAMS_PRINT_FP 0 +# define DH_F_DH_BUF2KEY 0 +# define DH_F_DH_BUILTIN_GENPARAMS 0 +# define DH_F_DH_CHECK_EX 0 +# define DH_F_DH_CHECK_PARAMS_EX 0 +# define DH_F_DH_CHECK_PUB_KEY_EX 0 +# define DH_F_DH_CMS_DECRYPT 0 +# define DH_F_DH_CMS_SET_PEERKEY 0 +# define DH_F_DH_CMS_SET_SHARED_INFO 0 +# define DH_F_DH_KEY2BUF 0 +# define DH_F_DH_METH_DUP 0 +# define DH_F_DH_METH_NEW 0 +# define DH_F_DH_METH_SET1_NAME 0 +# define DH_F_DH_NEW_BY_NID 0 +# define DH_F_DH_NEW_METHOD 0 +# define DH_F_DH_PARAM_DECODE 0 +# define DH_F_DH_PKEY_PUBLIC_CHECK 0 +# define DH_F_DH_PRIV_DECODE 0 +# define DH_F_DH_PRIV_ENCODE 0 +# define DH_F_DH_PUB_DECODE 0 +# define DH_F_DH_PUB_ENCODE 0 +# define DH_F_DO_DH_PRINT 0 +# define DH_F_GENERATE_KEY 0 +# define DH_F_PKEY_DH_CTRL_STR 0 +# define DH_F_PKEY_DH_DERIVE 0 +# define DH_F_PKEY_DH_INIT 0 +# define DH_F_PKEY_DH_KEYGEN 0 +# endif /* * DH reason codes. diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h index c58b9eb..bc542bf 100644 --- a/include/openssl/dsaerr.h +++ b/include/openssl/dsaerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_DSAERR_H # define HEADER_DSAERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,29 +27,31 @@ int ERR_load_DSA_strings(void); /* * DSA function codes. */ -# define DSA_F_DSAPARAMS_PRINT 100 -# define DSA_F_DSAPARAMS_PRINT_FP 101 -# define DSA_F_DSA_BUILTIN_PARAMGEN 125 -# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 -# define DSA_F_DSA_DO_SIGN 112 -# define DSA_F_DSA_DO_VERIFY 113 -# define DSA_F_DSA_METH_DUP 127 -# define DSA_F_DSA_METH_NEW 128 -# define DSA_F_DSA_METH_SET1_NAME 129 -# define DSA_F_DSA_NEW_METHOD 103 -# define DSA_F_DSA_PARAM_DECODE 119 -# define DSA_F_DSA_PRINT_FP 105 -# define DSA_F_DSA_PRIV_DECODE 115 -# define DSA_F_DSA_PRIV_ENCODE 116 -# define DSA_F_DSA_PUB_DECODE 117 -# define DSA_F_DSA_PUB_ENCODE 118 -# define DSA_F_DSA_SIGN 106 -# define DSA_F_DSA_SIGN_SETUP 107 -# define DSA_F_DSA_SIG_NEW 102 -# define DSA_F_OLD_DSA_PRIV_DECODE 122 -# define DSA_F_PKEY_DSA_CTRL 120 -# define DSA_F_PKEY_DSA_CTRL_STR 104 -# define DSA_F_PKEY_DSA_KEYGEN 121 +# if !OPENSSL_API_3 +# define DSA_F_DSAPARAMS_PRINT 0 +# define DSA_F_DSAPARAMS_PRINT_FP 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 0 +# define DSA_F_DSA_DO_SIGN 0 +# define DSA_F_DSA_DO_VERIFY 0 +# define DSA_F_DSA_METH_DUP 0 +# define DSA_F_DSA_METH_NEW 0 +# define DSA_F_DSA_METH_SET1_NAME 0 +# define DSA_F_DSA_NEW_METHOD 0 +# define DSA_F_DSA_PARAM_DECODE 0 +# define DSA_F_DSA_PRINT_FP 0 +# define DSA_F_DSA_PRIV_DECODE 0 +# define DSA_F_DSA_PRIV_ENCODE 0 +# define DSA_F_DSA_PUB_DECODE 0 +# define DSA_F_DSA_PUB_ENCODE 0 +# define DSA_F_DSA_SIGN 0 +# define DSA_F_DSA_SIGN_SETUP 0 +# define DSA_F_DSA_SIG_NEW 0 +# define DSA_F_OLD_DSA_PRIV_DECODE 0 +# define DSA_F_PKEY_DSA_CTRL 0 +# define DSA_F_PKEY_DSA_CTRL_STR 0 +# define DSA_F_PKEY_DSA_KEYGEN 0 +# endif /* * DSA reason codes. diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 0ba02cb..a465a54 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_ECERR_H # define HEADER_ECERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,180 +27,182 @@ int ERR_load_EC_strings(void); /* * EC function codes. */ -# define EC_F_BN_TO_FELEM 224 -# define EC_F_D2I_ECPARAMETERS 144 -# define EC_F_D2I_ECPKPARAMETERS 145 -# define EC_F_D2I_ECPRIVATEKEY 146 -# define EC_F_DO_EC_KEY_PRINT 221 -# define EC_F_ECDH_CMS_DECRYPT 238 -# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 -# define EC_F_ECDH_COMPUTE_KEY 246 -# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 -# define EC_F_ECDSA_DO_SIGN_EX 251 -# define EC_F_ECDSA_DO_VERIFY 252 -# define EC_F_ECDSA_SIGN_EX 254 -# define EC_F_ECDSA_SIGN_SETUP 248 -# define EC_F_ECDSA_SIG_NEW 265 -# define EC_F_ECDSA_VERIFY 253 -# define EC_F_ECD_ITEM_VERIFY 270 -# define EC_F_ECKEY_PARAM2TYPE 223 -# define EC_F_ECKEY_PARAM_DECODE 212 -# define EC_F_ECKEY_PRIV_DECODE 213 -# define EC_F_ECKEY_PRIV_ENCODE 214 -# define EC_F_ECKEY_PUB_DECODE 215 -# define EC_F_ECKEY_PUB_ENCODE 216 -# define EC_F_ECKEY_TYPE2PARAM 220 -# define EC_F_ECPARAMETERS_PRINT 147 -# define EC_F_ECPARAMETERS_PRINT_FP 148 -# define EC_F_ECPKPARAMETERS_PRINT 149 -# define EC_F_ECPKPARAMETERS_PRINT_FP 150 -# define EC_F_ECP_NISTZ256_GET_AFFINE 240 -# define EC_F_ECP_NISTZ256_INV_MOD_ORD 275 -# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 -# define EC_F_ECP_NISTZ256_POINTS_MUL 241 -# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 -# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 -# define EC_F_ECX_KEY_OP 266 -# define EC_F_ECX_PRIV_ENCODE 267 -# define EC_F_ECX_PUB_ENCODE 268 -# define EC_F_EC_ASN1_GROUP2CURVE 153 -# define EC_F_EC_ASN1_GROUP2FIELDID 154 -# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 -# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 296 -# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 -# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 -# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 -# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 -# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 -# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 -# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 -# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 -# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 -# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 -# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 -# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 -# define EC_F_EC_GFP_MONT_FIELD_INV 297 -# define EC_F_EC_GFP_MONT_FIELD_MUL 131 -# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 -# define EC_F_EC_GFP_MONT_FIELD_SQR 132 -# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 -# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 -# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 -# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 -# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 -# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 -# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 -# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 -# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 -# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 -# define EC_F_EC_GFP_NIST_FIELD_MUL 200 -# define EC_F_EC_GFP_NIST_FIELD_SQR 201 -# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 -# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 -# define EC_F_EC_GFP_SIMPLE_FIELD_INV 298 -# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 -# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 -# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 -# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 -# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 -# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 -# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 -# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 -# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 -# define EC_F_EC_GROUP_CHECK 170 -# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 -# define EC_F_EC_GROUP_COPY 106 -# define EC_F_EC_GROUP_GET_CURVE 291 -# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 -# define EC_F_EC_GROUP_GET_CURVE_GFP 130 -# define EC_F_EC_GROUP_GET_DEGREE 173 -# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 -# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 -# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 -# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 -# define EC_F_EC_GROUP_NEW 108 -# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 -# define EC_F_EC_GROUP_NEW_FROM_DATA 175 -# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 -# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 -# define EC_F_EC_GROUP_SET_CURVE 292 -# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 -# define EC_F_EC_GROUP_SET_CURVE_GFP 109 -# define EC_F_EC_GROUP_SET_GENERATOR 111 -# define EC_F_EC_GROUP_SET_SEED 286 -# define EC_F_EC_KEY_CHECK_KEY 177 -# define EC_F_EC_KEY_COPY 178 -# define EC_F_EC_KEY_GENERATE_KEY 179 -# define EC_F_EC_KEY_NEW 182 -# define EC_F_EC_KEY_NEW_METHOD 245 -# define EC_F_EC_KEY_OCT2PRIV 255 -# define EC_F_EC_KEY_PRINT 180 -# define EC_F_EC_KEY_PRINT_FP 181 -# define EC_F_EC_KEY_PRIV2BUF 279 -# define EC_F_EC_KEY_PRIV2OCT 256 -# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 -# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 -# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 -# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 -# define EC_F_EC_PKEY_CHECK 273 -# define EC_F_EC_PKEY_PARAM_CHECK 274 -# define EC_F_EC_POINTS_MAKE_AFFINE 136 -# define EC_F_EC_POINTS_MUL 290 -# define EC_F_EC_POINT_ADD 112 -# define EC_F_EC_POINT_BN2POINT 280 -# define EC_F_EC_POINT_CMP 113 -# define EC_F_EC_POINT_COPY 114 -# define EC_F_EC_POINT_DBL 115 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 -# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 -# define EC_F_EC_POINT_INVERT 210 -# define EC_F_EC_POINT_IS_AT_INFINITY 118 -# define EC_F_EC_POINT_IS_ON_CURVE 119 -# define EC_F_EC_POINT_MAKE_AFFINE 120 -# define EC_F_EC_POINT_NEW 121 -# define EC_F_EC_POINT_OCT2POINT 122 -# define EC_F_EC_POINT_POINT2BUF 281 -# define EC_F_EC_POINT_POINT2OCT 123 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 -# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 -# define EC_F_EC_POINT_SET_TO_INFINITY 127 -# define EC_F_EC_PRE_COMP_NEW 196 -# define EC_F_EC_SCALAR_MUL_LADDER 284 -# define EC_F_EC_WNAF_MUL 187 -# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 -# define EC_F_I2D_ECPARAMETERS 190 -# define EC_F_I2D_ECPKPARAMETERS 191 -# define EC_F_I2D_ECPRIVATEKEY 192 -# define EC_F_I2O_ECPUBLICKEY 151 -# define EC_F_NISTP224_PRE_COMP_NEW 227 -# define EC_F_NISTP256_PRE_COMP_NEW 236 -# define EC_F_NISTP521_PRE_COMP_NEW 237 -# define EC_F_O2I_ECPUBLICKEY 152 -# define EC_F_OLD_EC_PRIV_DECODE 222 -# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 -# define EC_F_OSSL_ECDSA_SIGN_SIG 249 -# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 -# define EC_F_PKEY_ECD_CTRL 271 -# define EC_F_PKEY_ECD_DIGESTSIGN 272 -# define EC_F_PKEY_ECD_DIGESTSIGN25519 276 -# define EC_F_PKEY_ECD_DIGESTSIGN448 277 -# define EC_F_PKEY_ECX_DERIVE 269 -# define EC_F_PKEY_EC_CTRL 197 -# define EC_F_PKEY_EC_CTRL_STR 198 -# define EC_F_PKEY_EC_DERIVE 217 -# define EC_F_PKEY_EC_INIT 282 -# define EC_F_PKEY_EC_KDF_DERIVE 283 -# define EC_F_PKEY_EC_KEYGEN 199 -# define EC_F_PKEY_EC_PARAMGEN 219 -# define EC_F_PKEY_EC_SIGN 218 -# define EC_F_VALIDATE_ECX_DERIVE 278 +# if !OPENSSL_API_3 +# define EC_F_BN_TO_FELEM 0 +# define EC_F_D2I_ECPARAMETERS 0 +# define EC_F_D2I_ECPKPARAMETERS 0 +# define EC_F_D2I_ECPRIVATEKEY 0 +# define EC_F_DO_EC_KEY_PRINT 0 +# define EC_F_ECDH_CMS_DECRYPT 0 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 0 +# define EC_F_ECDH_COMPUTE_KEY 0 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 0 +# define EC_F_ECDSA_DO_SIGN_EX 0 +# define EC_F_ECDSA_DO_VERIFY 0 +# define EC_F_ECDSA_SIGN_EX 0 +# define EC_F_ECDSA_SIGN_SETUP 0 +# define EC_F_ECDSA_SIG_NEW 0 +# define EC_F_ECDSA_VERIFY 0 +# define EC_F_ECD_ITEM_VERIFY 0 +# define EC_F_ECKEY_PARAM2TYPE 0 +# define EC_F_ECKEY_PARAM_DECODE 0 +# define EC_F_ECKEY_PRIV_DECODE 0 +# define EC_F_ECKEY_PRIV_ENCODE 0 +# define EC_F_ECKEY_PUB_DECODE 0 +# define EC_F_ECKEY_PUB_ENCODE 0 +# define EC_F_ECKEY_TYPE2PARAM 0 +# define EC_F_ECPARAMETERS_PRINT 0 +# define EC_F_ECPARAMETERS_PRINT_FP 0 +# define EC_F_ECPKPARAMETERS_PRINT 0 +# define EC_F_ECPKPARAMETERS_PRINT_FP 0 +# define EC_F_ECP_NISTZ256_GET_AFFINE 0 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 0 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 0 +# define EC_F_ECP_NISTZ256_POINTS_MUL 0 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 0 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 0 +# define EC_F_ECX_KEY_OP 0 +# define EC_F_ECX_PRIV_ENCODE 0 +# define EC_F_ECX_PUB_ENCODE 0 +# define EC_F_EC_ASN1_GROUP2CURVE 0 +# define EC_F_EC_ASN1_GROUP2FIELDID 0 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 0 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 0 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 0 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 0 +# define EC_F_EC_GFP_MONT_FIELD_INV 0 +# define EC_F_EC_GFP_MONT_FIELD_MUL 0 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 0 +# define EC_F_EC_GFP_MONT_FIELD_SQR 0 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NIST_FIELD_MUL 0 +# define EC_F_EC_GFP_NIST_FIELD_SQR 0 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GROUP_CHECK 0 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GROUP_COPY 0 +# define EC_F_EC_GROUP_GET_CURVE 0 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_GET_CURVE_GFP 0 +# define EC_F_EC_GROUP_GET_DEGREE 0 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 0 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 0 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 +# define EC_F_EC_GROUP_NEW 0 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 +# define EC_F_EC_GROUP_NEW_FROM_DATA 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_SET_CURVE 0 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_SET_CURVE_GFP 0 +# define EC_F_EC_GROUP_SET_GENERATOR 0 +# define EC_F_EC_GROUP_SET_SEED 0 +# define EC_F_EC_KEY_CHECK_KEY 0 +# define EC_F_EC_KEY_COPY 0 +# define EC_F_EC_KEY_GENERATE_KEY 0 +# define EC_F_EC_KEY_NEW 0 +# define EC_F_EC_KEY_NEW_METHOD 0 +# define EC_F_EC_KEY_OCT2PRIV 0 +# define EC_F_EC_KEY_PRINT 0 +# define EC_F_EC_KEY_PRINT_FP 0 +# define EC_F_EC_KEY_PRIV2BUF 0 +# define EC_F_EC_KEY_PRIV2OCT 0 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 0 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 0 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 0 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 0 +# define EC_F_EC_PKEY_CHECK 0 +# define EC_F_EC_PKEY_PARAM_CHECK 0 +# define EC_F_EC_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_POINTS_MUL 0 +# define EC_F_EC_POINT_ADD 0 +# define EC_F_EC_POINT_BN2POINT 0 +# define EC_F_EC_POINT_CMP 0 +# define EC_F_EC_POINT_COPY 0 +# define EC_F_EC_POINT_DBL 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_INVERT 0 +# define EC_F_EC_POINT_IS_AT_INFINITY 0 +# define EC_F_EC_POINT_IS_ON_CURVE 0 +# define EC_F_EC_POINT_MAKE_AFFINE 0 +# define EC_F_EC_POINT_NEW 0 +# define EC_F_EC_POINT_OCT2POINT 0 +# define EC_F_EC_POINT_POINT2BUF 0 +# define EC_F_EC_POINT_POINT2OCT 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_TO_INFINITY 0 +# define EC_F_EC_PRE_COMP_NEW 0 +# define EC_F_EC_SCALAR_MUL_LADDER 0 +# define EC_F_EC_WNAF_MUL 0 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 0 +# define EC_F_I2D_ECPARAMETERS 0 +# define EC_F_I2D_ECPKPARAMETERS 0 +# define EC_F_I2D_ECPRIVATEKEY 0 +# define EC_F_I2O_ECPUBLICKEY 0 +# define EC_F_NISTP224_PRE_COMP_NEW 0 +# define EC_F_NISTP256_PRE_COMP_NEW 0 +# define EC_F_NISTP521_PRE_COMP_NEW 0 +# define EC_F_O2I_ECPUBLICKEY 0 +# define EC_F_OLD_EC_PRIV_DECODE 0 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 0 +# define EC_F_OSSL_ECDSA_SIGN_SIG 0 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 0 +# define EC_F_PKEY_ECD_CTRL 0 +# define EC_F_PKEY_ECD_DIGESTSIGN 0 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 0 +# define EC_F_PKEY_ECD_DIGESTSIGN448 0 +# define EC_F_PKEY_ECX_DERIVE 0 +# define EC_F_PKEY_EC_CTRL 0 +# define EC_F_PKEY_EC_CTRL_STR 0 +# define EC_F_PKEY_EC_DERIVE 0 +# define EC_F_PKEY_EC_INIT 0 +# define EC_F_PKEY_EC_KDF_DERIVE 0 +# define EC_F_PKEY_EC_KEYGEN 0 +# define EC_F_PKEY_EC_PARAMGEN 0 +# define EC_F_PKEY_EC_SIGN 0 +# define EC_F_VALIDATE_ECX_DERIVE 0 +# endif /* * EC reason codes. diff --git a/include/openssl/engineerr.h b/include/openssl/engineerr.h index ace3d3d..14188be 100644 --- a/include/openssl/engineerr.h +++ b/include/openssl/engineerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_ENGINEERR_H # define HEADER_ENGINEERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,46 +27,48 @@ int ERR_load_ENGINE_strings(void); /* * ENGINE function codes. */ -# define ENGINE_F_DIGEST_UPDATE 198 -# define ENGINE_F_DYNAMIC_CTRL 180 -# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 -# define ENGINE_F_DYNAMIC_LOAD 182 -# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 -# define ENGINE_F_ENGINE_ADD 105 -# define ENGINE_F_ENGINE_BY_ID 106 -# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 -# define ENGINE_F_ENGINE_CTRL 142 -# define ENGINE_F_ENGINE_CTRL_CMD 178 -# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 -# define ENGINE_F_ENGINE_FINISH 107 -# define ENGINE_F_ENGINE_GET_CIPHER 185 -# define ENGINE_F_ENGINE_GET_DIGEST 186 -# define ENGINE_F_ENGINE_GET_FIRST 195 -# define ENGINE_F_ENGINE_GET_LAST 196 -# define ENGINE_F_ENGINE_GET_NEXT 115 -# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 -# define ENGINE_F_ENGINE_GET_PKEY_METH 192 -# define ENGINE_F_ENGINE_GET_PREV 116 -# define ENGINE_F_ENGINE_INIT 119 -# define ENGINE_F_ENGINE_LIST_ADD 120 -# define ENGINE_F_ENGINE_LIST_REMOVE 121 -# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 -# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 -# define ENGINE_F_ENGINE_NEW 122 -# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 -# define ENGINE_F_ENGINE_REMOVE 123 -# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 -# define ENGINE_F_ENGINE_SET_ID 129 -# define ENGINE_F_ENGINE_SET_NAME 130 -# define ENGINE_F_ENGINE_TABLE_REGISTER 184 -# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 -# define ENGINE_F_ENGINE_UP_REF 190 -# define ENGINE_F_INT_CLEANUP_ITEM 199 -# define ENGINE_F_INT_CTRL_HELPER 172 -# define ENGINE_F_INT_ENGINE_CONFIGURE 188 -# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 -# define ENGINE_F_OSSL_HMAC_INIT 200 +# if !OPENSSL_API_3 +# define ENGINE_F_DIGEST_UPDATE 0 +# define ENGINE_F_DYNAMIC_CTRL 0 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 0 +# define ENGINE_F_DYNAMIC_LOAD 0 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 0 +# define ENGINE_F_ENGINE_ADD 0 +# define ENGINE_F_ENGINE_BY_ID 0 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 0 +# define ENGINE_F_ENGINE_CTRL 0 +# define ENGINE_F_ENGINE_CTRL_CMD 0 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 0 +# define ENGINE_F_ENGINE_FINISH 0 +# define ENGINE_F_ENGINE_GET_CIPHER 0 +# define ENGINE_F_ENGINE_GET_DIGEST 0 +# define ENGINE_F_ENGINE_GET_FIRST 0 +# define ENGINE_F_ENGINE_GET_LAST 0 +# define ENGINE_F_ENGINE_GET_NEXT 0 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 0 +# define ENGINE_F_ENGINE_GET_PKEY_METH 0 +# define ENGINE_F_ENGINE_GET_PREV 0 +# define ENGINE_F_ENGINE_INIT 0 +# define ENGINE_F_ENGINE_LIST_ADD 0 +# define ENGINE_F_ENGINE_LIST_REMOVE 0 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 0 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 0 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 0 +# define ENGINE_F_ENGINE_NEW 0 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 0 +# define ENGINE_F_ENGINE_REMOVE 0 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 0 +# define ENGINE_F_ENGINE_SET_ID 0 +# define ENGINE_F_ENGINE_SET_NAME 0 +# define ENGINE_F_ENGINE_TABLE_REGISTER 0 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 0 +# define ENGINE_F_ENGINE_UP_REF 0 +# define ENGINE_F_INT_CLEANUP_ITEM 0 +# define ENGINE_F_INT_CTRL_HELPER 0 +# define ENGINE_F_INT_ENGINE_CONFIGURE 0 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 0 +# define ENGINE_F_OSSL_HMAC_INIT 0 +# endif /* * ENGINE reason codes. diff --git a/include/openssl/err.h b/include/openssl/err.h index f601eaf..2e92b38 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -103,47 +103,47 @@ typedef struct err_state_st { # define ERR_LIB_USER 128 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define ESSerr(f,r) ERR_PUT_error(ERR_LIB_ESS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define PROPerr(f,r) ERR_PUT_error(ERR_LIB_PROP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define PROVerr(f,r) ERR_PUT_error(ERR_LIB_PROV,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define ESSerr(f,r) ERR_PUT_error(ERR_LIB_ESS,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define PROPerr(f,r) ERR_PUT_error(ERR_LIB_PROP,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define PROVerr(f,r) ERR_PUT_error(ERR_LIB_PROV,0,(r),OPENSSL_FILE,OPENSSL_LINE) # define ERR_PACK(l,f,r) ( \ (((unsigned int)(l) & 0x0FF) << 24L) | \ diff --git a/include/openssl/esserr.h b/include/openssl/esserr.h index eb1c9ae..0fb676b 100644 --- a/include/openssl/esserr.h +++ b/include/openssl/esserr.h @@ -11,9 +11,9 @@ #ifndef HEADER_ESSERR_H # define HEADER_ESSERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,12 +23,14 @@ int ERR_load_ESS_strings(void); /* * ESS function codes. */ -# define ESS_F_ESS_CERT_ID_NEW_INIT 100 -# define ESS_F_ESS_CERT_ID_V2_NEW_INIT 101 -# define ESS_F_ESS_SIGNING_CERT_ADD 104 -# define ESS_F_ESS_SIGNING_CERT_NEW_INIT 102 -# define ESS_F_ESS_SIGNING_CERT_V2_ADD 105 -# define ESS_F_ESS_SIGNING_CERT_V2_NEW_INIT 103 +# if !OPENSSL_API_3 +# define ESS_F_ESS_CERT_ID_NEW_INIT 0 +# define ESS_F_ESS_CERT_ID_V2_NEW_INIT 0 +# define ESS_F_ESS_SIGNING_CERT_ADD 0 +# define ESS_F_ESS_SIGNING_CERT_NEW_INIT 0 +# define ESS_F_ESS_SIGNING_CERT_V2_ADD 0 +# define ESS_F_ESS_SIGNING_CERT_V2_NEW_INIT 0 +# endif /* * ESS reason codes. diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 0e0d5f4..b54f387 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -11,9 +11,9 @@ #ifndef HEADER_EVPERR_H # define HEADER_EVPERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,139 +23,141 @@ int ERR_load_EVP_strings(void); /* * EVP function codes. */ -# define EVP_F_AESNI_INIT_KEY 165 -# define EVP_F_AESNI_XTS_INIT_KEY 233 -# define EVP_F_AES_GCM_CTRL 196 -# define EVP_F_AES_GCM_TLS_CIPHER 207 -# define EVP_F_AES_INIT_KEY 133 -# define EVP_F_AES_OCB_CIPHER 169 -# define EVP_F_AES_T4_INIT_KEY 178 -# define EVP_F_AES_T4_XTS_INIT_KEY 234 -# define EVP_F_AES_WRAP_CIPHER 170 -# define EVP_F_AES_XTS_CIPHER 229 -# define EVP_F_AES_XTS_INIT_KEY 235 -# define EVP_F_ALG_MODULE_INIT 177 -# define EVP_F_ARIA_CCM_INIT_KEY 175 -# define EVP_F_ARIA_GCM_CTRL 197 -# define EVP_F_ARIA_GCM_INIT_KEY 176 -# define EVP_F_ARIA_INIT_KEY 185 -# define EVP_F_B64_NEW 198 -# define EVP_F_BLAKE2B_MAC_CTRL 220 -# define EVP_F_BLAKE2B_MAC_INIT 221 -# define EVP_F_BLAKE2S_MAC_CTRL 222 -# define EVP_F_BLAKE2S_MAC_INIT 223 -# define EVP_F_CAMELLIA_INIT_KEY 159 -# define EVP_F_CHACHA20_POLY1305_CTRL 182 -# define EVP_F_CMLL_T4_INIT_KEY 179 -# define EVP_F_DES_EDE3_WRAP_CIPHER 171 -# define EVP_F_DO_SIGVER_INIT 161 -# define EVP_F_ENC_NEW 199 -# define EVP_F_EVP_CIPHERINIT_EX 123 -# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 -# define EVP_F_EVP_CIPHER_CTX_COPY 163 -# define EVP_F_EVP_CIPHER_CTX_CTRL 124 -# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -# define EVP_F_EVP_CIPHER_CTX_SET_PADDING 237 -# define EVP_F_EVP_CIPHER_FROM_DISPATCH 238 -# define EVP_F_EVP_CIPHER_MODE 239 -# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 -# define EVP_F_EVP_DECRYPTFINAL_EX 101 -# define EVP_F_EVP_DECRYPTUPDATE 166 -# define EVP_F_EVP_DIGESTFINALXOF 174 -# define EVP_F_EVP_DIGESTFINAL_EX 230 -# define EVP_F_EVP_DIGESTINIT_EX 128 -# define EVP_F_EVP_DIGESTUPDATE 231 -# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 -# define EVP_F_EVP_ENCRYPTFINAL_EX 127 -# define EVP_F_EVP_ENCRYPTUPDATE 167 -# define EVP_F_EVP_KDF_CTRL 224 -# define EVP_F_EVP_KDF_CTRL_STR 225 -# define EVP_F_EVP_KDF_CTX_NEW 240 -# define EVP_F_EVP_KDF_CTX_NEW_ID 226 -# define EVP_F_EVP_MAC_CTRL 209 -# define EVP_F_EVP_MAC_CTRL_STR 210 -# define EVP_F_EVP_MAC_CTX_DUP 211 -# define EVP_F_EVP_MAC_CTX_NEW 213 -# define EVP_F_EVP_MAC_INIT 212 -# define EVP_F_EVP_MD_BLOCK_SIZE 232 -# define EVP_F_EVP_MD_CTX_COPY_EX 110 -# define EVP_F_EVP_MD_SIZE 162 -# define EVP_F_EVP_OPENINIT 102 -# define EVP_F_EVP_PBE_ALG_ADD 115 -# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 -# define EVP_F_EVP_PBE_CIPHERINIT 116 -# define EVP_F_EVP_PBE_SCRYPT 181 -# define EVP_F_EVP_PKCS82PKEY 111 -# define EVP_F_EVP_PKEY2PKCS8 113 -# define EVP_F_EVP_PKEY_ASN1_ADD0 188 -# define EVP_F_EVP_PKEY_CHECK 186 -# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 -# define EVP_F_EVP_PKEY_CTX_CTRL 137 -# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 -# define EVP_F_EVP_PKEY_CTX_DUP 156 -# define EVP_F_EVP_PKEY_CTX_MD 168 -# define EVP_F_EVP_PKEY_DECRYPT 104 -# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 -# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 -# define EVP_F_EVP_PKEY_DERIVE 153 -# define EVP_F_EVP_PKEY_DERIVE_INIT 154 -# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 -# define EVP_F_EVP_PKEY_ENCRYPT 105 -# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 -# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 -# define EVP_F_EVP_PKEY_GET0_DH 119 -# define EVP_F_EVP_PKEY_GET0_DSA 120 -# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 -# define EVP_F_EVP_PKEY_GET0_HMAC 183 -# define EVP_F_EVP_PKEY_GET0_POLY1305 184 -# define EVP_F_EVP_PKEY_GET0_RSA 121 -# define EVP_F_EVP_PKEY_GET0_SIPHASH 172 -# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 -# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 -# define EVP_F_EVP_PKEY_KEYGEN 146 -# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 -# define EVP_F_EVP_PKEY_METH_ADD0 194 -# define EVP_F_EVP_PKEY_METH_NEW 195 -# define EVP_F_EVP_PKEY_NEW 106 -# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 -# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 -# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 -# define EVP_F_EVP_PKEY_PARAMGEN 148 -# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 -# define EVP_F_EVP_PKEY_PARAM_CHECK 189 -# define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 -# define EVP_F_EVP_PKEY_SET1_ENGINE 187 -# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 -# define EVP_F_EVP_PKEY_SIGN 140 -# define EVP_F_EVP_PKEY_SIGN_INIT 141 -# define EVP_F_EVP_PKEY_VERIFY 142 -# define EVP_F_EVP_PKEY_VERIFY_INIT 143 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 -# define EVP_F_EVP_SET_DEFAULT_PROPERTIES 236 -# define EVP_F_EVP_SIGNFINAL 107 -# define EVP_F_EVP_VERIFYFINAL 108 -# define EVP_F_GMAC_CTRL 215 -# define EVP_F_INT_CTX_NEW 157 -# define EVP_F_KMAC_CTRL 217 -# define EVP_F_KMAC_INIT 218 -# define EVP_F_OK_NEW 200 -# define EVP_F_PKCS5_PBE_KEYIVGEN 117 -# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 -# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 -# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 -# define EVP_F_PKEY_KDF_CTRL 227 -# define EVP_F_PKEY_MAC_COPY 241 -# define EVP_F_PKEY_MAC_INIT 214 -# define EVP_F_PKEY_SET_TYPE 158 -# define EVP_F_POLY1305_CTRL 216 -# define EVP_F_RC2_MAGIC_TO_METH 109 -# define EVP_F_RC5_CTRL 125 -# define EVP_F_R_32_12_16_INIT_KEY 242 -# define EVP_F_S390X_AES_GCM_CTRL 201 -# define EVP_F_S390X_AES_GCM_TLS_CIPHER 208 -# define EVP_F_SCRYPT_ALG 228 -# define EVP_F_UPDATE 173 +# if !OPENSSL_API_3 +# define EVP_F_AESNI_INIT_KEY 0 +# define EVP_F_AESNI_XTS_INIT_KEY 0 +# define EVP_F_AES_GCM_CTRL 0 +# define EVP_F_AES_GCM_TLS_CIPHER 0 +# define EVP_F_AES_INIT_KEY 0 +# define EVP_F_AES_OCB_CIPHER 0 +# define EVP_F_AES_T4_INIT_KEY 0 +# define EVP_F_AES_T4_XTS_INIT_KEY 0 +# define EVP_F_AES_WRAP_CIPHER 0 +# define EVP_F_AES_XTS_CIPHER 0 +# define EVP_F_AES_XTS_INIT_KEY 0 +# define EVP_F_ALG_MODULE_INIT 0 +# define EVP_F_ARIA_CCM_INIT_KEY 0 +# define EVP_F_ARIA_GCM_CTRL 0 +# define EVP_F_ARIA_GCM_INIT_KEY 0 +# define EVP_F_ARIA_INIT_KEY 0 +# define EVP_F_B64_NEW 0 +# define EVP_F_BLAKE2B_MAC_CTRL 0 +# define EVP_F_BLAKE2B_MAC_INIT 0 +# define EVP_F_BLAKE2S_MAC_CTRL 0 +# define EVP_F_BLAKE2S_MAC_INIT 0 +# define EVP_F_CAMELLIA_INIT_KEY 0 +# define EVP_F_CHACHA20_POLY1305_CTRL 0 +# define EVP_F_CMLL_T4_INIT_KEY 0 +# define EVP_F_DES_EDE3_WRAP_CIPHER 0 +# define EVP_F_DO_SIGVER_INIT 0 +# define EVP_F_ENC_NEW 0 +# define EVP_F_EVP_CIPHERINIT_EX 0 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 0 +# define EVP_F_EVP_CIPHER_CTX_COPY 0 +# define EVP_F_EVP_CIPHER_CTX_CTRL 0 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 0 +# define EVP_F_EVP_CIPHER_CTX_SET_PADDING 0 +# define EVP_F_EVP_CIPHER_FROM_DISPATCH 0 +# define EVP_F_EVP_CIPHER_MODE 0 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 0 +# define EVP_F_EVP_DECRYPTFINAL_EX 0 +# define EVP_F_EVP_DECRYPTUPDATE 0 +# define EVP_F_EVP_DIGESTFINALXOF 0 +# define EVP_F_EVP_DIGESTFINAL_EX 0 +# define EVP_F_EVP_DIGESTINIT_EX 0 +# define EVP_F_EVP_DIGESTUPDATE 0 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 0 +# define EVP_F_EVP_ENCRYPTFINAL_EX 0 +# define EVP_F_EVP_ENCRYPTUPDATE 0 +# define EVP_F_EVP_KDF_CTRL 0 +# define EVP_F_EVP_KDF_CTRL_STR 0 +# define EVP_F_EVP_KDF_CTX_NEW 0 +# define EVP_F_EVP_KDF_CTX_NEW_ID 0 +# define EVP_F_EVP_MAC_CTRL 0 +# define EVP_F_EVP_MAC_CTRL_STR 0 +# define EVP_F_EVP_MAC_CTX_DUP 0 +# define EVP_F_EVP_MAC_CTX_NEW 0 +# define EVP_F_EVP_MAC_INIT 0 +# define EVP_F_EVP_MD_BLOCK_SIZE 0 +# define EVP_F_EVP_MD_CTX_COPY_EX 0 +# define EVP_F_EVP_MD_SIZE 0 +# define EVP_F_EVP_OPENINIT 0 +# define EVP_F_EVP_PBE_ALG_ADD 0 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 0 +# define EVP_F_EVP_PBE_CIPHERINIT 0 +# define EVP_F_EVP_PBE_SCRYPT 0 +# define EVP_F_EVP_PKCS82PKEY 0 +# define EVP_F_EVP_PKEY2PKCS8 0 +# define EVP_F_EVP_PKEY_ASN1_ADD0 0 +# define EVP_F_EVP_PKEY_CHECK 0 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 0 +# define EVP_F_EVP_PKEY_CTX_CTRL 0 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 0 +# define EVP_F_EVP_PKEY_CTX_DUP 0 +# define EVP_F_EVP_PKEY_CTX_MD 0 +# define EVP_F_EVP_PKEY_DECRYPT 0 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 0 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 0 +# define EVP_F_EVP_PKEY_DERIVE 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT 0 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 +# define EVP_F_EVP_PKEY_ENCRYPT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 0 +# define EVP_F_EVP_PKEY_GET0_DH 0 +# define EVP_F_EVP_PKEY_GET0_DSA 0 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 0 +# define EVP_F_EVP_PKEY_GET0_HMAC 0 +# define EVP_F_EVP_PKEY_GET0_POLY1305 0 +# define EVP_F_EVP_PKEY_GET0_RSA 0 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 0 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_KEYGEN 0 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 0 +# define EVP_F_EVP_PKEY_METH_ADD0 0 +# define EVP_F_EVP_PKEY_METH_NEW 0 +# define EVP_F_EVP_PKEY_NEW 0 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_PARAMGEN 0 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 0 +# define EVP_F_EVP_PKEY_PARAM_CHECK 0 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 0 +# define EVP_F_EVP_PKEY_SET1_ENGINE 0 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 0 +# define EVP_F_EVP_PKEY_SIGN 0 +# define EVP_F_EVP_PKEY_SIGN_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY 0 +# define EVP_F_EVP_PKEY_VERIFY_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 0 +# define EVP_F_EVP_SET_DEFAULT_PROPERTIES 0 +# define EVP_F_EVP_SIGNFINAL 0 +# define EVP_F_EVP_VERIFYFINAL 0 +# define EVP_F_GMAC_CTRL 0 +# define EVP_F_INT_CTX_NEW 0 +# define EVP_F_KMAC_CTRL 0 +# define EVP_F_KMAC_INIT 0 +# define EVP_F_OK_NEW 0 +# define EVP_F_PKCS5_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 0 +# define EVP_F_PKEY_KDF_CTRL 0 +# define EVP_F_PKEY_MAC_COPY 0 +# define EVP_F_PKEY_MAC_INIT 0 +# define EVP_F_PKEY_SET_TYPE 0 +# define EVP_F_POLY1305_CTRL 0 +# define EVP_F_RC2_MAGIC_TO_METH 0 +# define EVP_F_RC5_CTRL 0 +# define EVP_F_R_32_12_16_INIT_KEY 0 +# define EVP_F_S390X_AES_GCM_CTRL 0 +# define EVP_F_S390X_AES_GCM_TLS_CIPHER 0 +# define EVP_F_SCRYPT_ALG 0 +# define EVP_F_UPDATE 0 +# endif /* * EVP reason codes. diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h index 335bdf3..d286400 100644 --- a/include/openssl/kdferr.h +++ b/include/openssl/kdferr.h @@ -11,9 +11,9 @@ #ifndef HEADER_KDFERR_H # define HEADER_KDFERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,53 +23,55 @@ int ERR_load_KDF_strings(void); /* * KDF function codes. */ -# define KDF_F_HKDF_EXTRACT 112 -# define KDF_F_KDF_HKDF_DERIVE 113 -# define KDF_F_KDF_HKDF_NEW 114 -# define KDF_F_KDF_HKDF_SIZE 115 -# define KDF_F_KDF_MD2CTRL 116 -# define KDF_F_KDF_PBKDF2_CTRL 140 -# define KDF_F_KDF_PBKDF2_CTRL_STR 117 -# define KDF_F_KDF_PBKDF2_DERIVE 118 -# define KDF_F_KDF_PBKDF2_NEW 119 -# define KDF_F_KDF_SCRYPT_CTRL_STR 120 -# define KDF_F_KDF_SCRYPT_CTRL_UINT32 121 -# define KDF_F_KDF_SCRYPT_CTRL_UINT64 122 -# define KDF_F_KDF_SCRYPT_DERIVE 123 -# define KDF_F_KDF_SCRYPT_NEW 124 -# define KDF_F_KDF_SSHKDF_CTRL 130 -# define KDF_F_KDF_SSHKDF_CTRL_STR 131 -# define KDF_F_KDF_SSHKDF_DERIVE 132 -# define KDF_F_KDF_SSHKDF_NEW 133 -# define KDF_F_KDF_TLS1_PRF_CTRL_STR 125 -# define KDF_F_KDF_TLS1_PRF_DERIVE 126 -# define KDF_F_KDF_TLS1_PRF_NEW 127 -# define KDF_F_PBKDF2_DERIVE 141 -# define KDF_F_PBKDF2_SET_MEMBUF 128 -# define KDF_F_PKEY_HKDF_CTRL_STR 103 -# define KDF_F_PKEY_HKDF_DERIVE 102 -# define KDF_F_PKEY_HKDF_INIT 108 -# define KDF_F_PKEY_SCRYPT_CTRL_STR 104 -# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 -# define KDF_F_PKEY_SCRYPT_DERIVE 109 -# define KDF_F_PKEY_SCRYPT_INIT 106 -# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 -# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 -# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 -# define KDF_F_PKEY_TLS1_PRF_INIT 110 -# define KDF_F_SCRYPT_SET_MEMBUF 129 -# define KDF_F_SSKDF_CTRL_STR 134 -# define KDF_F_SSKDF_DERIVE 135 -# define KDF_F_SSKDF_MAC2CTRL 136 -# define KDF_F_SSKDF_NEW 137 -# define KDF_F_SSKDF_SIZE 138 -# define KDF_F_TLS1_PRF_ALG 111 -# define KDF_F_X942KDF_CTRL 142 -# define KDF_F_X942KDF_DERIVE 143 -# define KDF_F_X942KDF_HASH_KDM 144 -# define KDF_F_X942KDF_NEW 145 -# define KDF_F_X942KDF_SIZE 146 -# define KDF_F_X963KDF_DERIVE 139 +# if !OPENSSL_API_3 +# define KDF_F_HKDF_EXTRACT 0 +# define KDF_F_KDF_HKDF_DERIVE 0 +# define KDF_F_KDF_HKDF_NEW 0 +# define KDF_F_KDF_HKDF_SIZE 0 +# define KDF_F_KDF_MD2CTRL 0 +# define KDF_F_KDF_PBKDF2_CTRL 0 +# define KDF_F_KDF_PBKDF2_CTRL_STR 0 +# define KDF_F_KDF_PBKDF2_DERIVE 0 +# define KDF_F_KDF_PBKDF2_NEW 0 +# define KDF_F_KDF_SCRYPT_CTRL_STR 0 +# define KDF_F_KDF_SCRYPT_CTRL_UINT32 0 +# define KDF_F_KDF_SCRYPT_CTRL_UINT64 0 +# define KDF_F_KDF_SCRYPT_DERIVE 0 +# define KDF_F_KDF_SCRYPT_NEW 0 +# define KDF_F_KDF_SSHKDF_CTRL 0 +# define KDF_F_KDF_SSHKDF_CTRL_STR 0 +# define KDF_F_KDF_SSHKDF_DERIVE 0 +# define KDF_F_KDF_SSHKDF_NEW 0 +# define KDF_F_KDF_TLS1_PRF_CTRL_STR 0 +# define KDF_F_KDF_TLS1_PRF_DERIVE 0 +# define KDF_F_KDF_TLS1_PRF_NEW 0 +# define KDF_F_PBKDF2_DERIVE 0 +# define KDF_F_PBKDF2_SET_MEMBUF 0 +# define KDF_F_PKEY_HKDF_CTRL_STR 0 +# define KDF_F_PKEY_HKDF_DERIVE 0 +# define KDF_F_PKEY_HKDF_INIT 0 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 0 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 +# define KDF_F_PKEY_SCRYPT_DERIVE 0 +# define KDF_F_PKEY_SCRYPT_INIT 0 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 0 +# define KDF_F_PKEY_TLS1_PRF_INIT 0 +# define KDF_F_SCRYPT_SET_MEMBUF 0 +# define KDF_F_SSKDF_CTRL_STR 0 +# define KDF_F_SSKDF_DERIVE 0 +# define KDF_F_SSKDF_MAC2CTRL 0 +# define KDF_F_SSKDF_NEW 0 +# define KDF_F_SSKDF_SIZE 0 +# define KDF_F_TLS1_PRF_ALG 0 +# define KDF_F_X942KDF_CTRL 0 +# define KDF_F_X942KDF_DERIVE 0 +# define KDF_F_X942KDF_HASH_KDM 0 +# define KDF_F_X942KDF_NEW 0 +# define KDF_F_X942KDF_SIZE 0 +# define KDF_F_X963KDF_DERIVE 0 +# endif /* * KDF reason codes. diff --git a/include/openssl/objectserr.h b/include/openssl/objectserr.h index 2fe8cc4..fac142b 100644 --- a/include/openssl/objectserr.h +++ b/include/openssl/objectserr.h @@ -11,9 +11,9 @@ #ifndef HEADER_OBJERR_H # define HEADER_OBJERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,15 +23,17 @@ int ERR_load_OBJ_strings(void); /* * OBJ function codes. */ -# define OBJ_F_OBJ_ADD_OBJECT 105 -# define OBJ_F_OBJ_ADD_SIGID 107 -# define OBJ_F_OBJ_CREATE 100 -# define OBJ_F_OBJ_DUP 101 -# define OBJ_F_OBJ_NAME_NEW_INDEX 106 -# define OBJ_F_OBJ_NID2LN 102 -# define OBJ_F_OBJ_NID2OBJ 103 -# define OBJ_F_OBJ_NID2SN 104 -# define OBJ_F_OBJ_TXT2OBJ 108 +# if !OPENSSL_API_3 +# define OBJ_F_OBJ_ADD_OBJECT 0 +# define OBJ_F_OBJ_ADD_SIGID 0 +# define OBJ_F_OBJ_CREATE 0 +# define OBJ_F_OBJ_DUP 0 +# define OBJ_F_OBJ_NAME_NEW_INDEX 0 +# define OBJ_F_OBJ_NID2LN 0 +# define OBJ_F_OBJ_NID2OBJ 0 +# define OBJ_F_OBJ_NID2SN 0 +# define OBJ_F_OBJ_TXT2OBJ 0 +# endif /* * OBJ reason codes. diff --git a/include/openssl/ocsperr.h b/include/openssl/ocsperr.h index 18e92ce..220befd 100644 --- a/include/openssl/ocsperr.h +++ b/include/openssl/ocsperr.h @@ -11,9 +11,9 @@ #ifndef HEADER_OCSPERR_H # define HEADER_OCSPERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,22 +27,24 @@ int ERR_load_OCSP_strings(void); /* * OCSP function codes. */ -# define OCSP_F_D2I_OCSP_NONCE 102 -# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 -# define OCSP_F_OCSP_BASIC_SIGN 104 -# define OCSP_F_OCSP_BASIC_SIGN_CTX 119 -# define OCSP_F_OCSP_BASIC_VERIFY 105 -# define OCSP_F_OCSP_CERT_ID_NEW 101 -# define OCSP_F_OCSP_CHECK_DELEGATED 106 -# define OCSP_F_OCSP_CHECK_IDS 107 -# define OCSP_F_OCSP_CHECK_ISSUER 108 -# define OCSP_F_OCSP_CHECK_VALIDITY 115 -# define OCSP_F_OCSP_MATCH_ISSUERID 109 -# define OCSP_F_OCSP_PARSE_URL 114 -# define OCSP_F_OCSP_REQUEST_SIGN 110 -# define OCSP_F_OCSP_REQUEST_VERIFY 116 -# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 -# define OCSP_F_PARSE_HTTP_LINE1 118 +# if !OPENSSL_API_3 +# define OCSP_F_D2I_OCSP_NONCE 0 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 0 +# define OCSP_F_OCSP_BASIC_SIGN 0 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 0 +# define OCSP_F_OCSP_BASIC_VERIFY 0 +# define OCSP_F_OCSP_CERT_ID_NEW 0 +# define OCSP_F_OCSP_CHECK_DELEGATED 0 +# define OCSP_F_OCSP_CHECK_IDS 0 +# define OCSP_F_OCSP_CHECK_ISSUER 0 +# define OCSP_F_OCSP_CHECK_VALIDITY 0 +# define OCSP_F_OCSP_MATCH_ISSUERID 0 +# define OCSP_F_OCSP_PARSE_URL 0 +# define OCSP_F_OCSP_REQUEST_SIGN 0 +# define OCSP_F_OCSP_REQUEST_VERIFY 0 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 0 +# define OCSP_F_PARSE_HTTP_LINE1 0 +# endif /* * OCSP reason codes. diff --git a/include/openssl/pemerr.h b/include/openssl/pemerr.h index 1213d75..7f2d6e7 100644 --- a/include/openssl/pemerr.h +++ b/include/openssl/pemerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_PEMERR_H # define HEADER_PEMERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,48 +23,50 @@ int ERR_load_PEM_strings(void); /* * PEM function codes. */ -# define PEM_F_B2I_DSS 127 -# define PEM_F_B2I_PVK_BIO 128 -# define PEM_F_B2I_RSA 129 -# define PEM_F_CHECK_BITLEN_DSA 130 -# define PEM_F_CHECK_BITLEN_RSA 131 -# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 -# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 -# define PEM_F_DO_B2I 132 -# define PEM_F_DO_B2I_BIO 133 -# define PEM_F_DO_BLOB_HEADER 134 -# define PEM_F_DO_I2B 146 -# define PEM_F_DO_PK8PKEY 126 -# define PEM_F_DO_PK8PKEY_FP 125 -# define PEM_F_DO_PVK_BODY 135 -# define PEM_F_DO_PVK_HEADER 136 -# define PEM_F_GET_HEADER_AND_DATA 143 -# define PEM_F_GET_NAME 144 -# define PEM_F_I2B_PVK 137 -# define PEM_F_I2B_PVK_BIO 138 -# define PEM_F_LOAD_IV 101 -# define PEM_F_PEM_ASN1_READ 102 -# define PEM_F_PEM_ASN1_READ_BIO 103 -# define PEM_F_PEM_ASN1_WRITE 104 -# define PEM_F_PEM_ASN1_WRITE_BIO 105 -# define PEM_F_PEM_DEF_CALLBACK 100 -# define PEM_F_PEM_DO_HEADER 106 -# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 -# define PEM_F_PEM_READ 108 -# define PEM_F_PEM_READ_BIO 109 -# define PEM_F_PEM_READ_BIO_DHPARAMS 141 -# define PEM_F_PEM_READ_BIO_EX 145 -# define PEM_F_PEM_READ_BIO_PARAMETERS 140 -# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 -# define PEM_F_PEM_READ_DHPARAMS 142 -# define PEM_F_PEM_READ_PRIVATEKEY 124 -# define PEM_F_PEM_SIGNFINAL 112 -# define PEM_F_PEM_WRITE 113 -# define PEM_F_PEM_WRITE_BIO 114 -# define PEM_F_PEM_WRITE_PRIVATEKEY 139 -# define PEM_F_PEM_X509_INFO_READ 115 -# define PEM_F_PEM_X509_INFO_READ_BIO 116 -# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 +# if !OPENSSL_API_3 +# define PEM_F_B2I_DSS 0 +# define PEM_F_B2I_PVK_BIO 0 +# define PEM_F_B2I_RSA 0 +# define PEM_F_CHECK_BITLEN_DSA 0 +# define PEM_F_CHECK_BITLEN_RSA 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 0 +# define PEM_F_DO_B2I 0 +# define PEM_F_DO_B2I_BIO 0 +# define PEM_F_DO_BLOB_HEADER 0 +# define PEM_F_DO_I2B 0 +# define PEM_F_DO_PK8PKEY 0 +# define PEM_F_DO_PK8PKEY_FP 0 +# define PEM_F_DO_PVK_BODY 0 +# define PEM_F_DO_PVK_HEADER 0 +# define PEM_F_GET_HEADER_AND_DATA 0 +# define PEM_F_GET_NAME 0 +# define PEM_F_I2B_PVK 0 +# define PEM_F_I2B_PVK_BIO 0 +# define PEM_F_LOAD_IV 0 +# define PEM_F_PEM_ASN1_READ 0 +# define PEM_F_PEM_ASN1_READ_BIO 0 +# define PEM_F_PEM_ASN1_WRITE 0 +# define PEM_F_PEM_ASN1_WRITE_BIO 0 +# define PEM_F_PEM_DEF_CALLBACK 0 +# define PEM_F_PEM_DO_HEADER 0 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 0 +# define PEM_F_PEM_READ 0 +# define PEM_F_PEM_READ_BIO 0 +# define PEM_F_PEM_READ_BIO_DHPARAMS 0 +# define PEM_F_PEM_READ_BIO_EX 0 +# define PEM_F_PEM_READ_BIO_PARAMETERS 0 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 0 +# define PEM_F_PEM_READ_DHPARAMS 0 +# define PEM_F_PEM_READ_PRIVATEKEY 0 +# define PEM_F_PEM_SIGNFINAL 0 +# define PEM_F_PEM_WRITE 0 +# define PEM_F_PEM_WRITE_BIO 0 +# define PEM_F_PEM_WRITE_PRIVATEKEY 0 +# define PEM_F_PEM_X509_INFO_READ 0 +# define PEM_F_PEM_X509_INFO_READ_BIO 0 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 0 +# endif /* * PEM reason codes. diff --git a/include/openssl/pkcs12err.h b/include/openssl/pkcs12err.h index d4a31f2..c599700 100644 --- a/include/openssl/pkcs12err.h +++ b/include/openssl/pkcs12err.h @@ -11,9 +11,9 @@ #ifndef HEADER_PKCS12ERR_H # define HEADER_PKCS12ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,35 +23,37 @@ int ERR_load_PKCS12_strings(void); /* * PKCS12 function codes. */ -# define PKCS12_F_OPENSSL_ASC2UNI 121 -# define PKCS12_F_OPENSSL_UNI2ASC 124 -# define PKCS12_F_OPENSSL_UNI2UTF8 127 -# define PKCS12_F_OPENSSL_UTF82UNI 129 -# define PKCS12_F_PKCS12_CREATE 105 -# define PKCS12_F_PKCS12_GEN_MAC 107 -# define PKCS12_F_PKCS12_INIT 109 -# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 -# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 -# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 -# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 -# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 -# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 -# define PKCS12_F_PKCS12_NEWPASS 128 -# define PKCS12_F_PKCS12_PACK_P7DATA 114 -# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 -# define PKCS12_F_PKCS12_PARSE 118 -# define PKCS12_F_PKCS12_PBE_CRYPT 119 -# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 -# define PKCS12_F_PKCS12_SETUP_MAC 122 -# define PKCS12_F_PKCS12_SET_MAC 123 -# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 -# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 -# define PKCS12_F_PKCS12_VERIFY_MAC 126 -# define PKCS12_F_PKCS8_ENCRYPT 125 -# define PKCS12_F_PKCS8_SET0_PBE 132 +# if !OPENSSL_API_3 +# define PKCS12_F_OPENSSL_ASC2UNI 0 +# define PKCS12_F_OPENSSL_UNI2ASC 0 +# define PKCS12_F_OPENSSL_UNI2UTF8 0 +# define PKCS12_F_OPENSSL_UTF82UNI 0 +# define PKCS12_F_PKCS12_CREATE 0 +# define PKCS12_F_PKCS12_GEN_MAC 0 +# define PKCS12_F_PKCS12_INIT 0 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 0 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 0 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 0 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 0 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 0 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 0 +# define PKCS12_F_PKCS12_NEWPASS 0 +# define PKCS12_F_PKCS12_PACK_P7DATA 0 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 0 +# define PKCS12_F_PKCS12_PARSE 0 +# define PKCS12_F_PKCS12_PBE_CRYPT 0 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS12_SETUP_MAC 0 +# define PKCS12_F_PKCS12_SET_MAC 0 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 0 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 0 +# define PKCS12_F_PKCS12_VERIFY_MAC 0 +# define PKCS12_F_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS8_SET0_PBE 0 +# endif /* * PKCS12 reason codes. diff --git a/include/openssl/pkcs7err.h b/include/openssl/pkcs7err.h index 89fb492..01d9dc2 100644 --- a/include/openssl/pkcs7err.h +++ b/include/openssl/pkcs7err.h @@ -11,9 +11,9 @@ #ifndef HEADER_PKCS7ERR_H # define HEADER_PKCS7ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,40 +23,42 @@ int ERR_load_PKCS7_strings(void); /* * PKCS7 function codes. */ -# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 -# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 -# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 -# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 -# define PKCS7_F_PKCS7_ADD_CRL 101 -# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 -# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 -# define PKCS7_F_PKCS7_ADD_SIGNER 103 -# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 -# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 -# define PKCS7_F_PKCS7_CTRL 104 -# define PKCS7_F_PKCS7_DATADECODE 112 -# define PKCS7_F_PKCS7_DATAFINAL 128 -# define PKCS7_F_PKCS7_DATAINIT 105 -# define PKCS7_F_PKCS7_DATAVERIFY 107 -# define PKCS7_F_PKCS7_DECRYPT 114 -# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 -# define PKCS7_F_PKCS7_ENCODE_RINFO 132 -# define PKCS7_F_PKCS7_ENCRYPT 115 -# define PKCS7_F_PKCS7_FINAL 134 -# define PKCS7_F_PKCS7_FIND_DIGEST 127 -# define PKCS7_F_PKCS7_GET0_SIGNERS 124 -# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 -# define PKCS7_F_PKCS7_SET_CIPHER 108 -# define PKCS7_F_PKCS7_SET_CONTENT 109 -# define PKCS7_F_PKCS7_SET_DIGEST 126 -# define PKCS7_F_PKCS7_SET_TYPE 110 -# define PKCS7_F_PKCS7_SIGN 116 -# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 -# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 -# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 -# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 -# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 -# define PKCS7_F_PKCS7_VERIFY 117 +# if !OPENSSL_API_3 +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 0 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 0 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 0 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 0 +# define PKCS7_F_PKCS7_ADD_CRL 0 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 0 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 0 +# define PKCS7_F_PKCS7_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 0 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 0 +# define PKCS7_F_PKCS7_CTRL 0 +# define PKCS7_F_PKCS7_DATADECODE 0 +# define PKCS7_F_PKCS7_DATAFINAL 0 +# define PKCS7_F_PKCS7_DATAINIT 0 +# define PKCS7_F_PKCS7_DATAVERIFY 0 +# define PKCS7_F_PKCS7_DECRYPT 0 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 0 +# define PKCS7_F_PKCS7_ENCODE_RINFO 0 +# define PKCS7_F_PKCS7_ENCRYPT 0 +# define PKCS7_F_PKCS7_FINAL 0 +# define PKCS7_F_PKCS7_FIND_DIGEST 0 +# define PKCS7_F_PKCS7_GET0_SIGNERS 0 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 0 +# define PKCS7_F_PKCS7_SET_CIPHER 0 +# define PKCS7_F_PKCS7_SET_CONTENT 0 +# define PKCS7_F_PKCS7_SET_DIGEST 0 +# define PKCS7_F_PKCS7_SET_TYPE 0 +# define PKCS7_F_PKCS7_SIGN 0 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 0 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 0 +# define PKCS7_F_PKCS7_VERIFY 0 +# endif /* * PKCS7 reason codes. diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 28dd59a..ca5a5ed 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_RANDERR_H # define HEADER_RANDERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,33 +23,35 @@ int ERR_load_RAND_strings(void); /* * RAND function codes. */ -# define RAND_F_DRBG_BYTES 101 -# define RAND_F_DRBG_CTR_INIT 125 -# define RAND_F_DRBG_GET_ENTROPY 105 -# define RAND_F_DRBG_SETUP 117 -# define RAND_F_GET_ENTROPY 106 -# define RAND_F_RAND_BYTES 100 -# define RAND_F_RAND_BYTES_EX 126 -# define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 -# define RAND_F_RAND_DRBG_GENERATE 107 -# define RAND_F_RAND_DRBG_GET_ENTROPY 120 -# define RAND_F_RAND_DRBG_GET_NONCE 123 -# define RAND_F_RAND_DRBG_INSTANTIATE 108 -# define RAND_F_RAND_DRBG_NEW 109 -# define RAND_F_RAND_DRBG_RESEED 110 -# define RAND_F_RAND_DRBG_RESTART 102 -# define RAND_F_RAND_DRBG_SET 104 -# define RAND_F_RAND_DRBG_SET_DEFAULTS 121 -# define RAND_F_RAND_DRBG_UNINSTANTIATE 118 -# define RAND_F_RAND_LOAD_FILE 111 -# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 -# define RAND_F_RAND_POOL_ADD 103 -# define RAND_F_RAND_POOL_ADD_BEGIN 113 -# define RAND_F_RAND_POOL_ADD_END 114 -# define RAND_F_RAND_POOL_ATTACH 124 -# define RAND_F_RAND_POOL_BYTES_NEEDED 115 -# define RAND_F_RAND_POOL_NEW 116 -# define RAND_F_RAND_WRITE_FILE 112 +# if !OPENSSL_API_3 +# define RAND_F_DRBG_BYTES 0 +# define RAND_F_DRBG_CTR_INIT 0 +# define RAND_F_DRBG_GET_ENTROPY 0 +# define RAND_F_DRBG_SETUP 0 +# define RAND_F_GET_ENTROPY 0 +# define RAND_F_RAND_BYTES 0 +# define RAND_F_RAND_BYTES_EX 0 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 0 +# define RAND_F_RAND_DRBG_GENERATE 0 +# define RAND_F_RAND_DRBG_GET_ENTROPY 0 +# define RAND_F_RAND_DRBG_GET_NONCE 0 +# define RAND_F_RAND_DRBG_INSTANTIATE 0 +# define RAND_F_RAND_DRBG_NEW 0 +# define RAND_F_RAND_DRBG_RESEED 0 +# define RAND_F_RAND_DRBG_RESTART 0 +# define RAND_F_RAND_DRBG_SET 0 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 0 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 0 +# define RAND_F_RAND_LOAD_FILE 0 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 0 +# define RAND_F_RAND_POOL_ADD 0 +# define RAND_F_RAND_POOL_ADD_BEGIN 0 +# define RAND_F_RAND_POOL_ADD_END 0 +# define RAND_F_RAND_POOL_ATTACH 0 +# define RAND_F_RAND_POOL_BYTES_NEEDED 0 +# define RAND_F_RAND_POOL_NEW 0 +# define RAND_F_RAND_WRITE_FILE 0 +# endif /* * RAND reason codes. diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h index 0c38100..a7fa919 100644 --- a/include/openssl/rsaerr.h +++ b/include/openssl/rsaerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_RSAERR_H # define HEADER_RSAERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,74 +23,76 @@ int ERR_load_RSA_strings(void); /* * RSA function codes. */ -# define RSA_F_CHECK_PADDING_MD 140 -# define RSA_F_ENCODE_PKCS1 146 -# define RSA_F_INT_RSA_VERIFY 145 -# define RSA_F_OLD_RSA_PRIV_DECODE 147 -# define RSA_F_PKEY_PSS_INIT 165 -# define RSA_F_PKEY_RSA_CTRL 143 -# define RSA_F_PKEY_RSA_CTRL_STR 144 -# define RSA_F_PKEY_RSA_SIGN 142 -# define RSA_F_PKEY_RSA_VERIFY 149 -# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 -# define RSA_F_RSA_ALGOR_TO_MD 156 -# define RSA_F_RSA_BUILTIN_KEYGEN 129 -# define RSA_F_RSA_CHECK_KEY 123 -# define RSA_F_RSA_CHECK_KEY_EX 160 -# define RSA_F_RSA_CMS_DECRYPT 159 -# define RSA_F_RSA_CMS_VERIFY 158 -# define RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES 168 -# define RSA_F_RSA_ITEM_VERIFY 148 -# define RSA_F_RSA_METH_DUP 161 -# define RSA_F_RSA_METH_NEW 162 -# define RSA_F_RSA_METH_SET1_NAME 163 -# define RSA_F_RSA_MGF1_TO_MD 157 -# define RSA_F_RSA_MULTIP_INFO_NEW 166 -# define RSA_F_RSA_NEW_METHOD 106 -# define RSA_F_RSA_NULL 124 -# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 -# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 -# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 -# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 -# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 -# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 -# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 -# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 -# define RSA_F_RSA_PADDING_ADD_NONE 107 -# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 -# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 -# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 -# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 -# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 -# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 -# define RSA_F_RSA_PADDING_ADD_SSLV23 110 -# define RSA_F_RSA_PADDING_ADD_X931 127 -# define RSA_F_RSA_PADDING_CHECK_NONE 111 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 -# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 -# define RSA_F_RSA_PADDING_CHECK_X931 128 -# define RSA_F_RSA_PARAM_DECODE 164 -# define RSA_F_RSA_PRINT 115 -# define RSA_F_RSA_PRINT_FP 116 -# define RSA_F_RSA_PRIV_DECODE 150 -# define RSA_F_RSA_PRIV_ENCODE 138 -# define RSA_F_RSA_PSS_GET_PARAM 151 -# define RSA_F_RSA_PSS_TO_CTX 155 -# define RSA_F_RSA_PUB_DECODE 139 -# define RSA_F_RSA_SETUP_BLINDING 136 -# define RSA_F_RSA_SIGN 117 -# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 -# define RSA_F_RSA_SP800_56B_CHECK_KEYPAIR 169 -# define RSA_F_RSA_SP800_56B_CHECK_PUBLIC 170 -# define RSA_F_RSA_SP800_56B_PAIRWISE_TEST 171 -# define RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH 172 -# define RSA_F_RSA_VERIFY 119 -# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 -# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 -# define RSA_F_SETUP_TBUF 167 +# if !OPENSSL_API_3 +# define RSA_F_CHECK_PADDING_MD 0 +# define RSA_F_ENCODE_PKCS1 0 +# define RSA_F_INT_RSA_VERIFY 0 +# define RSA_F_OLD_RSA_PRIV_DECODE 0 +# define RSA_F_PKEY_PSS_INIT 0 +# define RSA_F_PKEY_RSA_CTRL 0 +# define RSA_F_PKEY_RSA_CTRL_STR 0 +# define RSA_F_PKEY_RSA_SIGN 0 +# define RSA_F_PKEY_RSA_VERIFY 0 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 0 +# define RSA_F_RSA_ALGOR_TO_MD 0 +# define RSA_F_RSA_BUILTIN_KEYGEN 0 +# define RSA_F_RSA_CHECK_KEY 0 +# define RSA_F_RSA_CHECK_KEY_EX 0 +# define RSA_F_RSA_CMS_DECRYPT 0 +# define RSA_F_RSA_CMS_VERIFY 0 +# define RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES 0 +# define RSA_F_RSA_ITEM_VERIFY 0 +# define RSA_F_RSA_METH_DUP 0 +# define RSA_F_RSA_METH_NEW 0 +# define RSA_F_RSA_METH_SET1_NAME 0 +# define RSA_F_RSA_MGF1_TO_MD 0 +# define RSA_F_RSA_MULTIP_INFO_NEW 0 +# define RSA_F_RSA_NEW_METHOD 0 +# define RSA_F_RSA_NULL 0 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_PADDING_ADD_NONE 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_ADD_SSLV23 0 +# define RSA_F_RSA_PADDING_ADD_X931 0 +# define RSA_F_RSA_PADDING_CHECK_NONE 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 0 +# define RSA_F_RSA_PADDING_CHECK_X931 0 +# define RSA_F_RSA_PARAM_DECODE 0 +# define RSA_F_RSA_PRINT 0 +# define RSA_F_RSA_PRINT_FP 0 +# define RSA_F_RSA_PRIV_DECODE 0 +# define RSA_F_RSA_PRIV_ENCODE 0 +# define RSA_F_RSA_PSS_GET_PARAM 0 +# define RSA_F_RSA_PSS_TO_CTX 0 +# define RSA_F_RSA_PUB_DECODE 0 +# define RSA_F_RSA_SETUP_BLINDING 0 +# define RSA_F_RSA_SIGN 0 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_SP800_56B_CHECK_KEYPAIR 0 +# define RSA_F_RSA_SP800_56B_CHECK_PUBLIC 0 +# define RSA_F_RSA_SP800_56B_PAIRWISE_TEST 0 +# define RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH 0 +# define RSA_F_RSA_VERIFY 0 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 0 +# define RSA_F_SETUP_TBUF 0 +# endif /* * RSA reason codes. diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 385fda3..d8d3cea 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_SSLERR_H # define HEADER_SSLERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,432 +23,434 @@ int ERR_load_SSL_strings(void); /* * SSL function codes. */ -# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 438 -# define SSL_F_ADD_KEY_SHARE 512 -# define SSL_F_BYTES_TO_CIPHER_LIST 519 -# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 -# define SSL_F_CIPHERSUITE_CB 622 -# define SSL_F_CONSTRUCT_CA_NAMES 552 -# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 -# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 -# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 -# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 -# define SSL_F_CREATE_TICKET_PREQUEL 638 -# define SSL_F_CT_MOVE_SCTS 345 -# define SSL_F_CT_STRICT 349 -# define SSL_F_CUSTOM_EXT_ADD 554 -# define SSL_F_CUSTOM_EXT_PARSE 555 -# define SSL_F_D2I_SSL_SESSION 103 -# define SSL_F_DANE_CTX_ENABLE 347 -# define SSL_F_DANE_MTYPE_SET 393 -# define SSL_F_DANE_TLSA_ADD 394 -# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514 -# define SSL_F_DO_DTLS1_WRITE 245 -# define SSL_F_DO_SSL3_WRITE 104 -# define SSL_F_DTLS1_BUFFER_RECORD 247 -# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 -# define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 -# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 -# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 -# define SSL_F_DTLS1_PROCESS_RECORD 257 -# define SSL_F_DTLS1_READ_BYTES 258 -# define SSL_F_DTLS1_READ_FAILED 339 -# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 -# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 -# define SSL_F_DTLS1_WRITE_BYTES 545 -# define SSL_F_DTLSV1_LISTEN 350 -# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 -# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 -# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 -# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 -# define SSL_F_DTLS_RECORD_LAYER_NEW 635 -# define SSL_F_DTLS_WAIT_FOR_DRY 592 -# define SSL_F_EARLY_DATA_COUNT_OK 532 -# define SSL_F_FINAL_EARLY_DATA 556 -# define SSL_F_FINAL_EC_PT_FORMATS 485 -# define SSL_F_FINAL_EMS 486 -# define SSL_F_FINAL_KEY_SHARE 503 -# define SSL_F_FINAL_MAXFRAGMENTLEN 557 -# define SSL_F_FINAL_RENEGOTIATE 483 -# define SSL_F_FINAL_SERVER_NAME 558 -# define SSL_F_FINAL_SIG_ALGS 497 -# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 -# define SSL_F_NSS_KEYLOG_INT 500 -# define SSL_F_OPENSSL_INIT_SSL 342 -# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 -# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 598 -# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 -# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 593 -# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 594 -# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 -# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 599 -# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 437 -# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 600 -# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 -# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 -# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 -# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 -# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 -# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 -# define SSL_F_PARSE_CA_NAMES 541 -# define SSL_F_PITEM_NEW 624 -# define SSL_F_PQUEUE_NEW 625 -# define SSL_F_PROCESS_KEY_SHARE_EXT 439 -# define SSL_F_READ_STATE_MACHINE 352 -# define SSL_F_SET_CLIENT_CIPHERSUITE 540 -# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 -# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 -# define SSL_F_SRP_VERIFY_SERVER_PARAM 596 -# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 -# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -# define SSL_F_SSL3_CTRL 213 -# define SSL_F_SSL3_CTX_CTRL 133 -# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 -# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 -# define SSL_F_SSL3_ENC 608 -# define SSL_F_SSL3_FINAL_FINISH_MAC 285 -# define SSL_F_SSL3_FINISH_MAC 587 -# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 -# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 -# define SSL_F_SSL3_GET_RECORD 143 -# define SSL_F_SSL3_INIT_FINISHED_MAC 397 -# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 -# define SSL_F_SSL3_READ_BYTES 148 -# define SSL_F_SSL3_READ_N 149 -# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 -# define SSL_F_SSL3_SETUP_READ_BUFFER 156 -# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 -# define SSL_F_SSL3_WRITE_BYTES 158 -# define SSL_F_SSL3_WRITE_PENDING 159 -# define SSL_F_SSL_ADD_CERT_CHAIN 316 -# define SSL_F_SSL_ADD_CERT_TO_BUF 319 -# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493 -# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 -# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 -# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 -# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 -# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 -# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 -# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 -# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 -# define SSL_F_SSL_BAD_METHOD 160 -# define SSL_F_SSL_BUILD_CERT_CHAIN 332 -# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 -# define SSL_F_SSL_CACHE_CIPHERLIST 520 -# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 -# define SSL_F_SSL_CERT_DUP 221 -# define SSL_F_SSL_CERT_NEW 162 -# define SSL_F_SSL_CERT_SET0_CHAIN 340 -# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 -# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 -# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 -# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 -# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 -# define SSL_F_SSL_CIPHER_DESCRIPTION 626 -# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 -# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 -# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 -# define SSL_F_SSL_CLEAR 164 -# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 -# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 -# define SSL_F_SSL_CONF_CMD 334 -# define SSL_F_SSL_CREATE_CIPHER_LIST 166 -# define SSL_F_SSL_CTRL 232 -# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 -# define SSL_F_SSL_CTX_ENABLE_CT 398 -# define SSL_F_SSL_CTX_MAKE_PROFILES 309 -# define SSL_F_SSL_CTX_NEW 169 -# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 -# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 -# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 -# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 -# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 -# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 -# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 551 -# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 -# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 -# define SSL_F_SSL_CTX_USE_SERVERINFO 336 -# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 543 -# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 -# define SSL_F_SSL_DANE_DUP 403 -# define SSL_F_SSL_DANE_ENABLE 395 -# define SSL_F_SSL_DERIVE 590 -# define SSL_F_SSL_DO_CONFIG 391 -# define SSL_F_SSL_DO_HANDSHAKE 180 -# define SSL_F_SSL_DUP_CA_LIST 408 -# define SSL_F_SSL_ENABLE_CT 402 -# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 -# define SSL_F_SSL_GENERATE_SESSION_ID 547 -# define SSL_F_SSL_GET_NEW_SESSION 181 -# define SSL_F_SSL_GET_PREV_SESSION 217 -# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 -# define SSL_F_SSL_GET_SIGN_PKEY 183 -# define SSL_F_SSL_HANDSHAKE_HASH 560 -# define SSL_F_SSL_INIT_WBIO_BUFFER 184 -# define SSL_F_SSL_KEY_UPDATE 515 -# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -# define SSL_F_SSL_LOG_MASTER_SECRET 498 -# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 -# define SSL_F_SSL_MODULE_INIT 392 -# define SSL_F_SSL_NEW 186 -# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 -# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 -# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 -# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 -# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 -# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 -# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 -# define SSL_F_SSL_PEEK 270 -# define SSL_F_SSL_PEEK_EX 432 -# define SSL_F_SSL_PEEK_INTERNAL 522 -# define SSL_F_SSL_READ 223 -# define SSL_F_SSL_READ_EARLY_DATA 529 -# define SSL_F_SSL_READ_EX 434 -# define SSL_F_SSL_READ_INTERNAL 523 -# define SSL_F_SSL_RENEGOTIATE 516 -# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 -# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 -# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 -# define SSL_F_SSL_SENDFILE 639 -# define SSL_F_SSL_SESSION_DUP 348 -# define SSL_F_SSL_SESSION_NEW 189 -# define SSL_F_SSL_SESSION_PRINT_FP 190 -# define SSL_F_SSL_SESSION_SET1_ID 423 -# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 -# define SSL_F_SSL_SET_ALPN_PROTOS 344 -# define SSL_F_SSL_SET_CERT 191 -# define SSL_F_SSL_SET_CERT_AND_KEY 621 -# define SSL_F_SSL_SET_CIPHER_LIST 271 -# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 -# define SSL_F_SSL_SET_FD 192 -# define SSL_F_SSL_SET_PKEY 193 -# define SSL_F_SSL_SET_RFD 194 -# define SSL_F_SSL_SET_SESSION 195 -# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 -# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 -# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 -# define SSL_F_SSL_SET_WFD 196 -# define SSL_F_SSL_SHUTDOWN 224 -# define SSL_F_SSL_SRP_CTX_INIT 313 -# define SSL_F_SSL_START_ASYNC_JOB 389 -# define SSL_F_SSL_UNDEFINED_FUNCTION 197 -# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 -# define SSL_F_SSL_USE_CERTIFICATE 198 -# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 -# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 -# define SSL_F_SSL_USE_PRIVATEKEY 201 -# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 -# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 -# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 -# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 -# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 -# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 -# define SSL_F_SSL_VALIDATE_CT 400 -# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 -# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 616 -# define SSL_F_SSL_WRITE 208 -# define SSL_F_SSL_WRITE_EARLY_DATA 526 -# define SSL_F_SSL_WRITE_EARLY_FINISH 527 -# define SSL_F_SSL_WRITE_EX 433 -# define SSL_F_SSL_WRITE_INTERNAL 524 -# define SSL_F_STATE_MACHINE 353 -# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 -# define SSL_F_TLS12_COPY_SIGALGS 533 -# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 -# define SSL_F_TLS13_ENC 609 -# define SSL_F_TLS13_FINAL_FINISH_MAC 605 -# define SSL_F_TLS13_GENERATE_SECRET 591 -# define SSL_F_TLS13_HKDF_EXPAND 561 -# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 617 -# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 618 -# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 -# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 -# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 -# define SSL_F_TLS1_ENC 401 -# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 -# define SSL_F_TLS1_GET_CURVELIST 338 -# define SSL_F_TLS1_PRF 284 -# define SSL_F_TLS1_SAVE_U16 628 -# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 -# define SSL_F_TLS1_SET_GROUPS 629 -# define SSL_F_TLS1_SET_RAW_SIGALGS 630 -# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 -# define SSL_F_TLS1_SET_SHARED_SIGALGS 631 -# define SSL_F_TLS1_SET_SIGALGS 632 -# define SSL_F_TLS_CHOOSE_SIGALG 513 -# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 -# define SSL_F_TLS_COLLECT_EXTENSIONS 435 -# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 542 -# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 -# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 -# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494 -# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496 -# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 -# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 -# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 -# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 -# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 -# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 -# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 -# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484 -# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487 -# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488 -# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489 -# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466 -# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 -# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 -# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 -# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467 -# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468 -# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469 -# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356 -# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357 -# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470 -# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 549 -# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471 -# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472 -# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 -# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 -# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 -# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 -# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 -# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 -# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476 -# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477 -# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478 -# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479 -# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480 -# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481 -# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482 -# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358 -# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 -# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 536 -# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447 -# define SSL_F_TLS_CONSTRUCT_FINISHED 359 -# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 -# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510 -# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 517 -# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 -# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 -# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490 -# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491 -# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 -# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 -# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 -# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 -# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 -# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 -# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 -# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 525 -# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453 -# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454 -# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455 -# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376 -# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377 -# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456 -# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 -# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 -# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 -# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 -# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 -# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 -# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461 -# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 544 -# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 611 -# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462 -# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 -# define SSL_F_TLS_FINISH_HANDSHAKE 597 -# define SSL_F_TLS_GET_MESSAGE_BODY 351 -# define SSL_F_TLS_GET_MESSAGE_HEADER 387 -# define SSL_F_TLS_HANDLE_ALPN 562 -# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 -# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 -# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 -# define SSL_F_TLS_PARSE_CTOS_ALPN 567 -# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 -# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 -# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 -# define SSL_F_TLS_PARSE_CTOS_EMS 570 -# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 -# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 -# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 -# define SSL_F_TLS_PARSE_CTOS_PSK 505 -# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 -# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 -# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 -# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 -# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 -# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 615 -# define SSL_F_TLS_PARSE_CTOS_SRP 576 -# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 -# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 -# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 -# define SSL_F_TLS_PARSE_STOC_ALPN 579 -# define SSL_F_TLS_PARSE_STOC_COOKIE 534 -# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 -# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 -# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 -# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 -# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 -# define SSL_F_TLS_PARSE_STOC_NPN 582 -# define SSL_F_TLS_PARSE_STOC_PSK 502 -# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 -# define SSL_F_TLS_PARSE_STOC_SCT 564 -# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 -# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 -# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 -# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 612 -# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 -# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 -# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 -# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 -# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 610 -# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 -# define SSL_F_TLS_PROCESS_CERT_STATUS 362 -# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495 -# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 -# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 -# define SSL_F_TLS_PROCESS_CKE_DHE 411 -# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 -# define SSL_F_TLS_PROCESS_CKE_GOST 413 -# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 -# define SSL_F_TLS_PROCESS_CKE_RSA 415 -# define SSL_F_TLS_PROCESS_CKE_SRP 416 -# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 -# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 -# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 -# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 -# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 537 -# define SSL_F_TLS_PROCESS_FINISHED 364 -# define SSL_F_TLS_PROCESS_HELLO_REQ 507 -# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 511 -# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 -# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 -# define SSL_F_TLS_PROCESS_KEY_UPDATE 518 -# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 -# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 -# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 -# define SSL_F_TLS_PROCESS_SERVER_DONE 368 -# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 -# define SSL_F_TLS_PROCESS_SKE_DHE 419 -# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 -# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 -# define SSL_F_TLS_PROCESS_SKE_SRP 422 -# define SSL_F_TLS_PSK_DO_BINDER 506 -# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 -# define SSL_F_TLS_SETUP_HANDSHAKE 508 -# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 -# define SSL_F_WPACKET_INTERN_INIT_LEN 633 -# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 -# define SSL_F_WRITE_STATE_MACHINE 586 +# if !OPENSSL_API_3 +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 0 +# define SSL_F_ADD_KEY_SHARE 0 +# define SSL_F_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 0 +# define SSL_F_CIPHERSUITE_CB 0 +# define SSL_F_CONSTRUCT_CA_NAMES 0 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 0 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 0 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 0 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 0 +# define SSL_F_CREATE_TICKET_PREQUEL 0 +# define SSL_F_CT_MOVE_SCTS 0 +# define SSL_F_CT_STRICT 0 +# define SSL_F_CUSTOM_EXT_ADD 0 +# define SSL_F_CUSTOM_EXT_PARSE 0 +# define SSL_F_D2I_SSL_SESSION 0 +# define SSL_F_DANE_CTX_ENABLE 0 +# define SSL_F_DANE_MTYPE_SET 0 +# define SSL_F_DANE_TLSA_ADD 0 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 0 +# define SSL_F_DO_DTLS1_WRITE 0 +# define SSL_F_DO_SSL3_WRITE 0 +# define SSL_F_DTLS1_BUFFER_RECORD 0 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 0 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 0 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 0 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 0 +# define SSL_F_DTLS1_PROCESS_RECORD 0 +# define SSL_F_DTLS1_READ_BYTES 0 +# define SSL_F_DTLS1_READ_FAILED 0 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 0 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 0 +# define SSL_F_DTLS1_WRITE_BYTES 0 +# define SSL_F_DTLSV1_LISTEN 0 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 0 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 0 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 0 +# define SSL_F_DTLS_RECORD_LAYER_NEW 0 +# define SSL_F_DTLS_WAIT_FOR_DRY 0 +# define SSL_F_EARLY_DATA_COUNT_OK 0 +# define SSL_F_FINAL_EARLY_DATA 0 +# define SSL_F_FINAL_EC_PT_FORMATS 0 +# define SSL_F_FINAL_EMS 0 +# define SSL_F_FINAL_KEY_SHARE 0 +# define SSL_F_FINAL_MAXFRAGMENTLEN 0 +# define SSL_F_FINAL_RENEGOTIATE 0 +# define SSL_F_FINAL_SERVER_NAME 0 +# define SSL_F_FINAL_SIG_ALGS 0 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 0 +# define SSL_F_NSS_KEYLOG_INT 0 +# define SSL_F_OPENSSL_INIT_SSL 0 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 0 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 0 +# define SSL_F_PARSE_CA_NAMES 0 +# define SSL_F_PITEM_NEW 0 +# define SSL_F_PQUEUE_NEW 0 +# define SSL_F_PROCESS_KEY_SHARE_EXT 0 +# define SSL_F_READ_STATE_MACHINE 0 +# define SSL_F_SET_CLIENT_CIPHERSUITE 0 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 0 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 0 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 0 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 0 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 0 +# define SSL_F_SSL3_CTRL 0 +# define SSL_F_SSL3_CTX_CTRL 0 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 0 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 0 +# define SSL_F_SSL3_ENC 0 +# define SSL_F_SSL3_FINAL_FINISH_MAC 0 +# define SSL_F_SSL3_FINISH_MAC 0 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 0 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 0 +# define SSL_F_SSL3_GET_RECORD 0 +# define SSL_F_SSL3_INIT_FINISHED_MAC 0 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 0 +# define SSL_F_SSL3_READ_BYTES 0 +# define SSL_F_SSL3_READ_N 0 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 0 +# define SSL_F_SSL3_SETUP_READ_BUFFER 0 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 0 +# define SSL_F_SSL3_WRITE_BYTES 0 +# define SSL_F_SSL3_WRITE_PENDING 0 +# define SSL_F_SSL_ADD_CERT_CHAIN 0 +# define SSL_F_SSL_ADD_CERT_TO_BUF 0 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_BAD_METHOD 0 +# define SSL_F_SSL_BUILD_CERT_CHAIN 0 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_SSL_CACHE_CIPHERLIST 0 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 0 +# define SSL_F_SSL_CERT_DUP 0 +# define SSL_F_SSL_CERT_NEW 0 +# define SSL_F_SSL_CERT_SET0_CHAIN 0 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 0 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 0 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 0 +# define SSL_F_SSL_CIPHER_DESCRIPTION 0 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 0 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 0 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 0 +# define SSL_F_SSL_CLEAR 0 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 0 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 0 +# define SSL_F_SSL_CONF_CMD 0 +# define SSL_F_SSL_CREATE_CIPHER_LIST 0 +# define SSL_F_SSL_CTRL 0 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CTX_ENABLE_CT 0 +# define SSL_F_SSL_CTX_MAKE_PROFILES 0 +# define SSL_F_SSL_CTX_NEW 0 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 0 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 0 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 0 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 0 +# define SSL_F_SSL_DANE_DUP 0 +# define SSL_F_SSL_DANE_ENABLE 0 +# define SSL_F_SSL_DERIVE 0 +# define SSL_F_SSL_DO_CONFIG 0 +# define SSL_F_SSL_DO_HANDSHAKE 0 +# define SSL_F_SSL_DUP_CA_LIST 0 +# define SSL_F_SSL_ENABLE_CT 0 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 0 +# define SSL_F_SSL_GENERATE_SESSION_ID 0 +# define SSL_F_SSL_GET_NEW_SESSION 0 +# define SSL_F_SSL_GET_PREV_SESSION 0 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 0 +# define SSL_F_SSL_GET_SIGN_PKEY 0 +# define SSL_F_SSL_HANDSHAKE_HASH 0 +# define SSL_F_SSL_INIT_WBIO_BUFFER 0 +# define SSL_F_SSL_KEY_UPDATE 0 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 0 +# define SSL_F_SSL_LOG_MASTER_SECRET 0 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_SSL_MODULE_INIT 0 +# define SSL_F_SSL_NEW 0 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PEEK 0 +# define SSL_F_SSL_PEEK_EX 0 +# define SSL_F_SSL_PEEK_INTERNAL 0 +# define SSL_F_SSL_READ 0 +# define SSL_F_SSL_READ_EARLY_DATA 0 +# define SSL_F_SSL_READ_EX 0 +# define SSL_F_SSL_READ_INTERNAL 0 +# define SSL_F_SSL_RENEGOTIATE 0 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 0 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_SENDFILE 0 +# define SSL_F_SSL_SESSION_DUP 0 +# define SSL_F_SSL_SESSION_NEW 0 +# define SSL_F_SSL_SESSION_PRINT_FP 0 +# define SSL_F_SSL_SESSION_SET1_ID 0 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 0 +# define SSL_F_SSL_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_SET_CERT 0 +# define SSL_F_SSL_SET_CERT_AND_KEY 0 +# define SSL_F_SSL_SET_CIPHER_LIST 0 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_SET_FD 0 +# define SSL_F_SSL_SET_PKEY 0 +# define SSL_F_SSL_SET_RFD 0 +# define SSL_F_SSL_SET_SESSION 0 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 0 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_SET_WFD 0 +# define SSL_F_SSL_SHUTDOWN 0 +# define SSL_F_SSL_SRP_CTX_INIT 0 +# define SSL_F_SSL_START_ASYNC_JOB 0 +# define SSL_F_SSL_UNDEFINED_FUNCTION 0 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 0 +# define SSL_F_SSL_USE_CERTIFICATE 0 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_USE_PRIVATEKEY 0 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_VALIDATE_CT 0 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 0 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 0 +# define SSL_F_SSL_WRITE 0 +# define SSL_F_SSL_WRITE_EARLY_DATA 0 +# define SSL_F_SSL_WRITE_EARLY_FINISH 0 +# define SSL_F_SSL_WRITE_EX 0 +# define SSL_F_SSL_WRITE_INTERNAL 0 +# define SSL_F_STATE_MACHINE 0 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 0 +# define SSL_F_TLS12_COPY_SIGALGS 0 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS13_ENC 0 +# define SSL_F_TLS13_FINAL_FINISH_MAC 0 +# define SSL_F_TLS13_GENERATE_SECRET 0 +# define SSL_F_TLS13_HKDF_EXPAND 0 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 0 +# define SSL_F_TLS1_ENC 0 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 0 +# define SSL_F_TLS1_GET_CURVELIST 0 +# define SSL_F_TLS1_PRF 0 +# define SSL_F_TLS1_SAVE_U16 0 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_SET_GROUPS 0 +# define SSL_F_TLS1_SET_RAW_SIGALGS 0 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 0 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 0 +# define SSL_F_TLS1_SET_SIGALGS 0 +# define SSL_F_TLS_CHOOSE_SIGALG 0 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 0 +# define SSL_F_TLS_COLLECT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 0 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 0 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 0 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_FINISHED 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 0 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 0 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 0 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 0 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_FINISH_HANDSHAKE 0 +# define SSL_F_TLS_GET_MESSAGE_BODY 0 +# define SSL_F_TLS_GET_MESSAGE_HEADER 0 +# define SSL_F_TLS_HANDLE_ALPN 0 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_PARSE_CTOS_ALPN 0 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 0 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_CTOS_EMS 0 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_PARSE_CTOS_PSK 0 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 0 +# define SSL_F_TLS_PARSE_CTOS_SRP 0 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 0 +# define SSL_F_TLS_PARSE_STOC_ALPN 0 +# define SSL_F_TLS_PARSE_STOC_COOKIE 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_STOC_NPN 0 +# define SSL_F_TLS_PARSE_STOC_PSK 0 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_STOC_SCT 0 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 0 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 0 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_PROCESS_CKE_DHE 0 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_CKE_GOST 0 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_CKE_RSA 0 +# define SSL_F_TLS_PROCESS_CKE_SRP 0 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_PROCESS_FINISHED 0 +# define SSL_F_TLS_PROCESS_HELLO_REQ 0 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 0 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 0 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 0 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_SERVER_DONE 0 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 0 +# define SSL_F_TLS_PROCESS_SKE_DHE 0 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_SKE_SRP 0 +# define SSL_F_TLS_PSK_DO_BINDER 0 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_SETUP_HANDSHAKE 0 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 0 +# define SSL_F_WPACKET_INTERN_INIT_LEN 0 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 0 +# define SSL_F_WRITE_STATE_MACHINE 0 +# endif /* * SSL reason codes. diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h index 0571fa5..192a240 100644 --- a/include/openssl/storeerr.h +++ b/include/openssl/storeerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_OSSL_STOREERR_H # define HEADER_OSSL_STOREERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,44 +23,46 @@ int ERR_load_OSSL_STORE_strings(void); /* * OSSL_STORE function codes. */ -# define OSSL_STORE_F_FILE_CTRL 129 -# define OSSL_STORE_F_FILE_FIND 138 -# define OSSL_STORE_F_FILE_GET_PASS 118 -# define OSSL_STORE_F_FILE_LOAD 119 -# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 124 -# define OSSL_STORE_F_FILE_NAME_TO_URI 126 -# define OSSL_STORE_F_FILE_OPEN 120 -# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 127 -# define OSSL_STORE_F_OSSL_STORE_EXPECT 130 -# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 128 -# define OSSL_STORE_F_OSSL_STORE_FIND 131 -# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 100 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 101 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 102 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 103 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 104 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 105 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 106 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 107 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 123 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 109 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 110 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 111 -# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134 -# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 112 -# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 113 -# define OSSL_STORE_F_OSSL_STORE_OPEN 114 -# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 115 -# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 117 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 132 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 133 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 137 -# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 116 -# define OSSL_STORE_F_TRY_DECODE_PARAMS 121 -# define OSSL_STORE_F_TRY_DECODE_PKCS12 122 -# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 125 +# if !OPENSSL_API_3 +# define OSSL_STORE_F_FILE_CTRL 0 +# define OSSL_STORE_F_FILE_FIND 0 +# define OSSL_STORE_F_FILE_GET_PASS 0 +# define OSSL_STORE_F_FILE_LOAD 0 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 0 +# define OSSL_STORE_F_FILE_NAME_TO_URI 0 +# define OSSL_STORE_F_FILE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 0 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 0 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 0 +# define OSSL_STORE_F_OSSL_STORE_FIND 0 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 0 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 0 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 0 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 0 +# endif /* * OSSL_STORE reason codes. diff --git a/include/openssl/tserr.h b/include/openssl/tserr.h index e492981..b15c7cf 100644 --- a/include/openssl/tserr.h +++ b/include/openssl/tserr.h @@ -11,9 +11,9 @@ #ifndef HEADER_TSERR_H # define HEADER_TSERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # include @@ -27,57 +27,59 @@ int ERR_load_TS_strings(void); /* * TS function codes. */ -# define TS_F_DEF_SERIAL_CB 110 -# define TS_F_DEF_TIME_CB 111 -# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 -# define TS_F_PKCS7_TO_TS_TST_INFO 148 -# define TS_F_TS_ACCURACY_SET_MICROS 115 -# define TS_F_TS_ACCURACY_SET_MILLIS 116 -# define TS_F_TS_ACCURACY_SET_SECONDS 117 -# define TS_F_TS_CHECK_IMPRINTS 100 -# define TS_F_TS_CHECK_NONCES 101 -# define TS_F_TS_CHECK_POLICY 102 -# define TS_F_TS_CHECK_SIGNING_CERTS 103 -# define TS_F_TS_CHECK_STATUS_INFO 104 -# define TS_F_TS_COMPUTE_IMPRINT 145 -# define TS_F_TS_CONF_INVALID 151 -# define TS_F_TS_CONF_LOAD_CERT 153 -# define TS_F_TS_CONF_LOAD_CERTS 154 -# define TS_F_TS_CONF_LOAD_KEY 155 -# define TS_F_TS_CONF_LOOKUP_FAIL 152 -# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 -# define TS_F_TS_GET_STATUS_TEXT 105 -# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 -# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 -# define TS_F_TS_REQ_SET_NONCE 120 -# define TS_F_TS_REQ_SET_POLICY_ID 121 -# define TS_F_TS_RESP_CREATE_RESPONSE 122 -# define TS_F_TS_RESP_CREATE_TST_INFO 123 -# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 -# define TS_F_TS_RESP_CTX_ADD_MD 125 -# define TS_F_TS_RESP_CTX_ADD_POLICY 126 -# define TS_F_TS_RESP_CTX_NEW 127 -# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 -# define TS_F_TS_RESP_CTX_SET_CERTS 129 -# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 -# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 -# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 -# define TS_F_TS_RESP_GET_POLICY 133 -# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 -# define TS_F_TS_RESP_SET_STATUS_INFO 135 -# define TS_F_TS_RESP_SET_TST_INFO 150 -# define TS_F_TS_RESP_SIGN 136 -# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 -# define TS_F_TS_TST_INFO_SET_ACCURACY 137 -# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 -# define TS_F_TS_TST_INFO_SET_NONCE 139 -# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 -# define TS_F_TS_TST_INFO_SET_SERIAL 141 -# define TS_F_TS_TST_INFO_SET_TIME 142 -# define TS_F_TS_TST_INFO_SET_TSA 143 -# define TS_F_TS_VERIFY 108 -# define TS_F_TS_VERIFY_CERT 109 -# define TS_F_TS_VERIFY_CTX_NEW 144 +# if !OPENSSL_API_3 +# define TS_F_DEF_SERIAL_CB 0 +# define TS_F_DEF_TIME_CB 0 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 0 +# define TS_F_PKCS7_TO_TS_TST_INFO 0 +# define TS_F_TS_ACCURACY_SET_MICROS 0 +# define TS_F_TS_ACCURACY_SET_MILLIS 0 +# define TS_F_TS_ACCURACY_SET_SECONDS 0 +# define TS_F_TS_CHECK_IMPRINTS 0 +# define TS_F_TS_CHECK_NONCES 0 +# define TS_F_TS_CHECK_POLICY 0 +# define TS_F_TS_CHECK_SIGNING_CERTS 0 +# define TS_F_TS_CHECK_STATUS_INFO 0 +# define TS_F_TS_COMPUTE_IMPRINT 0 +# define TS_F_TS_CONF_INVALID 0 +# define TS_F_TS_CONF_LOAD_CERT 0 +# define TS_F_TS_CONF_LOAD_CERTS 0 +# define TS_F_TS_CONF_LOAD_KEY 0 +# define TS_F_TS_CONF_LOOKUP_FAIL 0 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 0 +# define TS_F_TS_GET_STATUS_TEXT 0 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 0 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 0 +# define TS_F_TS_REQ_SET_NONCE 0 +# define TS_F_TS_REQ_SET_POLICY_ID 0 +# define TS_F_TS_RESP_CREATE_RESPONSE 0 +# define TS_F_TS_RESP_CREATE_TST_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_MD 0 +# define TS_F_TS_RESP_CTX_ADD_POLICY 0 +# define TS_F_TS_RESP_CTX_NEW 0 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 0 +# define TS_F_TS_RESP_CTX_SET_CERTS 0 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 0 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 0 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_GET_POLICY 0 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 0 +# define TS_F_TS_RESP_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_SET_TST_INFO 0 +# define TS_F_TS_RESP_SIGN 0 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 0 +# define TS_F_TS_TST_INFO_SET_ACCURACY 0 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 0 +# define TS_F_TS_TST_INFO_SET_NONCE 0 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 0 +# define TS_F_TS_TST_INFO_SET_SERIAL 0 +# define TS_F_TS_TST_INFO_SET_TIME 0 +# define TS_F_TS_TST_INFO_SET_TSA 0 +# define TS_F_TS_VERIFY 0 +# define TS_F_TS_VERIFY_CERT 0 +# define TS_F_TS_VERIFY_CTX_NEW 0 +# endif /* * TS reason codes. diff --git a/include/openssl/uierr.h b/include/openssl/uierr.h index 98244b3..b3f7871 100644 --- a/include/openssl/uierr.h +++ b/include/openssl/uierr.h @@ -11,9 +11,9 @@ #ifndef HEADER_UIERR_H # define HEADER_UIERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,27 +23,29 @@ int ERR_load_UI_strings(void); /* * UI function codes. */ -# define UI_F_CLOSE_CONSOLE 115 -# define UI_F_ECHO_CONSOLE 116 -# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 -# define UI_F_GENERAL_ALLOCATE_PROMPT 109 -# define UI_F_NOECHO_CONSOLE 117 -# define UI_F_OPEN_CONSOLE 114 -# define UI_F_UI_CONSTRUCT_PROMPT 121 -# define UI_F_UI_CREATE_METHOD 112 -# define UI_F_UI_CTRL 111 -# define UI_F_UI_DUP_ERROR_STRING 101 -# define UI_F_UI_DUP_INFO_STRING 102 -# define UI_F_UI_DUP_INPUT_BOOLEAN 110 -# define UI_F_UI_DUP_INPUT_STRING 103 -# define UI_F_UI_DUP_USER_DATA 118 -# define UI_F_UI_DUP_VERIFY_STRING 106 -# define UI_F_UI_GET0_RESULT 107 -# define UI_F_UI_GET_RESULT_LENGTH 119 -# define UI_F_UI_NEW_METHOD 104 -# define UI_F_UI_PROCESS 113 -# define UI_F_UI_SET_RESULT 105 -# define UI_F_UI_SET_RESULT_EX 120 +# if !OPENSSL_API_3 +# define UI_F_CLOSE_CONSOLE 0 +# define UI_F_ECHO_CONSOLE 0 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 0 +# define UI_F_GENERAL_ALLOCATE_PROMPT 0 +# define UI_F_NOECHO_CONSOLE 0 +# define UI_F_OPEN_CONSOLE 0 +# define UI_F_UI_CONSTRUCT_PROMPT 0 +# define UI_F_UI_CREATE_METHOD 0 +# define UI_F_UI_CTRL 0 +# define UI_F_UI_DUP_ERROR_STRING 0 +# define UI_F_UI_DUP_INFO_STRING 0 +# define UI_F_UI_DUP_INPUT_BOOLEAN 0 +# define UI_F_UI_DUP_INPUT_STRING 0 +# define UI_F_UI_DUP_USER_DATA 0 +# define UI_F_UI_DUP_VERIFY_STRING 0 +# define UI_F_UI_GET0_RESULT 0 +# define UI_F_UI_GET_RESULT_LENGTH 0 +# define UI_F_UI_NEW_METHOD 0 +# define UI_F_UI_PROCESS 0 +# define UI_F_UI_SET_RESULT 0 +# define UI_F_UI_SET_RESULT_EX 0 +# endif /* * UI reason codes. diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index f04db92..2a237dd 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -11,9 +11,9 @@ #ifndef HEADER_X509ERR_H # define HEADER_X509ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,72 +23,74 @@ int ERR_load_X509_strings(void); /* * X509 function codes. */ -# define X509_F_ADD_CERT_DIR 100 -# define X509_F_BUILD_CHAIN 106 -# define X509_F_BY_FILE_CTRL 101 -# define X509_F_CHECK_NAME_CONSTRAINTS 149 -# define X509_F_CHECK_POLICY 145 -# define X509_F_COMMON_VERIFY_SM2 165 -# define X509_F_DANE_I2D 107 -# define X509_F_DIR_CTRL 102 -# define X509_F_GET_CERT_BY_SUBJECT 103 -# define X509_F_I2D_X509_AUX 151 -# define X509_F_LOOKUP_CERTS_SK 152 -# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 -# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 -# define X509_F_NEW_DIR 153 -# define X509_F_X509AT_ADD1_ATTR 135 -# define X509_F_X509V3_ADD_EXT 104 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 -# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 -# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 -# define X509_F_X509_CHECK_PRIVATE_KEY 128 -# define X509_F_X509_CRL_DIFF 105 -# define X509_F_X509_CRL_METHOD_NEW 154 -# define X509_F_X509_CRL_PRINT_FP 147 -# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 -# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 -# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 -# define X509_F_X509_LOAD_CERT_CRL_FILE 132 -# define X509_F_X509_LOAD_CERT_FILE 111 -# define X509_F_X509_LOAD_CRL_FILE 112 -# define X509_F_X509_LOOKUP_METH_NEW 160 -# define X509_F_X509_LOOKUP_NEW 155 -# define X509_F_X509_NAME_ADD_ENTRY 113 -# define X509_F_X509_NAME_CANON 156 -# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 -# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 -# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 -# define X509_F_X509_NAME_ONELINE 116 -# define X509_F_X509_NAME_PRINT 117 -# define X509_F_X509_OBJECT_NEW 150 -# define X509_F_X509_PRINT_EX_FP 118 -# define X509_F_X509_PUBKEY_DECODE 148 -# define X509_F_X509_PUBKEY_GET0 119 -# define X509_F_X509_PUBKEY_SET 120 -# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 -# define X509_F_X509_REQ_PRINT_EX 121 -# define X509_F_X509_REQ_PRINT_FP 122 -# define X509_F_X509_REQ_TO_X509 123 -# define X509_F_X509_REQ_VERIFY 163 -# define X509_F_X509_REQ_VERIFY_SM2 164 -# define X509_F_X509_STORE_ADD_CERT 124 -# define X509_F_X509_STORE_ADD_CRL 125 -# define X509_F_X509_STORE_ADD_LOOKUP 157 -# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 -# define X509_F_X509_STORE_CTX_INIT 143 -# define X509_F_X509_STORE_CTX_NEW 142 -# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 -# define X509_F_X509_STORE_NEW 158 -# define X509_F_X509_TO_X509_REQ 126 -# define X509_F_X509_TRUST_ADD 133 -# define X509_F_X509_TRUST_SET 141 -# define X509_F_X509_VERIFY 161 -# define X509_F_X509_VERIFY_CERT 127 -# define X509_F_X509_VERIFY_PARAM_NEW 159 -# define X509_F_X509_VERIFY_SM2 162 +# if !OPENSSL_API_3 +# define X509_F_ADD_CERT_DIR 0 +# define X509_F_BUILD_CHAIN 0 +# define X509_F_BY_FILE_CTRL 0 +# define X509_F_CHECK_NAME_CONSTRAINTS 0 +# define X509_F_CHECK_POLICY 0 +# define X509_F_COMMON_VERIFY_SM2 0 +# define X509_F_DANE_I2D 0 +# define X509_F_DIR_CTRL 0 +# define X509_F_GET_CERT_BY_SUBJECT 0 +# define X509_F_I2D_X509_AUX 0 +# define X509_F_LOOKUP_CERTS_SK 0 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 0 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 0 +# define X509_F_NEW_DIR 0 +# define X509_F_X509AT_ADD1_ATTR 0 +# define X509_F_X509V3_ADD_EXT 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 0 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 0 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 0 +# define X509_F_X509_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_CRL_DIFF 0 +# define X509_F_X509_CRL_METHOD_NEW 0 +# define X509_F_X509_CRL_PRINT_FP 0 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 0 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 0 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 0 +# define X509_F_X509_LOAD_CERT_CRL_FILE 0 +# define X509_F_X509_LOAD_CERT_FILE 0 +# define X509_F_X509_LOAD_CRL_FILE 0 +# define X509_F_X509_LOOKUP_METH_NEW 0 +# define X509_F_X509_LOOKUP_NEW 0 +# define X509_F_X509_NAME_ADD_ENTRY 0 +# define X509_F_X509_NAME_CANON 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 0 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 0 +# define X509_F_X509_NAME_ONELINE 0 +# define X509_F_X509_NAME_PRINT 0 +# define X509_F_X509_OBJECT_NEW 0 +# define X509_F_X509_PRINT_EX_FP 0 +# define X509_F_X509_PUBKEY_DECODE 0 +# define X509_F_X509_PUBKEY_GET0 0 +# define X509_F_X509_PUBKEY_SET 0 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_REQ_PRINT_EX 0 +# define X509_F_X509_REQ_PRINT_FP 0 +# define X509_F_X509_REQ_TO_X509 0 +# define X509_F_X509_REQ_VERIFY 0 +# define X509_F_X509_REQ_VERIFY_SM2 0 +# define X509_F_X509_STORE_ADD_CERT 0 +# define X509_F_X509_STORE_ADD_CRL 0 +# define X509_F_X509_STORE_ADD_LOOKUP 0 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 0 +# define X509_F_X509_STORE_CTX_INIT 0 +# define X509_F_X509_STORE_CTX_NEW 0 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 0 +# define X509_F_X509_STORE_NEW 0 +# define X509_F_X509_TO_X509_REQ 0 +# define X509_F_X509_TRUST_ADD 0 +# define X509_F_X509_TRUST_SET 0 +# define X509_F_X509_VERIFY 0 +# define X509_F_X509_VERIFY_CERT 0 +# define X509_F_X509_VERIFY_PARAM_NEW 0 +# define X509_F_X509_VERIFY_SM2 0 +# endif /* * X509 reason codes. diff --git a/include/openssl/x509v3err.h b/include/openssl/x509v3err.h index 1d91d09..4ccc76b 100644 --- a/include/openssl/x509v3err.h +++ b/include/openssl/x509v3err.h @@ -11,9 +11,9 @@ #ifndef HEADER_X509V3ERR_H # define HEADER_X509V3ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,72 +23,74 @@ int ERR_load_X509V3_strings(void); /* * X509V3 function codes. */ -# define X509V3_F_A2I_GENERAL_NAME 164 -# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 -# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 -# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 -# define X509V3_F_BIGNUM_TO_STRING 167 -# define X509V3_F_COPY_EMAIL 122 -# define X509V3_F_COPY_ISSUER 123 -# define X509V3_F_DO_DIRNAME 144 -# define X509V3_F_DO_EXT_I2D 135 -# define X509V3_F_DO_EXT_NCONF 151 -# define X509V3_F_GNAMES_FROM_SECTNAME 156 -# define X509V3_F_I2S_ASN1_ENUMERATED 121 -# define X509V3_F_I2S_ASN1_IA5STRING 149 -# define X509V3_F_I2S_ASN1_INTEGER 120 -# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 -# define X509V3_F_LEVEL_ADD_NODE 168 -# define X509V3_F_NOTICE_SECTION 132 -# define X509V3_F_NREF_NOS 133 -# define X509V3_F_POLICY_CACHE_CREATE 169 -# define X509V3_F_POLICY_CACHE_NEW 170 -# define X509V3_F_POLICY_DATA_NEW 171 -# define X509V3_F_POLICY_SECTION 131 -# define X509V3_F_PROCESS_PCI_VALUE 150 -# define X509V3_F_R2I_CERTPOL 130 -# define X509V3_F_R2I_PCI 155 -# define X509V3_F_S2I_ASN1_IA5STRING 100 -# define X509V3_F_S2I_ASN1_INTEGER 108 -# define X509V3_F_S2I_ASN1_OCTET_STRING 112 -# define X509V3_F_S2I_SKEY_ID 115 -# define X509V3_F_SET_DIST_POINT_NAME 158 -# define X509V3_F_SXNET_ADD_ID_ASC 125 -# define X509V3_F_SXNET_ADD_ID_INTEGER 126 -# define X509V3_F_SXNET_ADD_ID_ULONG 127 -# define X509V3_F_SXNET_GET_ID_ASC 128 -# define X509V3_F_SXNET_GET_ID_ULONG 129 -# define X509V3_F_TREE_INIT 172 -# define X509V3_F_V2I_ASIDENTIFIERS 163 -# define X509V3_F_V2I_ASN1_BIT_STRING 101 -# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 -# define X509V3_F_V2I_AUTHORITY_KEYID 119 -# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 -# define X509V3_F_V2I_CRLD 134 -# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 -# define X509V3_F_V2I_GENERAL_NAMES 118 -# define X509V3_F_V2I_GENERAL_NAME_EX 117 -# define X509V3_F_V2I_IDP 157 -# define X509V3_F_V2I_IPADDRBLOCKS 159 -# define X509V3_F_V2I_ISSUER_ALT 153 -# define X509V3_F_V2I_NAME_CONSTRAINTS 147 -# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 -# define X509V3_F_V2I_POLICY_MAPPINGS 145 -# define X509V3_F_V2I_SUBJECT_ALT 154 -# define X509V3_F_V2I_TLS_FEATURE 165 -# define X509V3_F_V3_GENERIC_EXTENSION 116 -# define X509V3_F_X509V3_ADD1_I2D 140 -# define X509V3_F_X509V3_ADD_VALUE 105 -# define X509V3_F_X509V3_EXT_ADD 104 -# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 -# define X509V3_F_X509V3_EXT_I2D 136 -# define X509V3_F_X509V3_EXT_NCONF 152 -# define X509V3_F_X509V3_GET_SECTION 142 -# define X509V3_F_X509V3_GET_STRING 143 -# define X509V3_F_X509V3_GET_VALUE_BOOL 110 -# define X509V3_F_X509V3_PARSE_LIST 109 -# define X509V3_F_X509_PURPOSE_ADD 137 -# define X509V3_F_X509_PURPOSE_SET 141 +# if !OPENSSL_API_3 +# define X509V3_F_A2I_GENERAL_NAME 0 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 0 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 0 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 0 +# define X509V3_F_BIGNUM_TO_STRING 0 +# define X509V3_F_COPY_EMAIL 0 +# define X509V3_F_COPY_ISSUER 0 +# define X509V3_F_DO_DIRNAME 0 +# define X509V3_F_DO_EXT_I2D 0 +# define X509V3_F_DO_EXT_NCONF 0 +# define X509V3_F_GNAMES_FROM_SECTNAME 0 +# define X509V3_F_I2S_ASN1_ENUMERATED 0 +# define X509V3_F_I2S_ASN1_IA5STRING 0 +# define X509V3_F_I2S_ASN1_INTEGER 0 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_LEVEL_ADD_NODE 0 +# define X509V3_F_NOTICE_SECTION 0 +# define X509V3_F_NREF_NOS 0 +# define X509V3_F_POLICY_CACHE_CREATE 0 +# define X509V3_F_POLICY_CACHE_NEW 0 +# define X509V3_F_POLICY_DATA_NEW 0 +# define X509V3_F_POLICY_SECTION 0 +# define X509V3_F_PROCESS_PCI_VALUE 0 +# define X509V3_F_R2I_CERTPOL 0 +# define X509V3_F_R2I_PCI 0 +# define X509V3_F_S2I_ASN1_IA5STRING 0 +# define X509V3_F_S2I_ASN1_INTEGER 0 +# define X509V3_F_S2I_ASN1_OCTET_STRING 0 +# define X509V3_F_S2I_SKEY_ID 0 +# define X509V3_F_SET_DIST_POINT_NAME 0 +# define X509V3_F_SXNET_ADD_ID_ASC 0 +# define X509V3_F_SXNET_ADD_ID_INTEGER 0 +# define X509V3_F_SXNET_ADD_ID_ULONG 0 +# define X509V3_F_SXNET_GET_ID_ASC 0 +# define X509V3_F_SXNET_GET_ID_ULONG 0 +# define X509V3_F_TREE_INIT 0 +# define X509V3_F_V2I_ASIDENTIFIERS 0 +# define X509V3_F_V2I_ASN1_BIT_STRING 0 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_V2I_AUTHORITY_KEYID 0 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 0 +# define X509V3_F_V2I_CRLD 0 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 0 +# define X509V3_F_V2I_GENERAL_NAMES 0 +# define X509V3_F_V2I_GENERAL_NAME_EX 0 +# define X509V3_F_V2I_IDP 0 +# define X509V3_F_V2I_IPADDRBLOCKS 0 +# define X509V3_F_V2I_ISSUER_ALT 0 +# define X509V3_F_V2I_NAME_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_MAPPINGS 0 +# define X509V3_F_V2I_SUBJECT_ALT 0 +# define X509V3_F_V2I_TLS_FEATURE 0 +# define X509V3_F_V3_GENERIC_EXTENSION 0 +# define X509V3_F_X509V3_ADD1_I2D 0 +# define X509V3_F_X509V3_ADD_VALUE 0 +# define X509V3_F_X509V3_EXT_ADD 0 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 0 +# define X509V3_F_X509V3_EXT_I2D 0 +# define X509V3_F_X509V3_EXT_NCONF 0 +# define X509V3_F_X509V3_GET_SECTION 0 +# define X509V3_F_X509V3_GET_STRING 0 +# define X509V3_F_X509V3_GET_VALUE_BOOL 0 +# define X509V3_F_X509V3_PARSE_LIST 0 +# define X509V3_F_X509_PURPOSE_ADD 0 +# define X509V3_F_X509_PURPOSE_SET 0 +# endif /* * X509V3 reason codes. diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h index 609fd5b..d1af68f 100644 --- a/providers/common/include/internal/providercommonerr.h +++ b/providers/common/include/internal/providercommonerr.h @@ -11,9 +11,9 @@ #ifndef HEADER_PROVERR_H # define HEADER_PROVERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + # ifdef __cplusplus extern "C" @@ -23,21 +23,23 @@ int ERR_load_PROV_strings(void); /* * PROV function codes. */ -# define PROV_F_AESNI_INIT_KEY 101 -# define PROV_F_AES_BLOCK_FINAL 102 -# define PROV_F_AES_BLOCK_UPDATE 103 -# define PROV_F_AES_CIPHER 104 -# define PROV_F_AES_CTX_GET_PARAMS 105 -# define PROV_F_AES_CTX_SET_PARAMS 106 -# define PROV_F_AES_DINIT 107 -# define PROV_F_AES_DUPCTX 108 -# define PROV_F_AES_EINIT 109 -# define PROV_F_AES_INIT_KEY 110 -# define PROV_F_AES_STREAM_UPDATE 111 -# define PROV_F_AES_T4_INIT_KEY 112 -# define PROV_F_PROV_AES_KEY_GENERIC_INIT 113 -# define PROV_F_TRAILINGDATA 114 -# define PROV_F_UNPADBLOCK 100 +# if !OPENSSL_API_3 +# define PROV_F_AESNI_INIT_KEY 0 +# define PROV_F_AES_BLOCK_FINAL 0 +# define PROV_F_AES_BLOCK_UPDATE 0 +# define PROV_F_AES_CIPHER 0 +# define PROV_F_AES_CTX_GET_PARAMS 0 +# define PROV_F_AES_CTX_SET_PARAMS 0 +# define PROV_F_AES_DINIT 0 +# define PROV_F_AES_DUPCTX 0 +# define PROV_F_AES_EINIT 0 +# define PROV_F_AES_INIT_KEY 0 +# define PROV_F_AES_STREAM_UPDATE 0 +# define PROV_F_AES_T4_INIT_KEY 0 +# define PROV_F_PROV_AES_KEY_GENERIC_INIT 0 +# define PROV_F_TRAILINGDATA 0 +# define PROV_F_UNPADBLOCK 0 +# endif /* * PROV reason codes. diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index e6b577f..320aee8 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -13,28 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA PROV_str_functs[] = { - {ERR_PACK(ERR_LIB_PROV, PROV_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_FINAL, 0), "aes_block_final"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_UPDATE, 0), "aes_block_update"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CIPHER, 0), "aes_cipher"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_GET_PARAMS, 0), - "aes_ctx_get_params"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_SET_PARAMS, 0), - "aes_ctx_set_params"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DINIT, 0), "aes_dinit"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DUPCTX, 0), "aes_dupctx"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_EINIT, 0), "aes_einit"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_INIT_KEY, 0), "aes_init_key"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_STREAM_UPDATE, 0), "aes_stream_update"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_PROV_AES_KEY_GENERIC_INIT, 0), - "PROV_AES_KEY_generic_init"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_TRAILINGDATA, 0), "trailingdata"}, - {ERR_PACK(ERR_LIB_PROV, PROV_F_UNPADBLOCK, 0), "unpadblock"}, - {0, NULL} -}; - static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, @@ -58,10 +36,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { int ERR_load_PROV_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PROV_str_functs[0].error) == NULL) { - ERR_load_strings_const(PROV_str_functs); + if (ERR_func_error_string(PROV_str_reasons[0].error) == NULL) ERR_load_strings_const(PROV_str_reasons); - } #endif return 1; } diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d3f681b..01955d7 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -378,7 +378,7 @@ int dtls1_check_timeout_num(SSL *s) if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ - SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, + SSLfatal(s, SSL_AD_NO_ALERT, 0, SSL_R_READ_TIMEOUT_EXPIRED); return -1; } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index daeee1e..ef9b95a 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -13,718 +13,6 @@ #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA SSL_str_functs[] = { - {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_CLIENT_KEY_SHARE_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_KEY_SHARE, 0), "add_key_share"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_BYTES_TO_CIPHER_LIST, 0), - "bytes_to_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0), - "check_suiteb_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CIPHERSUITE_CB, 0), "ciphersuite_cb"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0), - "construct_key_exchange_tbs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATEFUL_TICKET, 0), - "construct_stateful_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATELESS_TICKET, 0), - "construct_stateless_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0), - "create_synthetic_message_hash"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_TICKET_PREQUEL, 0), - "create_ticket_prequel"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_MOVE_SCTS, 0), "ct_move_scts"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_STRICT, 0), "ct_strict"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_ADD, 0), "custom_ext_add"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_PARSE, 0), "custom_ext_parse"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_D2I_SSL_SESSION, 0), "d2i_SSL_SESSION"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_CTX_ENABLE, 0), "dane_ctx_enable"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_MTYPE_SET, 0), "dane_mtype_set"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_TLSA_ADD, 0), "dane_tlsa_add"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DERIVE_SECRET_KEY_AND_IV, 0), - "derive_secret_key_and_iv"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_DTLS1_WRITE, 0), "do_dtls1_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_SSL3_WRITE, 0), "do_ssl3_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_BUFFER_RECORD, 0), - "dtls1_buffer_record"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0), - "dtls1_check_timeout_num"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0), - "dtls1_hm_fragment_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0), - "dtls1_preprocess_fragment"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, 0), - "dtls1_process_buffered_records"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_RECORD, 0), - "dtls1_process_record"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_BYTES, 0), "dtls1_read_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_FAILED, 0), "dtls1_read_failed"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_RETRANSMIT_MESSAGE, 0), - "dtls1_retransmit_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_APP_DATA_BYTES, 0), - "dtls1_write_app_data_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_BYTES, 0), "dtls1_write_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLSV1_LISTEN, 0), "DTLSv1_listen"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0), - "dtls_construct_change_cipher_spec"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, 0), - "dtls_construct_hello_verify_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, 0), - "dtls_get_reassembled_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_PROCESS_HELLO_VERIFY, 0), - "dtls_process_hello_verify"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_RECORD_LAYER_NEW, 0), - "DTLS_RECORD_LAYER_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_WAIT_FOR_DRY, 0), "dtls_wait_for_dry"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_EARLY_DATA_COUNT_OK, 0), - "early_data_count_ok"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EARLY_DATA, 0), "final_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EC_PT_FORMATS, 0), - "final_ec_pt_formats"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EMS, 0), "final_ems"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0), - "final_maxfragmentlen"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_GET_CERT_VERIFY_TBS_DATA, 0), - "get_cert_verify_tbs_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_NSS_KEYLOG_INT, 0), "nss_keylog_int"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OPENSSL_INIT_SSL, 0), "OPENSSL_init_ssl"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, 0), - "ossl_statem_client13_write_transition"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE, 0), - "ossl_statem_client_post_process_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE, 0), - "ossl_statem_client_process_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, 0), - "ossl_statem_client_read_transition"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION, 0), - "ossl_statem_client_write_transition"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION, 0), - "ossl_statem_server13_write_transition"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE, 0), - "ossl_statem_server_post_process_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0), - "ossl_statem_server_post_work"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0), - "ossl_statem_server_process_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0), - "ossl_statem_server_read_transition"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, 0), - "ossl_statem_server_write_transition"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_PARSE_CA_NAMES, 0), "parse_ca_names"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0), - "set_client_ciphersuite"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, 0), - "srp_generate_client_master_secret"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, 0), - "srp_generate_server_master_secret"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_VERIFY_SERVER_PARAM, 0), - "srp_verify_server_param"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHANGE_CIPHER_STATE, 0), - "ssl3_change_cipher_state"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 0), - "ssl3_check_cert_and_algorithm"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTRL, 0), "ssl3_ctrl"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTX_CTRL, 0), "ssl3_ctx_ctrl"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 0), - "ssl3_digest_cached_records"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0), - "ssl3_do_change_cipher_spec"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0), - "ssl3_final_finish_mac"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINISH_MAC, 0), "ssl3_finish_mac"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_KEY_BLOCK, 0), - "ssl3_generate_key_block"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_MASTER_SECRET, 0), - "ssl3_generate_master_secret"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, 0), "ssl3_get_record"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_INIT_FINISHED_MAC, 0), - "ssl3_init_finished_mac"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_OUTPUT_CERT_CHAIN, 0), - "ssl3_output_cert_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, 0), "ssl3_read_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_N, 0), "ssl3_read_n"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_KEY_BLOCK, 0), - "ssl3_setup_key_block"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_READ_BUFFER, 0), - "ssl3_setup_read_buffer"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_WRITE_BUFFER, 0), - "ssl3_setup_write_buffer"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_BYTES, 0), "ssl3_write_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_PENDING, 0), "ssl3_write_pending"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_CHAIN, 0), "ssl_add_cert_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_BUF, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_WPACKET, 0), - "ssl_add_cert_to_wpacket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, 0), - "SSL_add_dir_cert_subjects_to_stack"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, 0), - "SSL_add_file_cert_subjects_to_stack"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BAD_METHOD, 0), "ssl_bad_method"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BUILD_CERT_CHAIN, 0), - "ssl_build_cert_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BYTES_TO_CIPHER_LIST, 0), - "SSL_bytes_to_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CACHE_CIPHERLIST, 0), - "ssl_cache_cipherlist"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_ADD0_CHAIN_CERT, 0), - "ssl_cert_add0_chain_cert"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_DUP, 0), "ssl_cert_dup"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_NEW, 0), "ssl_cert_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_SET0_CHAIN, 0), - "ssl_cert_set0_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_PRIVATE_KEY, 0), - "SSL_check_private_key"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, 0), - "ssl_check_srp_ext_ClientHello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 0), - "ssl_check_srvr_ecc_cert_and_alg"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0), - "ssl_choose_client_version"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_DESCRIPTION, 0), - "SSL_CIPHER_description"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0), - "ssl_cipher_list_to_bytes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0), - "ssl_cipher_process_rulestr"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_STRENGTH_SORT, 0), - "ssl_cipher_strength_sort"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLEAR, 0), "SSL_clear"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, 0), - "SSL_client_hello_get1_extensions_present"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 0), - "SSL_COMP_add_compression_method"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CONF_CMD, 0), "SSL_CONF_cmd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CREATE_CIPHER_LIST, 0), - "ssl_create_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTRL, 0), "SSL_ctrl"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 0), - "SSL_CTX_check_private_key"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_ENABLE_CT, 0), "SSL_CTX_enable_ct"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_MAKE_PROFILES, 0), - "ssl_ctx_make_profiles"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_NEW, 0), "SSL_CTX_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_ALPN_PROTOS, 0), - "SSL_CTX_set_alpn_protos"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CIPHER_LIST, 0), - "SSL_CTX_set_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, 0), - "SSL_CTX_set_client_cert_engine"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, 0), - "SSL_CTX_set_ct_validation_callback"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 0), - "SSL_CTX_set_session_id_context"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SSL_VERSION, 0), - "SSL_CTX_set_ssl_version"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0), - "SSL_CTX_set_tlsext_max_fragment_length"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE, 0), - "SSL_CTX_use_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, 0), - "SSL_CTX_use_certificate_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 0), - "SSL_CTX_use_certificate_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY, 0), - "SSL_CTX_use_PrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, 0), - "SSL_CTX_use_PrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, 0), - "SSL_CTX_use_PrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 0), - "SSL_CTX_use_psk_identity_hint"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, 0), - "SSL_CTX_use_RSAPrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, 0), - "SSL_CTX_use_RSAPrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, 0), - "SSL_CTX_use_RSAPrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO, 0), - "SSL_CTX_use_serverinfo"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_EX, 0), - "SSL_CTX_use_serverinfo_ex"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_FILE, 0), - "SSL_CTX_use_serverinfo_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_DUP, 0), "ssl_dane_dup"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_ENABLE, 0), "SSL_dane_enable"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DERIVE, 0), "ssl_derive"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_CONFIG, 0), "ssl_do_config"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_HANDSHAKE, 0), "SSL_do_handshake"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DUP_CA_LIST, 0), "SSL_dup_CA_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ENABLE_CT, 0), "SSL_enable_ct"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_PKEY_GROUP, 0), - "ssl_generate_pkey_group"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_SESSION_ID, 0), - "ssl_generate_session_id"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_NEW_SESSION, 0), - "ssl_get_new_session"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_PREV_SESSION, 0), - "ssl_get_prev_session"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SERVER_CERT_INDEX, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SIGN_PKEY, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_HANDSHAKE_HASH, 0), "ssl_handshake_hash"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_INIT_WBIO_BUFFER, 0), - "ssl_init_wbio_buffer"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_KEY_UPDATE, 0), "SSL_key_update"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_CLIENT_CA_FILE, 0), - "SSL_load_client_CA_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_MASTER_SECRET, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, 0), - "ssl_log_rsa_client_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_MODULE_INIT, 0), "ssl_module_init"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEW, 0), "SSL_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEXT_PROTO_VALIDATE, 0), - "ssl_next_proto_validate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK, 0), "SSL_peek"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_EX, 0), "SSL_peek_ex"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_INTERNAL, 0), "ssl_peek_internal"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ, 0), "SSL_read"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EARLY_DATA, 0), - "SSL_read_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EX, 0), "SSL_read_ex"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_INTERNAL, 0), "ssl_read_internal"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE, 0), "SSL_renegotiate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE_ABBREVIATED, 0), - "SSL_renegotiate_abbreviated"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SENDFILE, 0), "SSL_sendfile"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_DUP, 0), "ssl_session_dup"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_NEW, 0), "SSL_SESSION_new"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_PRINT_FP, 0), - "SSL_SESSION_print_fp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID, 0), - "SSL_SESSION_set1_id"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID_CONTEXT, 0), - "SSL_SESSION_set1_id_context"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_ALPN_PROTOS, 0), - "SSL_set_alpn_protos"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT, 0), "ssl_set_cert"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT_AND_KEY, 0), - "ssl_set_cert_and_key"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CIPHER_LIST, 0), - "SSL_set_cipher_list"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, 0), - "SSL_set_ct_validation_callback"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_FD, 0), "SSL_set_fd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_PKEY, 0), "ssl_set_pkey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_RFD, 0), "SSL_set_rfd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION, 0), "SSL_set_session"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_ID_CONTEXT, 0), - "SSL_set_session_id_context"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_TICKET_EXT, 0), - "SSL_set_session_ticket_ext"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0), - "SSL_set_tlsext_max_fragment_length"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_WFD, 0), "SSL_set_wfd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SHUTDOWN, 0), "SSL_shutdown"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SRP_CTX_INIT, 0), "SSL_SRP_CTX_init"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_START_ASYNC_JOB, 0), - "ssl_start_async_job"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_FUNCTION, 0), - "ssl_undefined_function"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 0), - "ssl_undefined_void_function"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE, 0), - "SSL_use_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_ASN1, 0), - "SSL_use_certificate_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_FILE, 0), - "SSL_use_certificate_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY, 0), "SSL_use_PrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_ASN1, 0), - "SSL_use_PrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_FILE, 0), - "SSL_use_PrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PSK_IDENTITY_HINT, 0), - "SSL_use_psk_identity_hint"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY, 0), - "SSL_use_RSAPrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, 0), - "SSL_use_RSAPrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, 0), - "SSL_use_RSAPrivateKey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VALIDATE_CT, 0), "ssl_validate_ct"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CERT_CHAIN, 0), - "ssl_verify_cert_chain"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, 0), - "SSL_verify_client_post_handshake"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE, 0), "SSL_write"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_DATA, 0), - "SSL_write_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_FINISH, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0), - "tls12_check_peer_sigalg"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_CHANGE_CIPHER_STATE, 0), - "tls13_change_cipher_state"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_ENC, 0), "tls13_enc"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_FINAL_FINISH_MAC, 0), - "tls13_final_finish_mac"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_GENERATE_SECRET, 0), - "tls13_generate_secret"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_HKDF_EXPAND, 0), "tls13_hkdf_expand"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, 0), - "tls13_restore_handshake_digest_for_pha"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, 0), - "tls13_save_handshake_digest_for_pha"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SETUP_KEY_BLOCK, 0), - "tls13_setup_key_block"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHANGE_CIPHER_STATE, 0), - "tls1_change_cipher_state"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_ENC, 0), "tls1_enc"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_EXPORT_KEYING_MATERIAL, 0), - "tls1_export_keying_material"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_GET_CURVELIST, 0), "tls1_get_curvelist"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_PRF, 0), "tls1_PRF"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SAVE_U16, 0), "tls1_save_u16"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SETUP_KEY_BLOCK, 0), - "tls1_setup_key_block"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_GROUPS, 0), "tls1_set_groups"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_RAW_SIGALGS, 0), - "tls1_set_raw_sigalgs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SERVER_SIGALGS, 0), - "tls1_set_server_sigalgs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SHARED_SIGALGS, 0), - "tls1_set_shared_sigalgs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SIGALGS, 0), "tls1_set_sigalgs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CHOOSE_SIGALG, 0), "tls_choose_sigalg"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, 0), - "tls_client_key_exchange_post_work"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_COLLECT_EXTENSIONS, 0), - "tls_collect_extensions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, 0), - "tls_construct_certificate_authorities"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, 0), - "tls_construct_certificate_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, 0), - "tls_construct_cert_status_body"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, 0), - "tls_construct_cert_verify"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0), - "tls_construct_change_cipher_spec"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_DHE, 0), - "tls_construct_cke_dhe"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, 0), - "tls_construct_cke_ecdhe"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_GOST, 0), - "tls_construct_cke_gost"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, 0), - "tls_construct_cke_psk_preamble"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_RSA, 0), - "tls_construct_cke_rsa"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_SRP, 0), - "tls_construct_cke_srp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, 0), - "tls_construct_client_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, 0), - "tls_construct_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, 0), - "tls_construct_client_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ALPN, 0), - "tls_construct_ctos_alpn"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, 0), - "tls_construct_ctos_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, 0), - "tls_construct_ctos_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, 0), - "tls_construct_ctos_ec_pt_formats"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EMS, 0), - "tls_construct_ctos_ems"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ETM, 0), - "tls_construct_ctos_etm"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_HELLO, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, 0), - "tls_construct_ctos_key_share"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, 0), - "tls_construct_ctos_maxfragmentlen"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_NPN, 0), - "tls_construct_ctos_npn"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PADDING, 0), - "tls_construct_ctos_padding"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH, 0), - "tls_construct_ctos_post_handshake_auth"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK, 0), - "tls_construct_ctos_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, 0), - "tls_construct_ctos_psk_kex_modes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, 0), - "tls_construct_ctos_renegotiate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SCT, 0), - "tls_construct_ctos_sct"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, 0), - "tls_construct_ctos_server_name"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, 0), - "tls_construct_ctos_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, 0), - "tls_construct_ctos_sig_algs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SRP, 0), - "tls_construct_ctos_srp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, 0), - "tls_construct_ctos_status_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, 0), - "tls_construct_ctos_supported_groups"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, 0), - "tls_construct_ctos_supported_versions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, 0), - "tls_construct_ctos_use_srtp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_VERIFY, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS, 0), - "tls_construct_encrypted_extensions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA, 0), - "tls_construct_end_of_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_EXTENSIONS, 0), - "tls_construct_extensions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_FINISHED, 0), - "tls_construct_finished"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST, 0), - "tls_construct_hello_retry_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, 0), - "tls_construct_key_update"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, 0), - "tls_construct_new_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEXT_PROTO, 0), - "tls_construct_next_proto"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, 0), - "tls_construct_server_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, 0), - "tls_construct_server_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, 0), - "tls_construct_server_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ALPN, 0), - "tls_construct_stoc_alpn"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, 0), - "tls_construct_stoc_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, 0), - "tls_construct_stoc_cryptopro_bug"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_DONE, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, 0), - "tls_construct_stoc_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, 0), - "tls_construct_stoc_ec_pt_formats"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EMS, 0), - "tls_construct_stoc_ems"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ETM, 0), - "tls_construct_stoc_etm"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_HELLO, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, 0), - "tls_construct_stoc_key_share"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, 0), - "tls_construct_stoc_maxfragmentlen"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG, 0), - "tls_construct_stoc_next_proto_neg"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0), - "tls_construct_stoc_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, 0), - "tls_construct_stoc_renegotiate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, 0), - "tls_construct_stoc_server_name"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, 0), - "tls_construct_stoc_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, 0), - "tls_construct_stoc_status_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, 0), - "tls_construct_stoc_supported_groups"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, 0), - "tls_construct_stoc_supported_versions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, 0), - "tls_construct_stoc_use_srtp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, 0), - "tls_early_post_process_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_FINISH_HANDSHAKE, 0), - "tls_finish_handshake"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_BODY, 0), - "tls_get_message_body"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_HEADER, 0), - "tls_get_message_header"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_ALPN, 0), "tls_handle_alpn"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_STATUS_REQUEST, 0), - "tls_handle_status_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, 0), - "tls_parse_certificate_authorities"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_ALPN, 0), - "tls_parse_ctos_alpn"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_COOKIE, 0), - "tls_parse_ctos_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EARLY_DATA, 0), - "tls_parse_ctos_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, 0), - "tls_parse_ctos_ec_pt_formats"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EMS, 0), "tls_parse_ctos_ems"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, 0), - "tls_parse_ctos_key_share"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, 0), - "tls_parse_ctos_maxfragmentlen"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH, 0), - "tls_parse_ctos_post_handshake_auth"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0), - "tls_parse_ctos_psk_kex_modes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0), - "tls_parse_ctos_renegotiate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0), - "tls_parse_ctos_server_name"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, 0), - "tls_parse_ctos_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS, 0), - "tls_parse_ctos_sig_algs"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, 0), - "tls_parse_ctos_sig_algs_cert"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SRP, 0), "tls_parse_ctos_srp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, 0), - "tls_parse_ctos_status_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, 0), - "tls_parse_ctos_supported_groups"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_USE_SRTP, 0), - "tls_parse_ctos_use_srtp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_ALPN, 0), - "tls_parse_stoc_alpn"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE, 0), - "tls_parse_stoc_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA, 0), - "tls_parse_stoc_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, 0), - "tls_parse_stoc_ec_pt_formats"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_KEY_SHARE, 0), - "tls_parse_stoc_key_share"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, 0), - "tls_parse_stoc_maxfragmentlen"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0), - "tls_parse_stoc_renegotiate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SERVER_NAME, 0), - "tls_parse_stoc_server_name"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SESSION_TICKET, 0), - "tls_parse_stoc_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, 0), - "tls_parse_stoc_status_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, 0), - "tls_parse_stoc_supported_versions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_USE_SRTP, 0), - "tls_parse_stoc_use_srtp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, 0), - "tls_post_process_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, 0), - "tls_post_process_client_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, 0), - "tls_prepare_client_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST, 0), - "tls_process_as_hello_retry_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, 0), - "tls_process_certificate_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, 0), - "tls_process_cert_status_body"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_VERIFY, 0), - "tls_process_cert_verify"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, 0), - "tls_process_change_cipher_spec"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_DHE, 0), - "tls_process_cke_dhe"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_ECDHE, 0), - "tls_process_cke_ecdhe"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_GOST, 0), - "tls_process_cke_gost"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, 0), - "tls_process_cke_psk_preamble"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_RSA, 0), - "tls_process_cke_rsa"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_SRP, 0), - "tls_process_cke_srp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, 0), - "tls_process_client_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_HELLO, 0), - "tls_process_client_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, 0), - "tls_process_client_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, 0), - "tls_process_encrypted_extensions"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, 0), - "tls_process_end_of_early_data"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_FINISHED, 0), - "tls_process_finished"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_REQ, 0), - "tls_process_hello_req"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, 0), - "tls_process_hello_retry_request"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, 0), - "tls_process_initial_server_flight"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_EXCHANGE, 0), - "tls_process_key_exchange"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_UPDATE, 0), - "tls_process_key_update"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, 0), - "tls_process_new_session_ticket"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEXT_PROTO, 0), - "tls_process_next_proto"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, 0), - "tls_process_server_certificate"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_DONE, 0), - "tls_process_server_done"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_HELLO, 0), - "tls_process_server_hello"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_DHE, 0), - "tls_process_ske_dhe"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_ECDHE, 0), - "tls_process_ske_ecdhe"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, 0), - "tls_process_ske_psk_preamble"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_SRP, 0), - "tls_process_ske_srp"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PSK_DO_BINDER, 0), "tls_psk_do_binder"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SETUP_HANDSHAKE, 0), - "tls_setup_handshake"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0), - "use_certificate_chain_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_INTERN_INIT_LEN, 0), - "wpacket_intern_init_len"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_START_SUB_PACKET_LEN__, 0), - "WPACKET_start_sub_packet_len__"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0), - "write_state_machine"}, - {0, NULL} -}; - static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), "application data after close notify"}, @@ -1264,10 +552,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { int ERR_load_SSL_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { - ERR_load_strings_const(SSL_str_functs); + if (ERR_func_error_string(SSL_str_reasons[0].error) == NULL) ERR_load_strings_const(SSL_str_reasons); - } #endif return 1; } diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index e26a5be..a9309c9 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -136,10 +136,10 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, int line); # define SSL_AD_NO_ALERT -1 # ifndef OPENSSL_NO_ERR -# define SSLfatal(s, al, f, r) ossl_statem_fatal((s), (al), (f), (r), \ +# define SSLfatal(s, al, f, r) ossl_statem_fatal((s), (al), (0), (r), \ OPENSSL_FILE, OPENSSL_LINE) # else -# define SSLfatal(s, al, f, r) ossl_statem_fatal((s), (al), (f), (r), NULL, 0) +# define SSLfatal(s, al, f, r) ossl_statem_fatal((s), (al), (0), (r), NULL, 0) # endif int ossl_statem_in_error(const SSL *s); diff --git a/test/evp_test.c b/test/evp_test.c index f76929d..7e28203 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -36,7 +36,6 @@ typedef struct evp_test_st { const EVP_TEST_METHOD *meth; /* method for this test */ const char *err, *aux_err; /* Error string for test */ char *expected_err; /* Expected error value of test */ - char *func; /* Expected error function string */ char *reason; /* Expected error reason string */ void *data; /* test specific data */ } EVP_TEST; @@ -2735,8 +2734,6 @@ static void clear_test(EVP_TEST *t) } OPENSSL_free(t->expected_err); t->expected_err = NULL; - OPENSSL_free(t->func); - t->func = NULL; OPENSSL_free(t->reason); t->reason = NULL; @@ -2779,10 +2776,10 @@ static int check_test_error(EVP_TEST *t) return 0; } - if (t->func == NULL && t->reason == NULL) + if (t->reason == NULL) return 1; - if (t->func == NULL || t->reason == NULL) { + if (t->reason == NULL) { TEST_info("%s:%d: Test is missing function or reason code", t->s.test_file, t->s.start); return 0; @@ -2790,25 +2787,25 @@ static int check_test_error(EVP_TEST *t) err = ERR_peek_error(); if (err == 0) { - TEST_info("%s:%d: Expected error \"%s:%s\" not set", - t->s.test_file, t->s.start, t->func, t->reason); + TEST_info("%s:%d: Expected error \"%s\" not set", + t->s.test_file, t->s.start, t->reason); return 0; } func = ERR_func_error_string(err); reason = ERR_reason_error_string(err); if (func == NULL && reason == NULL) { - TEST_info("%s:%d: Expected error \"%s:%s\", no strings available." + TEST_info("%s:%d: Expected error \"%s\", no strings available." " Assuming ok.", - t->s.test_file, t->s.start, t->func, t->reason); + t->s.test_file, t->s.start, t->reason); return 1; } - if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0) + if (strcmp(reason, t->reason) == 0) return 1; - TEST_info("%s:%d: Expected error \"%s:%s\", got \"%s:%s\"", - t->s.test_file, t->s.start, t->func, t->reason, func, reason); + TEST_info("%s:%d: Expected error \"%s\", got \"%s\"", + t->s.test_file, t->s.start, t->reason, reason); return 0; } @@ -3039,11 +3036,7 @@ top: } t->expected_err = take_value(pp); } else if (strcmp(pp->key, "Function") == 0) { - if (t->func != NULL) { - TEST_info("Line %d: multiple function lines\n", t->s.curr); - return 0; - } - t->func = take_value(pp); + /* Ignore old line. */ } else if (strcmp(pp->key, "Reason") == 0) { if (t->reason != NULL) { TEST_info("Line %d: multiple reason lines", t->s.curr); diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index 00259b5..d395f15 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -374,13 +374,11 @@ Result = KEYOP_ERROR # Illegal RSA key derivation Derive = RSA-2048 Result = KEYOP_INIT_ERROR -Function = EVP_PKEY_derive_init Reason = operation not supported for this keytype Sign = RSA-2048 Ctrl = rsa_mgf1_md:sha1 Result = PKEY_CTRL_INVALID -Function = pkey_rsa_ctrl Reason = invalid mgf1 md # RSA PSS key tests @@ -571,19 +569,16 @@ Result = PKEY_CTRL_ERROR # Illegal decrypt Decrypt = RSA-PSS Result = KEYOP_INIT_ERROR -Function = EVP_PKEY_decrypt_init Reason = operation not supported for this keytype # Invalid key: rejected when we try to init Verify = RSA-PSS-BAD Result = KEYOP_INIT_ERROR -Function = rsa_pss_get_param Reason = invalid salt length # Invalid key: rejected when we try to init Verify = RSA-PSS-BAD2 Result = KEYOP_INIT_ERROR -Function = pkey_pss_init Reason = invalid salt length @@ -762,12 +757,10 @@ SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 Sign=Alice-25519 Result = KEYOP_INIT_ERROR -Function = EVP_PKEY_sign_init Reason = operation not supported for this keytype Verify=Alice-25519 Result = KEYOP_INIT_ERROR -Function = EVP_PKEY_verify_init Reason = operation not supported for this keytype Title = X448 test vectors (from RFC7748 6.2) @@ -834,12 +827,10 @@ SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2 Sign=Alice-448 Result = KEYOP_INIT_ERROR -Function = EVP_PKEY_sign_init Reason = operation not supported for this keytype Verify=Alice-448 Result = KEYOP_INIT_ERROR -Function = EVP_PKEY_verify_init Reason = operation not supported for this keytype @@ -17286,7 +17277,6 @@ Derive=ALICE_cf_sect283k1 PeerKey=BOB_cf_sect283k1_PUB Ctrl=ecdh_cofactor_mode:1 Result = DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title = Test keypair mismatches @@ -17830,7 +17820,6 @@ KeyGen = rsaEncryption Ctrl = rsa_keygen_bits:128 KeyName = tmprsa Result = PKEY_CTRL_INVALID -Function = pkey_rsa_ctrl Reason = key size too small # RSA-PSS with restrictions, should succeed. diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt index 8e618c8..b255f77 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecc.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt @@ -623,7 +623,6 @@ Derive=BOB_cf_c2pnb163v1 PeerKey=MALICE_cf_c2pnb163v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -631,7 +630,6 @@ Derive=ALICE_cf_c2pnb163v1 PeerKey=MALICE_cf_c2pnb163v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2pnb163v2 curve tests @@ -695,7 +693,6 @@ Derive=BOB_cf_c2pnb163v2 PeerKey=MALICE_cf_c2pnb163v2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -703,7 +700,6 @@ Derive=ALICE_cf_c2pnb163v2 PeerKey=MALICE_cf_c2pnb163v2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2pnb163v3 curve tests @@ -767,7 +763,6 @@ Derive=BOB_cf_c2pnb163v3 PeerKey=MALICE_cf_c2pnb163v3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -775,7 +770,6 @@ Derive=ALICE_cf_c2pnb163v3 PeerKey=MALICE_cf_c2pnb163v3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2pnb176v1 curve tests @@ -839,7 +833,6 @@ Derive=BOB_cf_c2pnb176v1 PeerKey=MALICE_cf_c2pnb176v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -847,7 +840,6 @@ Derive=ALICE_cf_c2pnb176v1 PeerKey=MALICE_cf_c2pnb176v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2pnb208w1 curve tests @@ -913,7 +905,6 @@ Derive=BOB_cf_c2pnb208w1 PeerKey=MALICE_cf_c2pnb208w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -921,7 +912,6 @@ Derive=ALICE_cf_c2pnb208w1 PeerKey=MALICE_cf_c2pnb208w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2pnb272w1 curve tests @@ -987,7 +977,6 @@ Derive=BOB_cf_c2pnb272w1 PeerKey=MALICE_cf_c2pnb272w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -995,7 +984,6 @@ Derive=ALICE_cf_c2pnb272w1 PeerKey=MALICE_cf_c2pnb272w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2pnb304w1 curve tests @@ -1061,7 +1049,6 @@ Derive=BOB_cf_c2pnb304w1 PeerKey=MALICE_cf_c2pnb304w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1069,7 +1056,6 @@ Derive=ALICE_cf_c2pnb304w1 PeerKey=MALICE_cf_c2pnb304w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2pnb368w1 curve tests @@ -1138,7 +1124,6 @@ Derive=BOB_cf_c2pnb368w1 PeerKey=MALICE_cf_c2pnb368w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1146,7 +1131,6 @@ Derive=ALICE_cf_c2pnb368w1 PeerKey=MALICE_cf_c2pnb368w1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb191v1 curve tests @@ -1212,7 +1196,6 @@ Derive=BOB_cf_c2tnb191v1 PeerKey=MALICE_cf_c2tnb191v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1220,7 +1203,6 @@ Derive=ALICE_cf_c2tnb191v1 PeerKey=MALICE_cf_c2tnb191v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb191v2 curve tests @@ -1286,7 +1268,6 @@ Derive=BOB_cf_c2tnb191v2 PeerKey=MALICE_cf_c2tnb191v2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1294,7 +1275,6 @@ Derive=ALICE_cf_c2tnb191v2 PeerKey=MALICE_cf_c2tnb191v2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb191v3 curve tests @@ -1360,7 +1340,6 @@ Derive=BOB_cf_c2tnb191v3 PeerKey=MALICE_cf_c2tnb191v3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1368,7 +1347,6 @@ Derive=ALICE_cf_c2tnb191v3 PeerKey=MALICE_cf_c2tnb191v3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb239v1 curve tests @@ -1434,7 +1412,6 @@ Derive=BOB_cf_c2tnb239v1 PeerKey=MALICE_cf_c2tnb239v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1442,7 +1419,6 @@ Derive=ALICE_cf_c2tnb239v1 PeerKey=MALICE_cf_c2tnb239v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb239v2 curve tests @@ -1508,7 +1484,6 @@ Derive=BOB_cf_c2tnb239v2 PeerKey=MALICE_cf_c2tnb239v2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1516,7 +1491,6 @@ Derive=ALICE_cf_c2tnb239v2 PeerKey=MALICE_cf_c2tnb239v2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb239v3 curve tests @@ -1582,7 +1556,6 @@ Derive=BOB_cf_c2tnb239v3 PeerKey=MALICE_cf_c2tnb239v3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1590,7 +1563,6 @@ Derive=ALICE_cf_c2tnb239v3 PeerKey=MALICE_cf_c2tnb239v3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb359v1 curve tests @@ -1659,7 +1631,6 @@ Derive=BOB_cf_c2tnb359v1 PeerKey=MALICE_cf_c2tnb359v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1667,7 +1638,6 @@ Derive=ALICE_cf_c2tnb359v1 PeerKey=MALICE_cf_c2tnb359v1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=c2tnb431r1 curve tests @@ -1736,7 +1706,6 @@ Derive=BOB_cf_c2tnb431r1 PeerKey=MALICE_cf_c2tnb431r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -1744,7 +1713,6 @@ Derive=ALICE_cf_c2tnb431r1 PeerKey=MALICE_cf_c2tnb431r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=prime192v1 curve tests @@ -2121,7 +2089,6 @@ Derive=BOB_cf_secp112r2 PeerKey=MALICE_cf_secp112r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -2129,7 +2096,6 @@ Derive=ALICE_cf_secp112r2 PeerKey=MALICE_cf_secp112r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=secp128r1 curve tests @@ -2226,7 +2192,6 @@ Derive=BOB_cf_secp128r2 PeerKey=MALICE_cf_secp128r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -2234,7 +2199,6 @@ Derive=ALICE_cf_secp128r2 PeerKey=MALICE_cf_secp128r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=secp160k1 curve tests @@ -2651,7 +2615,6 @@ Derive=BOB_cf_sect113r1 PeerKey=MALICE_cf_sect113r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -2659,7 +2622,6 @@ Derive=ALICE_cf_sect113r1 PeerKey=MALICE_cf_sect113r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect113r2 curve tests @@ -2720,7 +2682,6 @@ Derive=BOB_cf_sect113r2 PeerKey=MALICE_cf_sect113r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -2728,7 +2689,6 @@ Derive=ALICE_cf_sect113r2 PeerKey=MALICE_cf_sect113r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect131r1 curve tests @@ -2792,7 +2752,6 @@ Derive=BOB_cf_sect131r1 PeerKey=MALICE_cf_sect131r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -2800,7 +2759,6 @@ Derive=ALICE_cf_sect131r1 PeerKey=MALICE_cf_sect131r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect131r2 curve tests @@ -2864,7 +2822,6 @@ Derive=BOB_cf_sect131r2 PeerKey=MALICE_cf_sect131r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -2872,7 +2829,6 @@ Derive=ALICE_cf_sect131r2 PeerKey=MALICE_cf_sect131r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect163k1 curve tests @@ -2936,7 +2892,6 @@ Derive=BOB_cf_sect163k1 PeerKey=MALICE_cf_sect163k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -2944,7 +2899,6 @@ Derive=ALICE_cf_sect163k1 PeerKey=MALICE_cf_sect163k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect163r1 curve tests @@ -3008,7 +2962,6 @@ Derive=BOB_cf_sect163r1 PeerKey=MALICE_cf_sect163r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3016,7 +2969,6 @@ Derive=ALICE_cf_sect163r1 PeerKey=MALICE_cf_sect163r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect163r2 curve tests @@ -3080,7 +3032,6 @@ Derive=BOB_cf_sect163r2 PeerKey=MALICE_cf_sect163r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3088,7 +3039,6 @@ Derive=ALICE_cf_sect163r2 PeerKey=MALICE_cf_sect163r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect193r1 curve tests @@ -3152,7 +3102,6 @@ Derive=BOB_cf_sect193r1 PeerKey=MALICE_cf_sect193r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3160,7 +3109,6 @@ Derive=ALICE_cf_sect193r1 PeerKey=MALICE_cf_sect193r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect193r2 curve tests @@ -3224,7 +3172,6 @@ Derive=BOB_cf_sect193r2 PeerKey=MALICE_cf_sect193r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3232,7 +3179,6 @@ Derive=ALICE_cf_sect193r2 PeerKey=MALICE_cf_sect193r2_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect233k1 curve tests @@ -3298,7 +3244,6 @@ Derive=BOB_cf_sect233k1 PeerKey=MALICE_cf_sect233k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3306,7 +3251,6 @@ Derive=ALICE_cf_sect233k1 PeerKey=MALICE_cf_sect233k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect233r1 curve tests @@ -3372,7 +3316,6 @@ Derive=BOB_cf_sect233r1 PeerKey=MALICE_cf_sect233r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3380,7 +3323,6 @@ Derive=ALICE_cf_sect233r1 PeerKey=MALICE_cf_sect233r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect239k1 curve tests @@ -3446,7 +3388,6 @@ Derive=BOB_cf_sect239k1 PeerKey=MALICE_cf_sect239k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3454,7 +3395,6 @@ Derive=ALICE_cf_sect239k1 PeerKey=MALICE_cf_sect239k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect283k1 curve tests @@ -3520,7 +3460,6 @@ Derive=BOB_cf_sect283k1 PeerKey=MALICE_cf_sect283k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3528,7 +3467,6 @@ Derive=ALICE_cf_sect283k1 PeerKey=MALICE_cf_sect283k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect283r1 curve tests @@ -3594,7 +3532,6 @@ Derive=BOB_cf_sect283r1 PeerKey=MALICE_cf_sect283r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3602,7 +3539,6 @@ Derive=ALICE_cf_sect283r1 PeerKey=MALICE_cf_sect283r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect409k1 curve tests @@ -3671,7 +3607,6 @@ Derive=BOB_cf_sect409k1 PeerKey=MALICE_cf_sect409k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3679,7 +3614,6 @@ Derive=ALICE_cf_sect409k1 PeerKey=MALICE_cf_sect409k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect409r1 curve tests @@ -3748,7 +3682,6 @@ Derive=BOB_cf_sect409r1 PeerKey=MALICE_cf_sect409r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3756,7 +3689,6 @@ Derive=ALICE_cf_sect409r1 PeerKey=MALICE_cf_sect409r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect571k1 curve tests @@ -3825,7 +3757,6 @@ Derive=BOB_cf_sect571k1 PeerKey=MALICE_cf_sect571k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3833,7 +3764,6 @@ Derive=ALICE_cf_sect571k1 PeerKey=MALICE_cf_sect571k1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=sect571r1 curve tests @@ -3902,7 +3832,6 @@ Derive=BOB_cf_sect571r1 PeerKey=MALICE_cf_sect571r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3910,7 +3839,6 @@ Derive=ALICE_cf_sect571r1 PeerKey=MALICE_cf_sect571r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=wap-wsg-idm-ecid-wtls10 curve tests @@ -3976,7 +3904,6 @@ Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -3984,7 +3911,6 @@ Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=wap-wsg-idm-ecid-wtls11 curve tests @@ -4050,7 +3976,6 @@ Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -4058,7 +3983,6 @@ Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=wap-wsg-idm-ecid-wtls12 curve tests @@ -4159,7 +4083,6 @@ Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -4167,7 +4090,6 @@ Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=wap-wsg-idm-ecid-wtls3 curve tests @@ -4231,7 +4153,6 @@ Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -4239,7 +4160,6 @@ Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=wap-wsg-idm-ecid-wtls4 curve tests @@ -4300,7 +4220,6 @@ Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -4308,7 +4227,6 @@ Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=wap-wsg-idm-ecid-wtls5 curve tests @@ -4372,7 +4290,6 @@ Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity # ECC CDH Alice with Malice peer @@ -4380,7 +4297,6 @@ Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR -Function=EC_POINT_get_affine_coordinates Reason=point at infinity Title=wap-wsg-idm-ecid-wtls6 curve tests diff --git a/test/sslapitest.c b/test/sslapitest.c index bc1f006..aa94524 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -3764,7 +3764,6 @@ static int test_tls13_key_exchange(int idx) int kexch_groups_size = 0; int max_version = TLS1_3_VERSION; int want_err = SSL_ERROR_NONE; - int expected_err_func = 0; int expected_err_reason = 0; switch (idx) { @@ -3824,16 +3823,16 @@ static int test_tls13_key_exchange(int idx) if (!TEST_true(create_ssl_connection(serverssl, clientssl, want_err))) { /* Fail only if no error is expected in handshake */ - if (expected_err_func == 0) + if (expected_err_reason == 0) goto end; } /* Fail if expected error is not happening for failure testcases */ - if (expected_err_func) { + if (expected_err_reason != 0) { unsigned long err_code = ERR_get_error(); + ERR_print_errors_fp(stdout); - if (TEST_int_eq(ERR_GET_FUNC(err_code), expected_err_func) - && TEST_int_eq(ERR_GET_REASON(err_code), expected_err_reason)) + if (TEST_int_eq(ERR_GET_REASON(err_code), expected_err_reason)) testresult = 1; goto end; } diff --git a/util/mkerr.pl b/util/mkerr.pl index 08593d0..aae49ac 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -122,20 +122,22 @@ if ( $internal ) { } # Data parsed out of the config and state files. +# We always map function-code values to zero, so items marked below with +# an asterisk could eventually be removed. TODO(4.0) my %hinc; # lib -> header my %libinc; # header -> lib my %cskip; # error_file -> lib my %errorfile; # lib -> error file name -my %fmax; # lib -> max assigned function code +my %fmax; # lib -> max assigned function code* my %rmax; # lib -> max assigned reason code -my %fassigned; # lib -> colon-separated list of assigned function codes +my %fassigned; # lib -> colon-separated list of assigned function codes* my %rassigned; # lib -> colon-separated list of assigned reason codes -my %fnew; # lib -> count of new function codes +my %fnew; # lib -> count of new function codes* my %rnew; # lib -> count of new reason codes my %rextra; # "extra" reason code -> lib my %rcodes; # reason-name -> value -my %ftrans; # old name -> #define-friendly name (all caps) -my %fcodes; # function-name -> value +my %ftrans; # old name -> #define-friendly name (all caps)* +my %fcodes; # function-name -> value* my $statefile; # state file with assigned reason and function codes my %strings; # define -> text @@ -454,9 +456,9 @@ foreach my $lib ( keys %errorfile ) { #ifndef HEADER_${lib}ERR_H # define HEADER_${lib}ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include +# include + EOF if ( $internal ) { @@ -480,7 +482,7 @@ int ERR_load_${lib}_strings(void); EOF } else { print OUT <<"EOF"; -# define ${lib}err(f, r) ERR_${lib}_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) +# define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) EOF if ( ! $static ) { @@ -500,6 +502,7 @@ EOF } print OUT "\n/*\n * $lib function codes.\n */\n"; + print OUT "# if !OPENSSL_API_3\n"; foreach my $i ( @function ) { my $z = 48 - length($i); $z = 0 if $z < 0; @@ -514,8 +517,9 @@ EOF $fassigned{$lib} .= "$findcode:"; print STDERR "New Function code $i\n" if $debug; } - printf OUT "#${indent}define $i%s $fcodes{$i}\n", " " x $z; + printf OUT "#${indent} define $i%s 0\n", " " x $z; } + print OUT "# endif\n"; print OUT "\n/*\n * $lib reason codes.\n */\n"; foreach my $i ( @reasons ) { @@ -575,32 +579,6 @@ EOF #ifndef OPENSSL_NO_ERR -static ${const}ERR_STRING_DATA ${lib}_str_functs[] = { -EOF - - # Add each function code: if a function name is found then use it. - foreach my $i ( @function ) { - my $fn; - if ( exists $strings{$i} and $strings{$i} ne '' ) { - $fn = $strings{$i}; - $fn = "" if $fn eq '*'; - } else { - $i =~ /^${lib}_F_(\S+)$/; - $fn = $1; - $fn = $ftrans{$fn} if exists $ftrans{$fn}; - $strings{$i} = $fn; - } - my $short = " {ERR_PACK($pack_lib, $i, 0), \"$fn\"},"; - if ( length($short) <= 80 ) { - print OUT "$short\n"; - } else { - print OUT " {ERR_PACK($pack_lib, $i, 0),\n \"$fn\"},\n"; - } - } - print OUT <<"EOF"; - {0, NULL} -}; - static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = { EOF @@ -635,10 +613,8 @@ EOF int ERR_load_${lib}_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) { - ERR_load_strings_const(${lib}_str_functs); + if (ERR_func_error_string(${lib}_str_reasons[0].error) == NULL) ERR_load_strings_const(${lib}_str_reasons); - } #endif return 1; } @@ -657,7 +633,6 @@ ${st}int ERR_load_${lib}_strings(void) if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(lib_code, ${lib}_str_functs); ERR_load_strings(lib_code, ${lib}_str_reasons); #endif error_loaded = 1; @@ -669,7 +644,6 @@ ${st}void ERR_unload_${lib}_strings(void) { if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(lib_code, ${lib}_str_functs); ERR_unload_strings(lib_code, ${lib}_str_reasons); #endif error_loaded = 0; From pauli at openssl.org Tue Jul 16 03:28:00 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 16 Jul 2019 03:28:00 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563247680.851384.7619.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via cf8b3732484a7a087c1e004551e3f8c51203c69d (commit) from b4f55c6f6c4d8d2a85ca697d92dfb682f3ebc987 (commit) - Log ----------------------------------------------------------------- commit cf8b3732484a7a087c1e004551e3f8c51203c69d Author: Pauli Date: Tue Jul 16 12:28:08 2019 +1000 Remove DRBG from SSL structure. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9390) (cherry picked from commit 3d9b33b5e48d82d098a1f8c37dbf616a0d84621c) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1c42ba6..25875c9 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1462,7 +1462,6 @@ struct ssl_st { size_t block_padding; CRYPTO_RWLOCK *lock; - RAND_DRBG *drbg; /* The number of TLS1.3 tickets to automatically send */ size_t num_tickets; From no-reply at appveyor.com Tue Jul 16 03:45:59 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Jul 2019 03:45:59 +0000 Subject: Build failed: openssl master.25936 Message-ID: <20190716034559.1.1062157F68945ED8@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 16 03:47:33 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 03:47:33 +0000 Subject: Still Failing: openssl/openssl#26514 (master - 3d9b33b) In-Reply-To: Message-ID: <5d2d48d527218_43f830e62818c609e7@9a4acf67-f2b5-42f8-9959-d8cebde8f09a.mail> Build Update for openssl/openssl ------------------------------------- Build: #26514 Status: Still Failing Duration: 22 mins and 49 secs Commit: 3d9b33b (master) Author: Pauli Message: Remove DRBG from SSL structure. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9390) View the changeset: https://github.com/openssl/openssl/compare/459b15d45119...3d9b33b5e48d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559237481?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 16 04:05:11 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 04:05:11 +0000 Subject: Still Failing: openssl/openssl#26515 (master - cbfa5b0) In-Reply-To: Message-ID: <5d2d4cf78fddc_43f96f4a37ad0127933@80c68b71-7a80-4542-9812-d16fcb63b218.mail> Build Update for openssl/openssl ------------------------------------- Build: #26515 Status: Still Failing Duration: 29 mins and 25 secs Commit: cbfa5b0 (master) Author: Rich Salz Message: Regenerate mkerr files Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9058) View the changeset: https://github.com/openssl/openssl/compare/3d9b33b5e48d...cbfa5b03989e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559238666?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 16 06:06:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Jul 2019 06:06:48 +0000 Subject: Build failed: openssl master.25942 Message-ID: <20190716060648.1.9BE1C2C6BE9BE013@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 16 06:23:45 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jul 2019 06:23:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1563258225.432059.3966.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 35e264c032 Coverity #1451596: check dirlen for being negative b481fbe68b Coverity #1451595: use correct free function. d5fdb6a695 util/opensslwrap.sh: adjust to define OPENSSL_MODULES as well 4674aaf4f2 In documentation, consistently refer to OpenSSL 3.0 2934be9134 Make sure all BIGNUM operations work within the FIPS provider 753149d97f Move the code for 'openssl list' to its own translation unit. 4b62b8ed49 Refactor apps/progs.* to be generate with 'make update' a161738a70 Fix wrong lock claimed in x509 dir lookup. 5fe6e2311d issue-9316: Update return documentation for RAND_set_rand_engine Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:294: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:305: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:311: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:314: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:317: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:402: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:422: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:435: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:468: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:469: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_memdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strndup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OPENSSL_hexstr2buf': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:162: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:165: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:168: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:259: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7119: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Tue Jul 16 06:31:35 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Jul 2019 06:31:35 +0000 Subject: Build failed: openssl master.25943 Message-ID: <20190716063135.1.566FC51F6BF21B98@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 16 06:56:56 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Jul 2019 06:56:56 +0000 Subject: Build completed: openssl master.25944 Message-ID: <20190716065656.1.F8883D12F2E28899@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Jul 16 09:59:17 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 16 Jul 2019 09:59:17 +0000 Subject: [openssl] master update Message-ID: <1563271157.942550.30890.nullmailer@dev.openssl.org> The branch master has been updated via 12df11bdf11fb6a3410483b0097f032e329b4623 (commit) via 35aca9eccbaf0abbd0d7f350e199a7c97274845a (commit) via 94b40fb77c4e345526c2aff1d8f8b9186fb4a179 (commit) via 89e291742f8db5920cc7938407d07c8f77c18293 (commit) via ff64702b3d83d4c77756e0fd7b624e2165dbbdf0 (commit) from cbfa5b03989ee6b8f5c13c4284d5bae02c562f20 (commit) - Log ----------------------------------------------------------------- commit 12df11bdf11fb6a3410483b0097f032e329b4623 Author: Matt Caswell Date: Fri Jun 28 09:50:56 2019 +0100 Document the new EVP_KEYEXCH type and related functions Previous commits added the EVP_KEYEXCH type for representing key exchange algorithms. They also added various functions for fetching and using them, so we document all of those functions. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9266) commit 35aca9eccbaf0abbd0d7f350e199a7c97274845a Author: Matt Caswell Date: Thu Jun 27 16:37:44 2019 +0100 Add the ability to set PKCS#3 DH padding in providers This also adds the ability to set arbitrary parameters on key exchange algorithms. The ability to pad the output is one such parameter for DH. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9266) commit 94b40fb77c4e345526c2aff1d8f8b9186fb4a179 Author: Matt Caswell Date: Thu Jun 27 15:03:55 2019 +0100 Enable PKCS#3 DH in the providers The default provider now has support for PKCS#3 Diffie-Hellman so we switch libcrypto to using providers for that algorithm. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9266) commit 89e291742f8db5920cc7938407d07c8f77c18293 Author: Matt Caswell Date: Thu Jun 27 12:36:30 2019 +0100 Implement PKCS#3 DH Key Exchange in the default provider We add the capability for the default provider to perform PKCS#3 Diffie-Hellman key exchange. At this point the implementation is not used because libcrypto still uses legacy handling for Diffie-Hellman. Note X9.42 DH is not touched by this commit. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9266) commit ff64702b3d83d4c77756e0fd7b624e2165dbbdf0 Author: Matt Caswell Date: Thu Jun 27 10:48:17 2019 +0100 Make the EVP Key Exchange code provider aware We introduce a new EVP_KEYEXCH type to represent key exchange algorithms and refactor the existing code to use it where available. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9266) ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 + crypto/err/openssl.txt | 2 + crypto/evp/build.info | 2 +- crypto/evp/evp_lib.c | 131 ++++++++ crypto/evp/evp_locl.h | 37 +++ crypto/evp/exchange.c | 358 ++++++++++++++++++++++ crypto/evp/pmeth_fn.c | 116 +------ crypto/evp/pmeth_lib.c | 111 ++++++- crypto/include/internal/evp_int.h | 5 + crypto/params.c | 8 - doc/man3/EVP_KEYEXCH_free.pod | 46 +++ doc/man3/EVP_MD_fetch.pod | 14 +- doc/man3/EVP_PKEY_CTX_ctrl.pod | 30 +- doc/man3/EVP_PKEY_derive.pod | 36 ++- include/openssl/core_names.h | 13 + include/openssl/core_numbers.h | 24 ++ include/openssl/dh.h | 4 +- include/openssl/evp.h | 8 + include/openssl/ossl_typ.h | 2 + providers/common/build.info | 2 +- providers/common/exchange/build.info | 5 + providers/common/exchange/dh.c | 194 ++++++++++++ providers/common/include/internal/provider_algs.h | 3 + providers/default/defltprov.c | 7 + util/libcrypto.num | 6 + 25 files changed, 1021 insertions(+), 154 deletions(-) create mode 100644 crypto/evp/exchange.c create mode 100644 doc/man3/EVP_KEYEXCH_free.pod create mode 100644 providers/common/exchange/build.info create mode 100644 providers/common/exchange/dh.c diff --git a/CHANGES b/CHANGES index d826308..f6062af 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,17 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) A new type, EVP_KEYEXCH, has been introduced to represent key exchange + algorithms. An implementation of a key exchange algorithm can be obtained + by using the function EVP_KEYEXCH_fetch(). An EVP_KEYEXCH algorithm can be + used in a call to EVP_PKEY_derive_init_ex() which works in a similar way to + the older EVP_PKEY_derive_init() function. See the man pages for the new + functions for further details. + [Matt Caswell] + + *) The EVP_PKEY_CTX_set_dh_pad() macro has now been converted to a function. + [Matt Caswell] + *) Removed the function names from error messages and deprecated the xxx_F_xxx define's. [Rich Salz] diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a8f28dc..4608938 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -807,6 +807,7 @@ EVP_F_EVP_DIGESTUPDATE:231:EVP_DigestUpdate EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate +EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new @@ -838,6 +839,7 @@ EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init +EVP_F_EVP_PKEY_DERIVE_INIT_EX:243:EVP_PKEY_derive_init_ex EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init diff --git a/crypto/evp/build.info b/crypto/evp/build.info index fa49f2e..5030f3f 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -15,7 +15,7 @@ SOURCE[../../libcrypto]=$COMMON\ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c \ - mac_lib.c c_allm.c pkey_mac.c + mac_lib.c c_allm.c pkey_mac.c exchange.c SOURCE[../../providers/fips]=$COMMON INCLUDE[e_aes.o]=.. ../modes diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 615206b..3e64a1f 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -13,6 +13,7 @@ #include #include #include +#include #include "internal/evp_int.h" #include "internal/provider.h" #include "evp_locl.h" @@ -726,3 +727,133 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), OPENSSL_free(bin); return rv; } + +#ifndef FIPS_MODE +/* + * TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added + * in later. + */ + +#define MAX_PARAMS 10 +typedef struct { + /* Number of the current param */ + size_t curr; + struct { + /* Key for the current param */ + const char *key; + /* Value for the current param */ + const BIGNUM *bnparam; + /* Size of the buffer required for the BN */ + size_t bufsz; + } params[MAX_PARAMS]; + /* Running count of the total size required */ + size_t totsz; + int ispublic; +} PARAMS_TEMPLATE; + +static int push_param_bn(PARAMS_TEMPLATE *tmpl, const char *key, + const BIGNUM *bn) +{ + int sz; + + sz = BN_num_bytes(bn); + if (sz <= 0) + return 0; + tmpl->params[tmpl->curr].key = key; + tmpl->params[tmpl->curr].bnparam = bn; + tmpl->params[tmpl->curr++].bufsz = (size_t)sz; + tmpl->totsz += sizeof(OSSL_PARAM) + (size_t)sz; + + return 1; +} + +static OSSL_PARAM *param_template_to_param(PARAMS_TEMPLATE *tmpl, size_t *sz) +{ + size_t i; + void *buf; + OSSL_PARAM *param = NULL; + unsigned char *currbuf = NULL; + + if (tmpl->totsz == 0) + return NULL; + + /* Add some space for the end of OSSL_PARAM marker */ + tmpl->totsz += sizeof(*param); + + if (tmpl->ispublic) + buf = OPENSSL_zalloc(tmpl->totsz); + else + buf = OPENSSL_secure_zalloc(tmpl->totsz); + if (buf == NULL) + return NULL; + param = buf; + + currbuf = (unsigned char *)buf + (sizeof(*param) * (tmpl->curr + 1)); + + for (i = 0; i < tmpl->curr; i++) { + if (!ossl_assert((currbuf - (unsigned char *)buf ) + + tmpl->params[i].bufsz <= tmpl->totsz)) + goto err; + if (BN_bn2nativepad(tmpl->params[i].bnparam, currbuf, + tmpl->params[i].bufsz) < 0) + goto err; + param[i] = OSSL_PARAM_construct_BN(tmpl->params[i].key, currbuf, + tmpl->params[i].bufsz); + currbuf += tmpl->params[i].bufsz; + } + param[i] = OSSL_PARAM_construct_end(); + + if (sz != NULL) + *sz = tmpl->totsz; + return param; + + err: + if (tmpl->ispublic) + OPENSSL_free(param); + else + OPENSSL_clear_free(param, tmpl->totsz); + return NULL; +} + +static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz) +{ + DH *dh = pkey->pkey.dh; + PARAMS_TEMPLATE tmpl = {0}; + const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); + const BIGNUM *pub_key = DH_get0_pub_key(dh); + const BIGNUM *priv_key = DH_get0_priv_key(dh); + + if (p == NULL || g == NULL || pub_key == NULL) + return NULL; + + if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_P, p) + || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_G, g) + || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) + return NULL; + + if (q != NULL) { + if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_Q, q)) + return NULL; + } + + if (priv_key != NULL) { + if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key)) + return NULL; + } else { + tmpl.ispublic = 1; + } + + return param_template_to_param(&tmpl, sz); +} + +OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz) +{ + switch (pkey->type) { + case EVP_PKEY_DH: + return evp_pkey_dh_to_param(pkey, sz); + default: + return NULL; + } +} + +#endif /* FIPS_MODE */ diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index b62f1e3..8aeb5d4 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -9,6 +9,8 @@ /* EVP_MD_CTX related stuff */ +#include + struct evp_md_ctx_st { const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; @@ -60,6 +62,21 @@ struct evp_kdf_ctx_st { EVP_KDF_IMPL *impl; /* Algorithm-specific data */ } /* EVP_KDF_CTX */ ; +struct evp_keyexch_st { + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + + OSSL_OP_keyexch_newctx_fn *newctx; + OSSL_OP_keyexch_init_fn *init; + OSSL_OP_keyexch_set_peer_fn *set_peer; + OSSL_OP_keyexch_derive_fn *derive; + OSSL_OP_keyexch_freectx_fn *freectx; + OSSL_OP_keyexch_dupctx_fn *dupctx; + OSSL_OP_keyexch_set_params_fn *set_params; +} /* EVP_KEYEXCH */; + + int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, @@ -114,3 +131,23 @@ int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]); int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, OSSL_PARAM params[]); + +OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz); + +#define M_check_autoarg(ctx, arg, arglen, err) \ + if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ + size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ + \ + if (pksize == 0) { \ + EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ + return 0; \ + } \ + if (arg == NULL) { \ + *arglen = pksize; \ + return 1; \ + } \ + if (*arglen < pksize) { \ + EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \ + return 0; \ + } \ + } diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c new file mode 100644 index 0000000..208bb98 --- /dev/null +++ b/crypto/evp/exchange.c @@ -0,0 +1,358 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "internal/refcount.h" +#include "internal/evp_int.h" +#include "internal/provider.h" +#include "evp_locl.h" + +static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov) +{ + EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH)); + + exchange->lock = CRYPTO_THREAD_lock_new(); + if (exchange->lock == NULL) { + OPENSSL_free(exchange); + return NULL; + } + exchange->prov = prov; + ossl_provider_up_ref(prov); + exchange->refcnt = 1; + + return exchange; +} + +static void *evp_keyexch_from_dispatch(const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov) +{ + EVP_KEYEXCH *exchange = NULL; + int fncnt = 0; + + if ((exchange = evp_keyexch_new(prov)) == NULL) + return NULL; + + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_KEYEXCH_NEWCTX: + if (exchange->newctx != NULL) + break; + exchange->newctx = OSSL_get_OP_keyexch_newctx(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_INIT: + if (exchange->init != NULL) + break; + exchange->init = OSSL_get_OP_keyexch_init(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_SET_PEER: + if (exchange->set_peer != NULL) + break; + exchange->set_peer = OSSL_get_OP_keyexch_set_peer(fns); + break; + case OSSL_FUNC_KEYEXCH_DERIVE: + if (exchange->derive != NULL) + break; + exchange->derive = OSSL_get_OP_keyexch_derive(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_FREECTX: + if (exchange->freectx != NULL) + break; + exchange->freectx = OSSL_get_OP_keyexch_freectx(fns); + fncnt++; + break; + case OSSL_FUNC_KEYEXCH_DUPCTX: + if (exchange->dupctx != NULL) + break; + exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns); + break; + case OSSL_FUNC_KEYEXCH_SET_PARAMS: + if (exchange->set_params != NULL) + break; + exchange->set_params = OSSL_get_OP_keyexch_set_params(fns); + break; + } + } + if (fncnt != 4) { + /* + * In order to be a consistent set of functions we must have at least + * a complete set of "exchange" functions: init, derive, newctx, + * and freectx. The dupctx, set_peer and set_params functions are + * optional. + */ + EVP_KEYEXCH_free(exchange); + EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH, + EVP_R_INVALID_PROVIDER_FUNCTIONS); + return NULL; + } + + return exchange; +} + +void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange) +{ + if (exchange != NULL) { + int i; + + CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock); + if (i > 0) + return; + ossl_provider_free(exchange->prov); + CRYPTO_THREAD_lock_free(exchange->lock); + OPENSSL_free(exchange); + } +} + +int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange) +{ + int ref = 0; + + CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock); + return 1; +} + +EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties) +{ + return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, + evp_keyexch_from_dispatch, + (int (*)(void *))EVP_KEYEXCH_up_ref, + (void (*)(void *))EVP_KEYEXCH_free); +} + +int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange) +{ + int ret; + OSSL_PARAM *param = NULL; + size_t paramsz = 0; + + ctx->operation = EVP_PKEY_OP_DERIVE; + + if (ctx->engine != NULL) + goto legacy; + + if (exchange != NULL) { + if (!EVP_KEYEXCH_up_ref(exchange)) + goto err; + } else { + int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id; + + /* + * TODO(3.0): Check for legacy handling. Remove this once all all + * algorithms are moved to providers. + */ + if (ctx->pkey != NULL) { + switch (ctx->pkey->type) { + case EVP_PKEY_DH: + break; + default: + goto legacy; + } + exchange = EVP_KEYEXCH_fetch(NULL, OBJ_nid2sn(nid), NULL); + } else { + goto legacy; + } + + if (exchange == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); + goto err; + } + } + + if (ctx->exchprovctx != NULL && ctx->exchange != NULL) + ctx->exchange->freectx(ctx->exchprovctx); + EVP_KEYEXCH_free(ctx->exchange); + ctx->exchange = exchange; + if (ctx->pkey != NULL) { + param = evp_pkey_to_param(ctx->pkey, ¶msz); + if (param == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); + goto err; + } + } + ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); + if (ctx->exchprovctx == NULL) { + OPENSSL_secure_clear_free(param, paramsz); + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); + goto err; + } + ret = exchange->init(ctx->exchprovctx, param); + /* + * TODO(3.0): Really we should detect whether to call OPENSSL_free or + * OPENSSL_secure_clear_free based on the presence of a private key or not. + * Since we always expect a private key to be present we just call + * OPENSSL_secure_clear_free for now. + */ + OPENSSL_secure_clear_free(param, paramsz); + + return ret ? 1 : 0; + err: + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return 0; + + legacy: + if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->pmeth->derive_init == NULL) + return 1; + ret = ctx->pmeth->derive_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) +{ + return EVP_PKEY_derive_init_ex(ctx, NULL); +} + +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) +{ + int ret; + OSSL_PARAM *param = NULL; + + if (ctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->exchprovctx == NULL) + goto legacy; + + if (ctx->operation != EVP_PKEY_OP_DERIVE) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (ctx->exchange->set_peer == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + param = evp_pkey_to_param(peer, NULL); + if (param == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR); + return 0; + } + ret = ctx->exchange->set_peer(ctx->exchprovctx, param); + /* + * TODO(3.0): Really we should detect whether to call OPENSSL_free or + * OPENSSL_secure_clear_free based on the presence of a private key or not. + * Since we always expect a public key to be present we just call + * OPENSSL_free for now. + */ + OPENSSL_free(param); + + return ret; + + legacy: + if (ctx->pmeth == NULL + || !(ctx->pmeth->derive != NULL + || ctx->pmeth->encrypt != NULL + || ctx->pmeth->decrypt != NULL) + || ctx->pmeth->ctrl == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE + && ctx->operation != EVP_PKEY_OP_ENCRYPT + && ctx->operation != EVP_PKEY_OP_DECRYPT) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); + + if (ret <= 0) + return ret; + + if (ret == 2) + return 1; + + if (ctx->pkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); + return -1; + } + + if (ctx->pkey->type != peer->type) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES); + return -1; + } + + /* + * For clarity. The error is if parameters in peer are + * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 + * (different key types) is impossible here because it is checked earlier. + * -2 is OK for us here, as well as 1, so we can check for 0 only. + */ + if (!EVP_PKEY_missing_parameters(peer) && + !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); + return -1; + } + + EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); + + if (ret <= 0) { + ctx->peerkey = NULL; + return ret; + } + + EVP_PKEY_up_ref(peer); + return 1; +} + +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) +{ + int ret; + + if (ctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->operation != EVP_PKEY_OP_DERIVE) { + EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (ctx->exchprovctx == NULL) + goto legacy; + + ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX); + + return ret; + legacy: + if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { + EVPerr(EVP_F_EVP_PKEY_DERIVE, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) + return ctx->pmeth->derive(ctx, key, pkeylen); +} diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index 187f7a6..51df2be 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -9,28 +9,11 @@ #include #include -#include "internal/cryptlib.h" #include #include +#include "internal/cryptlib.h" #include "internal/evp_int.h" - -#define M_check_autoarg(ctx, arg, arglen, err) \ - if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ - size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ - \ - if (pksize == 0) { \ - EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ - return 0; \ - } \ - if (!arg) { \ - *arglen = pksize; \ - return 1; \ - } \ - if (*arglen < pksize) { \ - EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \ - return 0; \ - } \ - } +#include "evp_locl.h" int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { @@ -200,98 +183,3 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); } - -int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) -{ - int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_DERIVE; - if (!ctx->pmeth->derive_init) - return 1; - ret = ctx->pmeth->derive_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; -} - -int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) -{ - int ret; - if (!ctx || !ctx->pmeth - || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt) - || !ctx->pmeth->ctrl) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DERIVE - && ctx->operation != EVP_PKEY_OP_ENCRYPT - && ctx->operation != EVP_PKEY_OP_DECRYPT) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); - - if (ret <= 0) - return ret; - - if (ret == 2) - return 1; - - if (!ctx->pkey) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); - return -1; - } - - if (ctx->pkey->type != peer->type) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES); - return -1; - } - - /* - * For clarity. The error is if parameters in peer are - * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return - * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 - * (different key types) is impossible here because it is checked earlier. - * -2 is OK for us here, as well as 1, so we can check for 0 only. - */ - if (!EVP_PKEY_missing_parameters(peer) && - !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); - return -1; - } - - EVP_PKEY_free(ctx->peerkey); - ctx->peerkey = peer; - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); - - if (ret <= 0) { - ctx->peerkey = NULL; - return ret; - } - - EVP_PKEY_up_ref(peer); - return 1; -} - -int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) -{ - if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - EVPerr(EVP_F_EVP_PKEY_DERIVE, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DERIVE) { - EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) - return ctx->pmeth->derive(ctx, key, pkeylen); -} diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 28fa047..d444e71 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -9,13 +9,16 @@ #include #include -#include "internal/cryptlib.h" #include #include #include +#include +#include +#include "internal/cryptlib.h" #include "internal/asn1_int.h" #include "internal/evp_int.h" #include "internal/numbers.h" +#include "evp_locl.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -253,7 +256,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) { EVP_PKEY_CTX *rctx; - if (!pctx->pmeth || !pctx->pmeth->copy) + + if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL)) + && pctx->exchprovctx == NULL) return NULL; #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a pkey context using an ENGINE */ @@ -262,31 +267,43 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) return 0; } #endif - rctx = OPENSSL_malloc(sizeof(*rctx)); + rctx = OPENSSL_zalloc(sizeof(*rctx)); if (rctx == NULL) { EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE); return NULL; } + if (pctx->pkey != NULL) + EVP_PKEY_up_ref(pctx->pkey); + rctx->pkey = pctx->pkey; + rctx->operation = pctx->operation; + + if (pctx->exchprovctx != NULL) { + if (!ossl_assert(pctx->exchange != NULL)) + return NULL; + rctx->exchange = pctx->exchange; + if (!EVP_KEYEXCH_up_ref(rctx->exchange)) { + OPENSSL_free(rctx); + return NULL; + } + rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx); + if (rctx->exchprovctx == NULL) { + EVP_KEYEXCH_free(rctx->exchange); + OPENSSL_free(rctx); + return NULL; + } + return rctx; + } + rctx->pmeth = pctx->pmeth; #ifndef OPENSSL_NO_ENGINE rctx->engine = pctx->engine; #endif - if (pctx->pkey) - EVP_PKEY_up_ref(pctx->pkey); - - rctx->pkey = pctx->pkey; - if (pctx->peerkey) EVP_PKEY_up_ref(pctx->peerkey); - rctx->peerkey = pctx->peerkey; - rctx->data = NULL; - rctx->app_data = NULL; - rctx->operation = pctx->operation; - if (pctx->pmeth->copy(rctx, pctx) > 0) return rctx; @@ -355,6 +372,12 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) return; if (ctx->pmeth && ctx->pmeth->cleanup) ctx->pmeth->cleanup(ctx); + + if (ctx->exchprovctx != NULL && ctx->exchange != NULL) + ctx->exchange->freectx(ctx->exchprovctx); + + EVP_KEYEXCH_free(ctx->exchange); + EVP_PKEY_free(ctx->pkey); EVP_PKEY_free(ctx->peerkey); #ifndef OPENSSL_NO_ENGINE @@ -363,12 +386,52 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) OPENSSL_free(ctx); } +int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) +{ + if (ctx->exchprovctx != NULL && ctx->exchange != NULL) + return ctx->exchange->set_params(ctx->exchprovctx, params); + return 0; +} + +int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) +{ + OSSL_PARAM dh_pad_params[2]; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_DH_PAD, pad, NULL); + + dh_pad_params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_PAD, &pad); + dh_pad_params[1] = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, dh_pad_params); +} + +static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2) +{ + switch (cmd) { + case EVP_PKEY_CTRL_DH_PAD: + return EVP_PKEY_CTX_set_dh_pad(ctx, p1); + } + return 0; +} + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { + if (ctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + + if (ctx->exchprovctx != NULL) + return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2); + + if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) { EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); return -2; } @@ -404,9 +467,29 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); } +static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, + const char *value) +{ + if (strcmp(name, "dh_pad") == 0) { + int pad; + + pad = atoi(value); + return EVP_PKEY_CTX_set_dh_pad(ctx, pad); + } + return 0; +} + int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value) { + if (ctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + + if (ctx->exchprovctx != NULL) + return legacy_ctrl_str_to_param(ctx, name, value); + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); return -2; diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index da4ae0f..71833fa 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -18,6 +18,11 @@ #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 struct evp_pkey_ctx_st { + EVP_KEYEXCH *exchange; + void *exchprovctx; + + /* Legacy fields below */ + /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; /* Engine that implements this method or NULL if builtin */ diff --git a/crypto/params.c b/crypto/params.c index 0c9e6f3..87a6682 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -582,13 +582,6 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf) sizeof(size_t)); } -#ifndef FIPS_MODE -/* - * TODO(3.0): Make this available in FIPS mode. - * - * Temporarily we don't include these functions in FIPS mode to avoid pulling - * in the entire BN sub-library into the module at this point. - */ int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val) { BIGNUM *b; @@ -632,7 +625,6 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, bsize); } -#endif int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val) { diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod new file mode 100644 index 0000000..d10d768 --- /dev/null +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -0,0 +1,46 @@ +=pod + +=head1 NAME + +EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref +- Functions to manage EVP_KEYEXCH algorithm objects + +=head1 SYNOPSIS + + #include + + void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); + int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); + +=head1 DESCRIPTION + +EVP_KEYEXCH_free() decrements the reference count for the B +structure. Typically this structure will have been obtained from an earlier call +to L. If the reference count drops to 0 then the +structure is freed. + +EVP_KEYEXCH_up_ref() increments the reference count for an B +structure. + +=head1 RETURN VALUES + +EVP_KEYEXCH_up_ref() returns 1 for success or 0 otherwise. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_MD_fetch.pod b/doc/man3/EVP_MD_fetch.pod index 1e43b4f..11390d0 100644 --- a/doc/man3/EVP_MD_fetch.pod +++ b/doc/man3/EVP_MD_fetch.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_MD_fetch, EVP_CIPHER_fetch +EVP_MD_fetch, EVP_CIPHER_fetch, EVP_KEYEXCH_fetch - Functions to explicitly fetch algorithm implementations =head1 SYNOPSIS @@ -13,6 +13,8 @@ EVP_MD_fetch, EVP_CIPHER_fetch const char *properties); EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); + EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); =head1 DESCRIPTION @@ -38,6 +40,10 @@ Represents a Message Authentication Code algorithm. Represents a Key Derivation Function algorithm. +=item B + +Represents a Key Exchange algorithm. + =back The algorithm objects may or may not have an associated algorithm @@ -62,6 +68,12 @@ Typically, this will return an implementation of the appropriate algorithm from the default provider unless the default search criteria have been changed and/or different providers have been loaded. +Implicit fetching can also occur with functions such as +L where a NULL algorithm parameter is supplied. +In this case an algorithm implementation is implicitly fetched using default +search criteria and an algorithm name that is consistent with the type of +EVP_PKEY being used. + =item Explicit Fetch With explicit fetch an application uses one of the "fetch" functions to obtain diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 1bab6d1..369fc0f 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -2,6 +2,7 @@ =head1 NAME +EVP_PKEY_CTX_set_params, EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, @@ -62,6 +63,8 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len #include + int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, @@ -141,6 +144,25 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len =head1 DESCRIPTION +The EVP_PKEY_CTX_set_params() function sends arbitrary parameters to the +algorithm implementation. +Not all parameters may be supported by all providers. +See L for more information on providers. +See L for more information on parameters. +The parameters currently supported by the default provider are: + +=over 4 + +=item OSSL_EXCHANGE_PARAM_PAD (int type) + +Sets the DH padding mode. +If B is 1 then the shared secret is padded with zeroes +up to the size of the DH prime B

. +If B is zero (the default) then no padding is +performed. + +=back + The function EVP_PKEY_CTX_ctrl() sends a control operation to the context B. The key type used must match B if it is not -1. The parameter B is a mask indicating which operations the control can be applied to. @@ -290,8 +312,9 @@ The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0. -The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B is -1 the shared secret is padded with zeroes up to the size of the DH prime B

. +The EVP_PKEY_CTX_set_dh_pad() function sets the DH padding mode. +If B is 1 the shared secret is padded with zeroes up to the size of the DH +prime B

. If B is zero (the default) then no padding is performed. EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to @@ -458,6 +481,9 @@ The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. +EVP_PKEY_CTX_set_dh_pad() was a macro in OpenSSL 1.1.1 and below. +From OpenSSL 3.0 it is a function. + =head1 COPYRIGHT Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index a6747f4..8d54326 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -2,20 +2,33 @@ =head1 NAME -EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret +EVP_PKEY_derive_init, EVP_PKEY_derive_init_ex, EVP_PKEY_derive_set_peer, +EVP_PKEY_derive - derive public key algorithm shared secret =head1 SYNOPSIS #include + int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange); int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); =head1 DESCRIPTION -The EVP_PKEY_derive_init() function initializes a public key algorithm -context using key B for shared secret derivation. +The EVP_PKEY_derive_init_ex() function initializes a public key algorithm +context for shared secret derivation using the key exchange algorithm +B. +The key exchange algorithm B should be fetched using a call to +L. +The EVP_PKEY object associated with B must be compatible with that +algorithm. +B may be NULL in which case the EVP_KEYEXCH algorithm is fetched +implicitly based on the type of EVP_PKEY associated with B. +See L for more information about implict fetches. + +The EVP_PKEY_derive_init() function is the same as EVP_PKEY_derive() except that +the EVP_KEYEXCH algorithm is always implicitly fetched. The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally be a public key. @@ -29,18 +42,19 @@ written to B. =head1 NOTES -After the call to EVP_PKEY_derive_init() algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. +After the call to EVP_PKEY_derive_init() or EVP_PKEY_derive_init_ex() algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. The function EVP_PKEY_derive() can be called more than once on the same context if several operations are performed using the same parameters. =head1 RETURN VALUES -EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. +EVP_PKEY_derive_init_ex(), EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 +for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. =head1 EXAMPLE @@ -86,10 +100,12 @@ L, L, L, L, +L =head1 HISTORY -These functions were added in OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. The EVP_PKEY_derive_init_ex() +function was added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 4addcea..d1ba624 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -56,6 +56,19 @@ extern "C" { #define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" #define OSSL_DIGEST_PARAM_MICALG "micalg" +/* PKEY parameters */ +/* Diffie-Hellman Parameters */ +#define OSSL_PKEY_PARAM_DH_P "dh-p" +#define OSSL_PKEY_PARAM_DH_G "dh-g" +#define OSSL_PKEY_PARAM_DH_Q "dh-q" +/* Diffie-Hellman Keys */ +#define OSSL_PKEY_PARAM_DH_PUB_KEY "dh-pub" +#define OSSL_PKEY_PARAM_DH_PRIV_KEY "dh-priv" + +/* Key Exchange parameters */ + +#define OSSL_EXCHANGE_PARAM_PAD "exchange-pad" + # ifdef __cplusplus } # endif diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 37a3170..c589243 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -229,6 +229,30 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx, const OSSL_PARAM params[])) +/* Key Exchange */ + +# define OSSL_OP_KEYEXCH 3 + +# define OSSL_FUNC_KEYEXCH_NEWCTX 1 +# define OSSL_FUNC_KEYEXCH_INIT 2 +# define OSSL_FUNC_KEYEXCH_DERIVE 3 +# define OSSL_FUNC_KEYEXCH_SET_PEER 4 +# define OSSL_FUNC_KEYEXCH_FREECTX 5 +# define OSSL_FUNC_KEYEXCH_DUPCTX 6 +# define OSSL_FUNC_KEYEXCH_SET_PARAMS 7 + +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx, unsigned char *key, + size_t *keylen, size_t outlen)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_params, (void *ctx, + OSSL_PARAM params[])) + # ifdef __cplusplus } # endif diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 18858eb..e96c811 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -253,9 +253,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_DH_NID, nid, NULL) -# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_PAD, pad, NULL) +int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); # define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index e781ebe..377b4b1 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1416,6 +1416,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, @@ -1477,6 +1478,7 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); +int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange); int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); @@ -1705,6 +1707,12 @@ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, int (**pdigest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)); + +void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); + void EVP_add_alg_module(void); /* diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 202e366..76a9bee 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -104,6 +104,8 @@ typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; typedef struct evp_kdf_st EVP_KDF; typedef struct evp_kdf_ctx_st EVP_KDF_CTX; +typedef struct evp_keyexch_st EVP_KEYEXCH; + typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; diff --git a/providers/common/build.info b/providers/common/build.info index 500ef64..c77606a 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,4 +1,4 @@ -SUBDIRS=digests ciphers +SUBDIRS=digests ciphers exchange SOURCE[../../libcrypto]=\ provider_err.c provlib.c diff --git a/providers/common/exchange/build.info b/providers/common/exchange/build.info new file mode 100644 index 0000000..1039075 --- /dev/null +++ b/providers/common/exchange/build.info @@ -0,0 +1,5 @@ +LIBS=../../../libcrypto +SOURCE[../../../libcrypto]=\ + dh.c + + diff --git a/providers/common/exchange/dh.c b/providers/common/exchange/dh.c new file mode 100644 index 0000000..ca6f0fc --- /dev/null +++ b/providers/common/exchange/dh.c @@ -0,0 +1,194 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/provider_algs.h" + +static OSSL_OP_keyexch_newctx_fn dh_newctx; +static OSSL_OP_keyexch_init_fn dh_init; +static OSSL_OP_keyexch_set_peer_fn dh_set_peer; +static OSSL_OP_keyexch_derive_fn dh_derive; +static OSSL_OP_keyexch_freectx_fn dh_freectx; +static OSSL_OP_keyexch_dupctx_fn dh_dupctx; + + +typedef struct { + DH *dh; + DH *dhpeer; + int pad; +} PROV_DH_CTX; + +static void *dh_newctx(void *provctx) +{ + return OPENSSL_zalloc(sizeof(PROV_DH_CTX)); +} + +static DH *param_to_dh(OSSL_PARAM params[], int priv) +{ + DH *dh = DH_new(); + OSSL_PARAM *paramptr; + BIGNUM *p = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; + + if (dh == NULL) + return NULL; + + paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_P); + if (paramptr == NULL + || !OSSL_PARAM_get_BN(paramptr, &p)) + goto err; + + paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_G); + if (paramptr == NULL || !OSSL_PARAM_get_BN(paramptr, &g)) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = g = NULL; + + paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_PUB_KEY); + if (paramptr == NULL || !OSSL_PARAM_get_BN(paramptr, &pub_key)) + goto err; + + /* Private key is optional */ + if (priv) { + paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_PRIV_KEY); + if (paramptr == NULL + || (priv_key = BN_secure_new()) == NULL + || !OSSL_PARAM_get_BN(paramptr, &priv_key)) + goto err; + } + + if (!DH_set0_key(dh, pub_key, priv_key)) + goto err; + + return dh; + + err: + BN_free(p); + BN_free(g); + BN_free(pub_key); + BN_free(priv_key); + DH_free(dh); + return NULL; +} + +static int dh_init(void *vpdhctx, OSSL_PARAM params[]) +{ + PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; + + DH_free(pdhctx->dh); + pdhctx->dh = param_to_dh(params, 1); + + return pdhctx->dh != NULL; +} + +static int dh_set_peer(void *vpdhctx, OSSL_PARAM params[]) +{ + PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; + + DH_free(pdhctx->dhpeer); + pdhctx->dhpeer = param_to_dh(params, 0); + + return pdhctx->dhpeer != NULL; +} + +static int dh_derive(void *vpdhctx, unsigned char *key, size_t *keylen, + size_t outlen) +{ + PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; + int ret; + size_t dhsize; + const BIGNUM *pub_key = NULL; + + /* TODO(3.0): Add errors to stack */ + if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) + return 0; + + dhsize = (size_t)DH_size(pdhctx->dh); + if (key == NULL) { + *keylen = dhsize; + return 1; + } + if (outlen < dhsize) + return 0; + + DH_get0_key(pdhctx->dhpeer, &pub_key, NULL); + ret = (pdhctx->pad) ? DH_compute_key_padded(key, pub_key, pdhctx->dh) + : DH_compute_key(key, pub_key, pdhctx->dh); + if (ret <= 0) + return 0; + + *keylen = ret; + return 1; +} + +static void dh_freectx(void *vpdhctx) +{ + PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; + + DH_free(pdhctx->dh); + DH_free(pdhctx->dhpeer); + + OPENSSL_free(pdhctx); +} + +static void *dh_dupctx(void *vpdhctx) +{ + PROV_DH_CTX *srcctx = (PROV_DH_CTX *)vpdhctx; + PROV_DH_CTX *dstctx; + + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + + *dstctx = *srcctx; + if (dstctx->dh != NULL && !DH_up_ref(dstctx->dh)) { + OPENSSL_free(dstctx); + return NULL; + } + + if (dstctx->dhpeer != NULL && !DH_up_ref(dstctx->dhpeer)) { + DH_free(dstctx->dh); + OPENSSL_free(dstctx); + return NULL; + } + + return dstctx; +} + +static int dh_set_params(void *vpdhctx, OSSL_PARAM params[]) +{ + PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; + const OSSL_PARAM *p; + int pad; + + if (pdhctx == NULL || params == NULL) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_PAD); + if (p == NULL || !OSSL_PARAM_get_int(p, &pad)) + return 0; + + pdhctx->pad = pad; + + return 1; +} + +const OSSL_DISPATCH dh_functions[] = { + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))dh_newctx }, + { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))dh_init }, + { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))dh_derive }, + { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))dh_set_peer }, + { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))dh_freectx }, + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))dh_dupctx }, + { OSSL_FUNC_KEYEXCH_SET_PARAMS, (void (*)(void))dh_set_params }, + { 0, NULL } +}; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index 0e26da0..dbc79a5 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -57,3 +57,6 @@ extern const OSSL_DISPATCH aes128cfb8_functions[]; extern const OSSL_DISPATCH aes256ctr_functions[]; extern const OSSL_DISPATCH aes192ctr_functions[]; extern const OSSL_DISPATCH aes128ctr_functions[]; + +/* Key Exchange */ +extern const OSSL_DISPATCH dh_functions[]; diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 76ef2bc..6ac2bdb 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -114,6 +114,11 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM deflt_keyexch[] = { + { "dhKeyAgreement", "default=yes", dh_functions }, + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, int operation_id, int *no_cache) @@ -124,6 +129,8 @@ static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, return deflt_digests; case OSSL_OP_CIPHER: return deflt_ciphers; + case OSSL_OP_KEYEXCH: + return deflt_keyexch; } return NULL; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 0ce8800..d036249 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4679,3 +4679,9 @@ BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION: BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION: BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION: BN_generate_prime_ex2 4787 3_0_0 EXIST::FUNCTION: +EVP_PKEY_derive_init_ex 4788 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_free 4789 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_up_ref 4790 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_fetch 4791 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_pad 4792 3_0_0 EXIST::FUNCTION:DH +EVP_PKEY_CTX_set_params 4793 3_0_0 EXIST::FUNCTION: From viktor at openssl.org Tue Jul 16 10:12:46 2019 From: viktor at openssl.org (Viktor Dukhovni) Date: Tue, 16 Jul 2019 10:12:46 +0000 Subject: [openssl] master update Message-ID: <1563271966.011213.30360.nullmailer@dev.openssl.org> The branch master has been updated via 5fe499cb75469fbda08d96facd13d14a402a6d44 (commit) from 12df11bdf11fb6a3410483b0097f032e329b4623 (commit) - Log ----------------------------------------------------------------- commit 5fe499cb75469fbda08d96facd13d14a402a6d44 Author: Viktor Dukhovni Date: Mon Jul 15 13:12:04 2019 -0400 Actually silently ignore GET / OCSP requests Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 9f2cf45..71c6a56 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1436,9 +1436,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ - if (p[1] == '\0') + if (p[0] == '\0') goto out; len = urldecode(p); From viktor at openssl.org Tue Jul 16 10:15:02 2019 From: viktor at openssl.org (Viktor Dukhovni) Date: Tue, 16 Jul 2019 10:15:02 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563272102.717108.31964.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 2b7efbd03295f8a345b63acd212e22cb5a3d19df (commit) from cf8b3732484a7a087c1e004551e3f8c51203c69d (commit) - Log ----------------------------------------------------------------- commit 2b7efbd03295f8a345b63acd212e22cb5a3d19df Author: Viktor Dukhovni Date: Mon Jul 15 13:12:04 2019 -0400 Actually silently ignore GET / OCSP requests Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 066a2e4..5d23918 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ - if (p[1] == '\0') + if (p[0] == '\0') goto out; len = urldecode(p); From builds at travis-ci.org Tue Jul 16 10:22:23 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 10:22:23 +0000 Subject: Still Failing: openssl/openssl#26521 (master - 12df11b) In-Reply-To: Message-ID: <5d2da55e82e65_43f830e6239ac106927@9a4acf67-f2b5-42f8-9959-d8cebde8f09a.mail> Build Update for openssl/openssl ------------------------------------- Build: #26521 Status: Still Failing Duration: 22 mins and 27 secs Commit: 12df11b (master) Author: Matt Caswell Message: Document the new EVP_KEYEXCH type and related functions Previous commits added the EVP_KEYEXCH type for representing key exchange algorithms. They also added various functions for fetching and using them, so we document all of those functions. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9266) View the changeset: https://github.com/openssl/openssl/compare/cbfa5b03989e...12df11bdf11f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559364617?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 16 10:42:08 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 10:42:08 +0000 Subject: Still Failing: openssl/openssl#26523 (master - 5fe499c) In-Reply-To: Message-ID: <5d2da9fe7008_43fa8ac38577c216020@94cc48d6-c2e9-4459-b80e-9da623151174.mail> Build Update for openssl/openssl ------------------------------------- Build: #26523 Status: Still Failing Duration: 21 mins and 42 secs Commit: 5fe499c (master) Author: Viktor Dukhovni Message: Actually silently ignore GET / OCSP requests Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/12df11bdf11f...5fe499cb7546 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559369787?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Tue Jul 16 12:47:26 2019 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Tue, 16 Jul 2019 12:47:26 +0000 Subject: [openssl] master update Message-ID: <1563281246.592623.28192.nullmailer@dev.openssl.org> The branch master has been updated via c17d60ea293746d7cd06a910ced446edbb6c1eba (commit) from 5fe499cb75469fbda08d96facd13d14a402a6d44 (commit) - Log ----------------------------------------------------------------- commit c17d60ea293746d7cd06a910ced446edbb6c1eba Author: Patrick Steuer Date: Mon Jul 15 17:00:15 2019 +0200 s390x assembly pack: fix restoring of SIGILL action Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9381) ----------------------------------------------------------------------- Summary of changes: crypto/s390xcap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index b75eacf..a985026 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -65,7 +65,7 @@ struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; void OPENSSL_cpuid_setup(void) { sigset_t oset; - struct sigaction ill_act, oact; + struct sigaction ill_act, oact_ill, oact_fpe; struct OPENSSL_s390xcap_st cap; if (OPENSSL_s390xcap_P.stfle[0]) @@ -87,8 +87,8 @@ void OPENSSL_cpuid_setup(void) sigdelset(&ill_act.sa_mask, SIGFPE); sigdelset(&ill_act.sa_mask, SIGTRAP); sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); - sigaction(SIGILL, &ill_act, &oact); - sigaction(SIGFPE, &ill_act, &oact); + sigaction(SIGILL, &ill_act, &oact_ill); + sigaction(SIGFPE, &ill_act, &oact_fpe); /* protection against missing store-facility-list-extended */ if (sigsetjmp(ill_jmp, 1) == 0) @@ -110,8 +110,8 @@ void OPENSSL_cpuid_setup(void) | S390X_CAPBIT(S390X_VXE)); } - sigaction(SIGFPE, &oact, NULL); - sigaction(SIGILL, &oact, NULL); + sigaction(SIGFPE, &oact_fpe, NULL); + sigaction(SIGILL, &oact_ill, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); OPENSSL_s390x_functions(); From matt at openssl.org Tue Jul 16 12:58:02 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 16 Jul 2019 12:58:02 +0000 Subject: [openssl] master update Message-ID: <1563281882.159689.4113.nullmailer@dev.openssl.org> The branch master has been updated via fe9edc9d39c96c965efc4fde12ddf7fa8a852025 (commit) from c17d60ea293746d7cd06a910ced446edbb6c1eba (commit) - Log ----------------------------------------------------------------- commit fe9edc9d39c96c965efc4fde12ddf7fa8a852025 Author: Todd Short Date: Mon Jul 15 09:55:13 2019 -0400 Fix SSL_CTX_set_session_id_context() docs Also, use define rather than sizeof Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9377) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_session_id_context.pod | 4 ++-- ssl/ssl_lib.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod index a77bf8e..ccc10a7 100644 --- a/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/doc/man3/SSL_CTX_set_session_id_context.pod @@ -42,7 +42,7 @@ OpenSSL clients will check the session id context returned by the server when reusing a session. The maximum length of the B is limited to -B. +B. =head1 WARNINGS @@ -67,7 +67,7 @@ return the following values: =item Z<>0 The length B of the session id context B exceeded -the maximum allowed length of B. The error +the maximum allowed length of B. The error is logged to the error stack. =item Z<>1 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 211a828..c88368e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -877,7 +877,7 @@ int SSL_up_ref(SSL *s) int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if (sid_ctx_len > sizeof(ctx->sid_ctx)) { + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; From matt at openssl.org Tue Jul 16 13:03:57 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 16 Jul 2019 13:03:57 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563282237.628545.32472.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 686ead4537ade69368ebf87679397105aee5d5c8 (commit) from 2b7efbd03295f8a345b63acd212e22cb5a3d19df (commit) - Log ----------------------------------------------------------------- commit 686ead4537ade69368ebf87679397105aee5d5c8 Author: Todd Short Date: Mon Jul 15 09:55:13 2019 -0400 Fix SSL_CTX_set_session_id_context() docs Also, use define rather than sizeof Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9377) (cherry picked from commit fe9edc9d39c96c965efc4fde12ddf7fa8a852025) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_session_id_context.pod | 4 ++-- ssl/ssl_lib.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod index d832350..9270b10 100644 --- a/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/doc/man3/SSL_CTX_set_session_id_context.pod @@ -42,7 +42,7 @@ OpenSSL clients will check the session id context returned by the server when reusing a session. The maximum length of the B is limited to -B. +B. =head1 WARNINGS @@ -67,7 +67,7 @@ return the following values: =item Z<>0 The length B of the session id context B exceeded -the maximum allowed length of B. The error +the maximum allowed length of B. The error is logged to the error stack. =item Z<>1 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4e945dc..ac820cf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -872,7 +872,7 @@ int SSL_up_ref(SSL *s) int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if (sid_ctx_len > sizeof(ctx->sid_ctx)) { + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; From builds at travis-ci.org Tue Jul 16 13:07:10 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 13:07:10 +0000 Subject: Still Failing: openssl/openssl#26539 (master - c17d60e) In-Reply-To: Message-ID: <5d2dcbfe2d14_43f85eb9ab2481941d6@018144f2-ce03-48ff-af6d-c0fea15bcb6d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26539 Status: Still Failing Duration: 19 mins and 5 secs Commit: c17d60e (master) Author: Patrick Steuer Message: s390x assembly pack: fix restoring of SIGILL action Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9381) View the changeset: https://github.com/openssl/openssl/compare/5fe499cb7546...c17d60ea2937 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559429674?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 16 13:22:09 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 13:22:09 +0000 Subject: Still Failing: openssl/openssl#26540 (master - fe9edc9) In-Reply-To: Message-ID: <5d2dcf81a9ac9_43f96f4a3ab68197112@80c68b71-7a80-4542-9812-d16fcb63b218.mail> Build Update for openssl/openssl ------------------------------------- Build: #26540 Status: Still Failing Duration: 23 mins and 38 secs Commit: fe9edc9 (master) Author: Todd Short Message: Fix SSL_CTX_set_session_id_context() docs Also, use define rather than sizeof Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9377) View the changeset: https://github.com/openssl/openssl/compare/c17d60ea2937...fe9edc9d39c9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559433849?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 16 13:28:26 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jul 2019 13:28:26 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1563283706.522550.815.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 35e264c032 Coverity #1451596: check dirlen for being negative b481fbe68b Coverity #1451595: use correct free function. d5fdb6a695 util/opensslwrap.sh: adjust to define OPENSSL_MODULES as well 4674aaf4f2 In documentation, consistently refer to OpenSSL 3.0 2934be9134 Make sure all BIGNUM operations work within the FIPS provider 753149d97f Move the code for 'openssl list' to its own translation unit. 4b62b8ed49 Refactor apps/progs.* to be generate with 'make update' a161738a70 Fix wrong lock claimed in x509 dir lookup. 5fe6e2311d issue-9316: Update return documentation for RAND_set_rand_engine Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 229 wallclock secs ( 1.77 usr 0.32 sys + 222.97 cusr 17.44 csys = 242.50 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 16 14:15:08 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jul 2019 14:15:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1563286508.886348.25837.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 35e264c032 Coverity #1451596: check dirlen for being negative b481fbe68b Coverity #1451595: use correct free function. d5fdb6a695 util/opensslwrap.sh: adjust to define OPENSSL_MODULES as well 4674aaf4f2 In documentation, consistently refer to OpenSSL 3.0 2934be9134 Make sure all BIGNUM operations work within the FIPS provider 753149d97f Move the code for 'openssl list' to its own translation unit. 4b62b8ed49 Refactor apps/progs.* to be generate with 'make update' a161738a70 Fix wrong lock claimed in x509 dir lookup. 5fe6e2311d issue-9316: Update return documentation for RAND_set_rand_engine Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=172, Tests=1560, 233 wallclock secs ( 1.76 usr 0.31 sys + 227.29 cusr 18.84 csys = 248.20 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Tue Jul 16 14:48:46 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 16 Jul 2019 14:48:46 +0000 Subject: [openssl] master update Message-ID: <1563288526.443463.28630.nullmailer@dev.openssl.org> The branch master has been updated via da0201814380144151293811e9cd63732e0e0c3e (commit) from fe9edc9d39c96c965efc4fde12ddf7fa8a852025 (commit) - Log ----------------------------------------------------------------- commit da0201814380144151293811e9cd63732e0e0c3e Author: Richard Levitte Date: Mon Jul 15 11:55:33 2019 +0200 Provider config module: allow providers to already be loaded This allows 'default' to be configured in the config file, if needed. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9371) ----------------------------------------------------------------------- Summary of changes: crypto/provider_conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index 74162a8..25881d6 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -113,7 +113,9 @@ static int provider_conf_load(OPENSSL_CTX *libctx, const char *name, activate = 1; } - prov = ossl_provider_new(libctx, name, NULL); + prov = ossl_provider_find(libctx, name); + if (prov == NULL) + prov = ossl_provider_new(libctx, name, NULL); if (prov == NULL) { if (soft) ERR_clear_error(); From no-reply at appveyor.com Tue Jul 16 14:52:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Jul 2019 14:52:34 +0000 Subject: Build failed: openssl master.25961 Message-ID: <20190716145234.1.5A19162CD6868AF8@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 16 15:21:31 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 15:21:31 +0000 Subject: Still Failing: openssl/openssl#26545 (master - da02018) In-Reply-To: Message-ID: <5d2deb7b97bdc_43f8982c806401287e6@193b7405-73c1-4333-99af-ec8c9684957f.mail> Build Update for openssl/openssl ------------------------------------- Build: #26545 Status: Still Failing Duration: 28 mins and 18 secs Commit: da02018 (master) Author: Richard Levitte Message: Provider config module: allow providers to already be loaded This allows 'default' to be configured in the config file, if needed. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9371) View the changeset: https://github.com/openssl/openssl/compare/fe9edc9d39c9...da0201814380 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559485647?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 16 15:25:45 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Jul 2019 15:25:45 +0000 Subject: Build completed: openssl master.25962 Message-ID: <20190716152545.1.D2873A0C651BA2E8@appveyor.com> An HTML attachment was scrubbed... URL: From kurt at openssl.org Tue Jul 16 18:33:45 2019 From: kurt at openssl.org (Kurt Roeckx) Date: Tue, 16 Jul 2019 18:33:45 +0000 Subject: [openssl] master update Message-ID: <1563302025.478047.3598.nullmailer@dev.openssl.org> The branch master has been updated via e3a0d367299ee9f384ef912c644dbb5ef195798d (commit) from da0201814380144151293811e9cd63732e0e0c3e (commit) - Log ----------------------------------------------------------------- commit e3a0d367299ee9f384ef912c644dbb5ef195798d Author: Kurt Roeckx Date: Sun Jul 7 11:04:32 2019 +0200 Auto add a label depending on the type of issue they report. Reviewed-by: Richard Levitte GH: #9319 ----------------------------------------------------------------------- Summary of changes: .github/ISSUE_TEMPLATE/bug_report.md | 1 + .github/ISSUE_TEMPLATE/feature_request.md | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 0d6d219..80d60c5 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,5 +1,6 @@ --- name: Bug report +labels: bug about: Report a defect in the software --- diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 9e5565e..27d66e6 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,5 +1,6 @@ --- name: Feature request +labels: feature about: Propose a feature you would like to see added in the software --- From builds at travis-ci.org Tue Jul 16 18:52:50 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Jul 2019 18:52:50 +0000 Subject: Still Failing: openssl/openssl#26553 (master - e3a0d36) In-Reply-To: Message-ID: <5d2e1d02b6ee1_43f85eaf33838363551@018144f2-ce03-48ff-af6d-c0fea15bcb6d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26553 Status: Still Failing Duration: 18 mins and 30 secs Commit: e3a0d36 (master) Author: Kurt Roeckx Message: Auto add a label depending on the type of issue they report. Reviewed-by: Richard Levitte GH: #9319 View the changeset: https://github.com/openssl/openssl/compare/da0201814380...e3a0d367299e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559595538?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 17 01:18:46 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jul 2019 01:18:46 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1563326326.860911.16499.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: e3a0d36729 Auto add a label depending on the type of issue they report. da02018143 Provider config module: allow providers to already be loaded fe9edc9d39 Fix SSL_CTX_set_session_id_context() docs c17d60ea29 s390x assembly pack: fix restoring of SIGILL action 5fe499cb75 Actually silently ignore GET / OCSP requests 12df11bdf1 Document the new EVP_KEYEXCH type and related functions 35aca9eccb Add the ability to set PKCS#3 DH padding in providers 94b40fb77c Enable PKCS#3 DH in the providers 89e291742f Implement PKCS#3 DH Key Exchange in the default provider ff64702b3d Make the EVP Key Exchange code provider aware cbfa5b0398 Regenerate mkerr files aac96e2797 Remove function name from errors 3d9b33b5e4 Remove DRBG from SSL structure. 459b15d451 Add Common shared code needed to move aes ciphers to providers 0d03acea7a remove end of line whitespace b880583475 Convert asn1_dsa.c to use the WPACKET API instead 15cb0f0958 Give WPACKET the ability to have a NULL buffer underneath it 8ae173bb57 Convert asn1_dsa.c to use the PACKET API instead 0d345f0e10 Make the PACKET/WPACKET code available to both libcrypto and libssl 54846b7c6e Add simple ASN.1 utils for DSA signature DER. Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/ess/libcrypto-lib-ess_asn1.d.tmp -MT crypto/ess/libcrypto-lib-ess_asn1.o -c -o crypto/ess/libcrypto-lib-ess_asn1.o ../openssl/crypto/ess/ess_asn1.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/ess/libcrypto-lib-ess_err.d.tmp -MT crypto/ess/libcrypto-lib-ess_err.o -c -o crypto/ess/libcrypto-lib-ess_err.o ../openssl/crypto/ess/ess_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/ess/libcrypto-lib-ess_lib.d.tmp -MT crypto/ess/libcrypto-lib-ess_lib.o -c -o crypto/ess/libcrypto-lib-ess_lib.o ../openssl/crypto/ess/ess_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_b64.d.tmp -MT crypto/evp/libcrypto-lib-bio_b64.o -c -o crypto/evp/libcrypto-lib-bio_b64.o ../openssl/crypto/evp/bio_b64.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_enc.d.tmp -MT crypto/evp/libcrypto-lib-bio_enc.o -c -o crypto/evp/libcrypto-lib-bio_enc.o ../openssl/crypto/evp/bio_enc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_md.d.tmp -MT crypto/evp/libcrypto-lib-bio_md.o -c -o crypto/evp/libcrypto-lib-bio_md.o ../openssl/crypto/evp/bio_md.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_ok.d.tmp -MT crypto/evp/libcrypto-lib-bio_ok.o -c -o crypto/evp/libcrypto-lib-bio_ok.o ../openssl/crypto/evp/bio_ok.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allc.d.tmp -MT crypto/evp/libcrypto-lib-c_allc.o -c -o crypto/evp/libcrypto-lib-c_allc.o ../openssl/crypto/evp/c_allc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_alld.d.tmp -MT crypto/evp/libcrypto-lib-c_alld.o -c -o crypto/evp/libcrypto-lib-c_alld.o ../openssl/crypto/evp/c_alld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allkdf.d.tmp -MT crypto/evp/libcrypto-lib-c_allkdf.o -c -o crypto/evp/libcrypto-lib-c_allkdf.o ../openssl/crypto/evp/c_allkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allm.d.tmp -MT crypto/evp/libcrypto-lib-c_allm.o -c -o crypto/evp/libcrypto-lib-c_allm.o ../openssl/crypto/evp/c_allm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-cmeth_lib.d.tmp -MT crypto/evp/libcrypto-lib-cmeth_lib.o -c -o crypto/evp/libcrypto-lib-cmeth_lib.o ../openssl/crypto/evp/cmeth_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-digest.d.tmp -MT crypto/evp/libcrypto-lib-digest.o -c -o crypto/evp/libcrypto-lib-digest.o ../openssl/crypto/evp/digest.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes.d.tmp -MT crypto/evp/libcrypto-lib-e_aes.o -c -o crypto/evp/libcrypto-lib-e_aes.o ../openssl/crypto/evp/e_aes.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha1.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha256.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aria.d.tmp -MT crypto/evp/libcrypto-lib-e_aria.o -c -o crypto/evp/libcrypto-lib-e_aria.o ../openssl/crypto/evp/e_aria.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_bf.d.tmp -MT crypto/evp/libcrypto-lib-e_bf.o -c -o crypto/evp/libcrypto-lib-e_bf.o ../openssl/crypto/evp/e_bf.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_camellia.d.tmp -MT crypto/evp/libcrypto-lib-e_camellia.o -c -o crypto/evp/libcrypto-lib-e_camellia.o ../openssl/crypto/evp/e_camellia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_cast.d.tmp -MT crypto/evp/libcrypto-lib-e_cast.o -c -o crypto/evp/libcrypto-lib-e_cast.o ../openssl/crypto/evp/e_cast.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_chacha20_poly1305.d.tmp -MT crypto/evp/libcrypto-lib-e_chacha20_poly1305.o -c -o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o ../openssl/crypto/evp/e_chacha20_poly1305.c clang -Icrypto -I../openssl/crypto -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_des.d.tmp -MT crypto/evp/libcrypto-lib-e_des.o -c -o crypto/evp/libcrypto-lib-e_des.o ../openssl/crypto/evp/e_des.c clang -Icrypto -I../openssl/crypto -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_des3.d.tmp -MT crypto/evp/libcrypto-lib-e_des3.o -c -o crypto/evp/libcrypto-lib-e_des3.o ../openssl/crypto/evp/e_des3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_idea.d.tmp -MT crypto/evp/libcrypto-lib-e_idea.o -c -o crypto/evp/libcrypto-lib-e_idea.o ../openssl/crypto/evp/e_idea.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_null.d.tmp -MT crypto/evp/libcrypto-lib-e_null.o -c -o crypto/evp/libcrypto-lib-e_null.o ../openssl/crypto/evp/e_null.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_old.d.tmp -MT crypto/evp/libcrypto-lib-e_old.o -c -o crypto/evp/libcrypto-lib-e_old.o ../openssl/crypto/evp/e_old.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc2.d.tmp -MT crypto/evp/libcrypto-lib-e_rc2.o -c -o crypto/evp/libcrypto-lib-e_rc2.o ../openssl/crypto/evp/e_rc2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc4.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4.o -c -o crypto/evp/libcrypto-lib-e_rc4.o ../openssl/crypto/evp/e_rc4.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc4_hmac_md5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o -c -o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o ../openssl/crypto/evp/e_rc4_hmac_md5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc5.o -c -o crypto/evp/libcrypto-lib-e_rc5.o ../openssl/crypto/evp/e_rc5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_seed.d.tmp -MT crypto/evp/libcrypto-lib-e_seed.o -c -o crypto/evp/libcrypto-lib-e_seed.o ../openssl/crypto/evp/e_seed.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_sm4.d.tmp -MT crypto/evp/libcrypto-lib-e_sm4.o -c -o crypto/evp/libcrypto-lib-e_sm4.o ../openssl/crypto/evp/e_sm4.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_xcbc_d.d.tmp -MT crypto/evp/libcrypto-lib-e_xcbc_d.o -c -o crypto/evp/libcrypto-lib-e_xcbc_d.o ../openssl/crypto/evp/e_xcbc_d.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-encode.d.tmp -MT crypto/evp/libcrypto-lib-encode.o -c -o crypto/evp/libcrypto-lib-encode.o ../openssl/crypto/evp/encode.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_cnf.d.tmp -MT crypto/evp/libcrypto-lib-evp_cnf.o -c -o crypto/evp/libcrypto-lib-evp_cnf.o ../openssl/crypto/evp/evp_cnf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_enc.d.tmp -MT crypto/evp/libcrypto-lib-evp_enc.o -c -o crypto/evp/libcrypto-lib-evp_enc.o ../openssl/crypto/evp/evp_enc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_err.d.tmp -MT crypto/evp/libcrypto-lib-evp_err.o -c -o crypto/evp/libcrypto-lib-evp_err.o ../openssl/crypto/evp/evp_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_fetch.d.tmp -MT crypto/evp/libcrypto-lib-evp_fetch.o -c -o crypto/evp/libcrypto-lib-evp_fetch.o ../openssl/crypto/evp/evp_fetch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_key.d.tmp -MT crypto/evp/libcrypto-lib-evp_key.o -c -o crypto/evp/libcrypto-lib-evp_key.o ../openssl/crypto/evp/evp_key.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_lib.d.tmp -MT crypto/evp/libcrypto-lib-evp_lib.o -c -o crypto/evp/libcrypto-lib-evp_lib.o ../openssl/crypto/evp/evp_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_pbe.d.tmp -MT crypto/evp/libcrypto-lib-evp_pbe.o -c -o crypto/evp/libcrypto-lib-evp_pbe.o ../openssl/crypto/evp/evp_pbe.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_pkey.d.tmp -MT crypto/evp/libcrypto-lib-evp_pkey.o -c -o crypto/evp/libcrypto-lib-evp_pkey.o ../openssl/crypto/evp/evp_pkey.c ../openssl/crypto/evp/evp_lib.c:820:25: error: no member named 'dh' in 'union evp_pkey_st::(anonymous at ../openssl/crypto/include/internal/evp_int.h:513:5)' DH *dh = pkey->pkey.dh; ~~~~~~~~~~ ^ ../openssl/crypto/evp/evp_lib.c:822:23: error: implicit declaration of function 'DH_get0_p' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:822:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:822:43: error: implicit declaration of function 'DH_get0_g' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:43: note: did you mean 'DH_get0_p'? ../openssl/crypto/evp/evp_lib.c:822:23: note: 'DH_get0_p' declared here const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~ DH_get0_p ../openssl/crypto/evp/evp_lib.c:822:43: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:39: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:822:63: error: implicit declaration of function 'DH_get0_q' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:63: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:822:59: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:823:29: error: implicit declaration of function 'DH_get0_pub_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:823:29: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:823:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ~~~~~~~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:824:30: error: implicit declaration of function 'DH_get0_priv_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:30: note: did you mean 'DH_get0_pub_key'? ../openssl/crypto/evp/evp_lib.c:823:29: note: 'DH_get0_pub_key' declared here const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:30: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ~~~~~~~~~~~~~~~~~~~~ 16 errors generated. Makefile:9327: recipe for target 'crypto/evp/libcrypto-lib-evp_lib.o' failed make[1]: *** [crypto/evp/libcrypto-lib-evp_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Wed Jul 17 02:19:18 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jul 2019 02:19:18 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1563329958.117544.31243.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: e3a0d36729 Auto add a label depending on the type of issue they report. da02018143 Provider config module: allow providers to already be loaded fe9edc9d39 Fix SSL_CTX_set_session_id_context() docs c17d60ea29 s390x assembly pack: fix restoring of SIGILL action 5fe499cb75 Actually silently ignore GET / OCSP requests 12df11bdf1 Document the new EVP_KEYEXCH type and related functions 35aca9eccb Add the ability to set PKCS#3 DH padding in providers 94b40fb77c Enable PKCS#3 DH in the providers 89e291742f Implement PKCS#3 DH Key Exchange in the default provider ff64702b3d Make the EVP Key Exchange code provider aware cbfa5b0398 Regenerate mkerr files aac96e2797 Remove function name from errors 3d9b33b5e4 Remove DRBG from SSL structure. 459b15d451 Add Common shared code needed to move aes ciphers to providers 0d03acea7a remove end of line whitespace b880583475 Convert asn1_dsa.c to use the WPACKET API instead 15cb0f0958 Give WPACKET the ability to have a NULL buffer underneath it 8ae173bb57 Convert asn1_dsa.c to use the PACKET API instead 0d345f0e10 Make the PACKET/WPACKET code available to both libcrypto and libssl 54846b7c6e Add simple ASN.1 utils for DSA signature DER. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=173, Tests=1646, 252 wallclock secs ( 2.88 usr 0.35 sys + 242.62 cusr 20.16 csys = 266.01 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jul 17 02:47:35 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Jul 2019 02:47:35 +0000 Subject: Build failed: openssl master.25989 Message-ID: <20190717024735.1.040AB0C5B3DB51D5@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jul 17 02:58:23 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 17 Jul 2019 02:58:23 +0000 Subject: [openssl] master update Message-ID: <1563332303.025933.4418.nullmailer@dev.openssl.org> The branch master has been updated via 4bd8b24045e1b044a2696b0675a9120ac0384567 (commit) via dd6b270618b8f43009999e45ad6dd03ca50bbe54 (commit) from e3a0d367299ee9f384ef912c644dbb5ef195798d (commit) - Log ----------------------------------------------------------------- commit 4bd8b24045e1b044a2696b0675a9120ac0384567 Author: Pauli Date: Tue Jul 16 20:35:42 2019 +1000 remove end of line spaces Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/9397) commit dd6b270618b8f43009999e45ad6dd03ca50bbe54 Author: Pauli Date: Tue Jul 16 20:24:10 2019 +1000 Remove tab characters from C source files. Some have been creeping into the source code. Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/9397) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 6 +- apps/vms_term_sock.c | 12 +-- crypto/aria/aria.c | 2 +- crypto/cryptlib.c | 2 +- crypto/ec/curve448/curve448.c | 4 +- crypto/evp/e_aes.c | 156 ++++++++++++++++----------------- crypto/evp/e_rc4_hmac_md5.c | 2 +- crypto/include/internal/aes_platform.h | 78 ++++++++--------- crypto/include/internal/chacha.h | 6 +- crypto/initthread.c | 2 +- crypto/s390x_arch.h | 114 ++++++++++++------------ crypto/s390xcap.c | 54 ++++++------ crypto/ui/ui_openssl.c | 4 +- include/internal/numbers.h | 6 +- include/openssl/core.h | 2 +- include/openssl/rand.h | 2 +- providers/common/provlib.c | 2 +- providers/fips/fipsprov.c | 4 +- ssl/statem/extensions.c | 2 +- ssl/t1_lib.c | 4 +- test/bntest.c | 2 +- test/drbg_cavs_test.c | 2 +- test/ecstresstest.c | 2 +- test/testutil/driver.c | 6 +- 24 files changed, 238 insertions(+), 238 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 6f2d133..016df7c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2017,7 +2017,7 @@ int s_client_main(int argc, char **argv) if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) { if (servername == NULL) { - if(host == NULL || is_dNS_name(host)) + if(host == NULL || is_dNS_name(host)) servername = (host == NULL) ? "localhost" : host; } if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) { @@ -3104,7 +3104,7 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "RENEGOTIATING\n"); SSL_renegotiate(con); cbuf_len = 0; - } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) + } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) && cmdletters) { BIO_printf(bio_err, "KEYUPDATE\n"); SSL_key_update(con, @@ -3552,7 +3552,7 @@ static char *base64encode (const void *buf, size_t len) } /* - * Host dNS Name verifier: used for checking that the hostname is in dNS format + * Host dNS Name verifier: used for checking that the hostname is in dNS format * before setting it as SNI */ static int is_dNS_name(const char *host) diff --git a/apps/vms_term_sock.c b/apps/vms_term_sock.c index 6d55a83..1b27699 100644 --- a/apps/vms_term_sock.c +++ b/apps/vms_term_sock.c @@ -238,8 +238,8 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) } /* - ** Deassign the terminal channel - */ + ** Deassign the terminal channel + */ status = sys$dassgn (TerminalDeviceChan); if (! (status & 1)) { LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status); @@ -255,15 +255,15 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) close (TerminalSocketPair[1]); /* - ** Return the initialized socket - */ + ** Return the initialized socket + */ *ReturnSocket = 0; break; default: /* - ** Invalid function code - */ + ** Invalid function code + */ LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode); return TERM_SOCK_FAILURE; break; diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c index 8cba74e..67bd8d9 100644 --- a/crypto/aria/aria.c +++ b/crypto/aria/aria.c @@ -1007,7 +1007,7 @@ static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y) { unsigned int i; for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { - o[i ] = sb3[x->c[i ] ^ y->c[i ]]; + o[i ] = sb3[x->c[i ] ^ y->c[i ]]; o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]]; o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]]; o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]]; diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 6e5e65e..0048a3d 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -84,7 +84,7 @@ static variant_char *ossl_strchr(const variant_char *str, char srch) while((c = *str)) { if (c == srch) - return (variant_char *)str; + return (variant_char *)str; str++; } diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c index 6236ad6..59f4479 100644 --- a/crypto/ec/curve448/curve448.c +++ b/crypto/ec/curve448/curve448.c @@ -501,9 +501,9 @@ struct smvt_control { }; #if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3)) -# define NUMTRAILINGZEROS __builtin_ctz +# define NUMTRAILINGZEROS __builtin_ctz #else -# define NUMTRAILINGZEROS numtrailingzeros +# define NUMTRAILINGZEROS numtrailingzeros static uint32_t numtrailingzeros(uint32_t i) { uint32_t tmp; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index f93ba61..d687a2c 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -267,7 +267,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, /* * Verify that the two keys are different. - * + * * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. */ @@ -599,7 +599,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, /* * Verify that the two keys are different. - * + * * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. */ @@ -945,7 +945,7 @@ typedef struct { static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -# define S390X_AES_CBC_CTX EVP_AES_KEY +# define S390X_AES_CBC_CTX EVP_AES_KEY # define s390x_aes_cbc_init_key aes_init_key @@ -1132,7 +1132,7 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_AES_CTR_CTX EVP_AES_KEY +# define S390X_AES_CTR_CTX EVP_AES_KEY # define s390x_aes_ctr_init_key aes_init_key @@ -1141,7 +1141,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); /* iv + padding length for iv lengths != 12 */ -# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) +# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) /*- * Process additional authenticated data. Returns 0 on success. Code is @@ -1662,7 +1662,7 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c) return 1; } -# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX +# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX # define s390x_aes_xts_init_key aes_xts_init_key static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, @@ -1787,13 +1787,13 @@ static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in, ctx->aes.ccm.nonce.b[15] = 1; if (n != len) - return -1; /* length mismatch */ + return -1; /* length mismatch */ if (enc) { /* Two operations per block plus one for tag encryption */ ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1; if (ctx->aes.ccm.blocks > (1ULL << 61)) - return -2; /* too much data */ + return -2; /* too much data */ } num = 0; @@ -1842,7 +1842,7 @@ static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in, ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0]; ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1]; - ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ + ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ return 0; } @@ -2146,7 +2146,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) # define s390x_aes_ccm_cleanup aes_ccm_cleanup # ifndef OPENSSL_NO_OCB -# define S390X_AES_OCB_CTX EVP_AES_OCB_CTX +# define S390X_AES_OCB_CTX EVP_AES_OCB_CTX # define s390x_aes_ocb_init_key aes_ocb_init_key static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -2169,77 +2169,77 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); # define s390x_aes_siv_ctrl aes_siv_ctrl # endif -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \ - MODE,flags) \ -static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - s390x_aes_##mode##_init_key, \ - s390x_aes_##mode##_cipher, \ - NULL, \ - sizeof(S390X_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - NULL, \ - NULL \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode, \ - blocksize, \ - keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL, \ - NULL, \ - NULL, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ \ - return S390X_aes_##keylen##_##mode##_CAPABLE ? \ - &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \ + MODE,flags) \ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize, \ + keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + NULL, \ + sizeof(S390X_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + NULL, \ + NULL \ +}; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, \ + blocksize, \ + keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, \ + NULL, \ + NULL, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ \ + return S390X_aes_##keylen##_##mode##_CAPABLE ? \ + &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ } # define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\ -static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode, \ - blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - s390x_aes_##mode##_init_key, \ - s390x_aes_##mode##_cipher, \ - s390x_aes_##mode##_cleanup, \ - sizeof(S390X_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - s390x_aes_##mode##_ctrl, \ - NULL \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - aes_##mode##_ctrl, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ \ - return S390X_aes_##keylen##_##mode##_CAPABLE ? \ - &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode, \ + blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + s390x_aes_##mode##_cleanup, \ + sizeof(S390X_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + s390x_aes_##mode##_ctrl, \ + NULL \ +}; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + aes_##mode##_ctrl, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ \ + return S390X_aes_##keylen##_##mode##_CAPABLE ? \ + &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ } #else diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index 7ff08cb..d22abbb 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -51,7 +51,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, return 1; } -# if defined(RC4_ASM) && defined(MD5_ASM) && ( \ +# if defined(RC4_ASM) && defined(MD5_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) # define STITCHED_CALL diff --git a/crypto/include/internal/aes_platform.h b/crypto/include/internal/aes_platform.h index 115264e..5174081 100644 --- a/crypto/include/internal/aes_platform.h +++ b/crypto/include/internal/aes_platform.h @@ -271,65 +271,65 @@ void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, # define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ S390X_CAPBIT(S390X_AES_256)) -# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_cbc_CAPABLE 1 -# define S390X_aes_256_cbc_CAPABLE 1 +# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 1 +# define S390X_aes_256_cbc_CAPABLE 1 -# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE -# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE -# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE +# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE +# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE +# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE -# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ +# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ +# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ +# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ S390X_CAPBIT(S390X_AES_256))) -# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ +# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ +# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ +# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ S390X_CAPBIT(S390X_AES_256))) -# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ +# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ +# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ +# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ S390X_CAPBIT(S390X_AES_256)) -# define S390X_aes_128_cfb1_CAPABLE 0 -# define S390X_aes_192_cfb1_CAPABLE 0 -# define S390X_aes_256_cfb1_CAPABLE 0 +# define S390X_aes_128_cfb1_CAPABLE 0 +# define S390X_aes_192_cfb1_CAPABLE 0 +# define S390X_aes_256_cfb1_CAPABLE 0 -# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_ctr_CAPABLE 1 -# define S390X_aes_256_ctr_CAPABLE 1 +# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 1 +# define S390X_aes_256_ctr_CAPABLE 1 -# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ -# define S390X_aes_256_xts_CAPABLE 1 +# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 1 -# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ +# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ +# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ +# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ S390X_CAPBIT(S390X_AES_256))) -# define S390X_CCM_AAD_FLAG 0x40 +# define S390X_CCM_AAD_FLAG 0x40 # ifndef OPENSSL_NO_OCB -# define S390X_aes_128_ocb_CAPABLE 0 -# define S390X_aes_192_ocb_CAPABLE 0 -# define S390X_aes_256_ocb_CAPABLE 0 +# define S390X_aes_128_ocb_CAPABLE 0 +# define S390X_aes_192_ocb_CAPABLE 0 +# define S390X_aes_256_ocb_CAPABLE 0 # endif /* OPENSSL_NO_OCB */ # ifndef OPENSSL_NO_SIV diff --git a/crypto/include/internal/chacha.h b/crypto/include/internal/chacha.h index 7e79e12..e095522 100644 --- a/crypto/include/internal/chacha.h +++ b/crypto/include/internal/chacha.h @@ -35,8 +35,8 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) -#define CHACHA_KEY_SIZE 32 -#define CHACHA_CTR_SIZE 16 -#define CHACHA_BLK_SIZE 64 +#define CHACHA_KEY_SIZE 32 +#define CHACHA_CTR_SIZE 16 +#define CHACHA_BLK_SIZE 64 #endif diff --git a/crypto/initthread.c b/crypto/initthread.c index 99cd96c..b3f45b9 100644 --- a/crypto/initthread.c +++ b/crypto/initthread.c @@ -21,7 +21,7 @@ * we have our own copy of ossl_init_thread_start, which cascades notifications * about threads stopping from libcrypto to all the code in the FIPS provider * that needs to know about it. - * + * * The FIPS provider tells libcrypto about which threads it is interested in * by calling "c_thread_start" which is a function pointer created during * provider initialisation (i.e. OSSL_init_provider). diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index 5e12542..bb69ed0 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -55,88 +55,88 @@ struct OPENSSL_s390xcap_st { extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; /* Max number of 64-bit words currently returned by STFLE */ -# define S390X_STFLE_MAX 3 +# define S390X_STFLE_MAX 3 /* convert facility bit number or function code to bit mask */ -# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64)) +# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64)) # endif /* OPENSSL_s390xcap_P offsets [bytes] */ -# define S390X_STFLE 0x00 -# define S390X_KIMD 0x20 -# define S390X_KLMD 0x30 -# define S390X_KM 0x40 -# define S390X_KMC 0x50 -# define S390X_KMAC 0x60 -# define S390X_KMCTR 0x70 -# define S390X_KMO 0x80 -# define S390X_KMF 0x90 -# define S390X_PRNO 0xa0 -# define S390X_KMA 0xb0 -# define S390X_PCC 0xc0 -# define S390X_KDSA 0xd0 +# define S390X_STFLE 0x00 +# define S390X_KIMD 0x20 +# define S390X_KLMD 0x30 +# define S390X_KM 0x40 +# define S390X_KMC 0x50 +# define S390X_KMAC 0x60 +# define S390X_KMCTR 0x70 +# define S390X_KMO 0x80 +# define S390X_KMF 0x90 +# define S390X_PRNO 0xa0 +# define S390X_KMA 0xb0 +# define S390X_PCC 0xc0 +# define S390X_KDSA 0xd0 /* Facility Bit Numbers */ -# define S390X_MSA 17 /* message-security-assist */ -# define S390X_STCKF 25 /* store-clock-fast */ -# define S390X_MSA5 57 /* message-security-assist-ext. 5 */ -# define S390X_MSA3 76 /* message-security-assist-ext. 3 */ -# define S390X_MSA4 77 /* message-security-assist-ext. 4 */ -# define S390X_VX 129 /* vector */ -# define S390X_VXD 134 /* vector packed decimal */ -# define S390X_VXE 135 /* vector enhancements 1 */ -# define S390X_MSA8 146 /* message-security-assist-ext. 8 */ -# define S390X_MSA9 155 /* message-security-assist-ext. 9 */ +# define S390X_MSA 17 /* message-security-assist */ +# define S390X_STCKF 25 /* store-clock-fast */ +# define S390X_MSA5 57 /* message-security-assist-ext. 5 */ +# define S390X_MSA3 76 /* message-security-assist-ext. 3 */ +# define S390X_MSA4 77 /* message-security-assist-ext. 4 */ +# define S390X_VX 129 /* vector */ +# define S390X_VXD 134 /* vector packed decimal */ +# define S390X_VXE 135 /* vector enhancements 1 */ +# define S390X_MSA8 146 /* message-security-assist-ext. 8 */ +# define S390X_MSA9 155 /* message-security-assist-ext. 9 */ /* Function Codes */ /* all instructions */ -# define S390X_QUERY 0 +# define S390X_QUERY 0 /* kimd/klmd */ -# define S390X_SHA_1 1 -# define S390X_SHA_256 2 -# define S390X_SHA_512 3 -# define S390X_SHA3_224 32 -# define S390X_SHA3_256 33 -# define S390X_SHA3_384 34 -# define S390X_SHA3_512 35 -# define S390X_SHAKE_128 36 -# define S390X_SHAKE_256 37 -# define S390X_GHASH 65 +# define S390X_SHA_1 1 +# define S390X_SHA_256 2 +# define S390X_SHA_512 3 +# define S390X_SHA3_224 32 +# define S390X_SHA3_256 33 +# define S390X_SHA3_384 34 +# define S390X_SHA3_512 35 +# define S390X_SHAKE_128 36 +# define S390X_SHAKE_256 37 +# define S390X_GHASH 65 /* km/kmc/kmac/kmctr/kmo/kmf/kma */ -# define S390X_AES_128 18 -# define S390X_AES_192 19 -# define S390X_AES_256 20 +# define S390X_AES_128 18 +# define S390X_AES_192 19 +# define S390X_AES_256 20 /* km */ -# define S390X_XTS_AES_128 50 -# define S390X_XTS_AES_256 52 +# define S390X_XTS_AES_128 50 +# define S390X_XTS_AES_256 52 /* prno */ -# define S390X_SHA_512_DRNG 3 -# define S390X_TRNG 114 +# define S390X_SHA_512_DRNG 3 +# define S390X_TRNG 114 /* pcc */ -# define S390X_SCALAR_MULTIPLY_P256 64 -# define S390X_SCALAR_MULTIPLY_P384 65 -# define S390X_SCALAR_MULTIPLY_P521 66 +# define S390X_SCALAR_MULTIPLY_P256 64 +# define S390X_SCALAR_MULTIPLY_P384 65 +# define S390X_SCALAR_MULTIPLY_P521 66 /* kdsa */ -# define S390X_ECDSA_VERIFY_P256 1 -# define S390X_ECDSA_VERIFY_P384 2 -# define S390X_ECDSA_VERIFY_P521 3 -# define S390X_ECDSA_SIGN_P256 9 -# define S390X_ECDSA_SIGN_P384 10 -# define S390X_ECDSA_SIGN_P521 11 +# define S390X_ECDSA_VERIFY_P256 1 +# define S390X_ECDSA_VERIFY_P384 2 +# define S390X_ECDSA_VERIFY_P521 3 +# define S390X_ECDSA_SIGN_P256 9 +# define S390X_ECDSA_SIGN_P384 10 +# define S390X_ECDSA_SIGN_P521 11 /* Register 0 Flags */ -# define S390X_DECRYPT 0x80 -# define S390X_KMA_LPC 0x100 -# define S390X_KMA_LAAD 0x200 -# define S390X_KMA_HS 0x400 -# define S390X_KDSA_D 0x80 +# define S390X_DECRYPT 0x80 +# define S390X_KMA_LPC 0x100 +# define S390X_KMA_LAAD 0x200 +# define S390X_KMA_HS 0x400 +# define S390X_KDSA_D 0x80 #endif diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index a985026..7d06695 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -16,35 +16,35 @@ #include "internal/ctype.h" #include "s390x_arch.h" -#define LEN 128 -#define STR_(S) #S -#define STR(S) STR_(S) - -#define TOK_FUNC(NAME) \ - (sscanf(tok_begin, \ - " " STR(NAME) " : %" STR(LEN) "[^:] : " \ - "%" STR(LEN) "s %" STR(LEN) "s ", \ - tok[0], tok[1], tok[2]) == 2) { \ - \ - off = (tok[0][0] == '~') ? 1 : 0; \ - if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \ - goto ret; \ - if (off) \ - cap->NAME[0] = ~cap->NAME[0]; \ - \ - off = (tok[1][0] == '~') ? 1 : 0; \ - if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \ - goto ret; \ - if (off) \ - cap->NAME[1] = ~cap->NAME[1]; \ +#define LEN 128 +#define STR_(S) #S +#define STR(S) STR_(S) + +#define TOK_FUNC(NAME) \ + (sscanf(tok_begin, \ + " " STR(NAME) " : %" STR(LEN) "[^:] : " \ + "%" STR(LEN) "s %" STR(LEN) "s ", \ + tok[0], tok[1], tok[2]) == 2) { \ + \ + off = (tok[0][0] == '~') ? 1 : 0; \ + if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \ + goto ret; \ + if (off) \ + cap->NAME[0] = ~cap->NAME[0]; \ + \ + off = (tok[1][0] == '~') ? 1 : 0; \ + if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \ + goto ret; \ + if (off) \ + cap->NAME[1] = ~cap->NAME[1]; \ } -#define TOK_CPU(NAME) \ - (sscanf(tok_begin, \ - " %" STR(LEN) "s %" STR(LEN) "s ", \ - tok[0], tok[1]) == 1 \ - && !strcmp(tok[0], #NAME)) { \ - memcpy(cap, &NAME, sizeof(*cap)); \ +#define TOK_CPU(NAME) \ + (sscanf(tok_begin, \ + " %" STR(LEN) "s %" STR(LEN) "s ", \ + tok[0], tok[1]) == 1 \ + && !strcmp(tok[0], #NAME)) { \ + memcpy(cap, &NAME, sizeof(*cap)); \ } static sigjmp_buf ill_jmp; diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 4c1ec55..52c675a 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -88,8 +88,8 @@ * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms. */ # elif !defined(OPENSSL_SYS_VMS) \ - && !defined(OPENSSL_SYS_MSDOS) \ - && !defined(OPENSSL_SYS_VXWORKS) + && !defined(OPENSSL_SYS_MSDOS) \ + && !defined(OPENSSL_SYS_VXWORKS) # define TERMIOS # undef TERMIO # undef SGTTY diff --git a/include/internal/numbers.h b/include/internal/numbers.h index 185c578..f3c6bbc 100644 --- a/include/internal/numbers.h +++ b/include/internal/numbers.h @@ -12,19 +12,19 @@ # include -# if (-1 & 3) == 0x03 /* Two's complement */ +# if (-1 & 3) == 0x03 /* Two's complement */ # define __MAXUINT__(T) ((T) -1) # define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) # define __MININT__(T) (-__MAXINT__(T) - 1) -# elif (-1 & 3) == 0x02 /* One's complement */ +# elif (-1 & 3) == 0x02 /* One's complement */ # define __MAXUINT__(T) (((T) -1) + 1) # define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) # define __MININT__(T) (-__MAXINT__(T)) -# elif (-1 & 3) == 0x01 /* Sign/magnitude */ +# elif (-1 & 3) == 0x01 /* Sign/magnitude */ # define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) # define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) diff --git a/include/openssl/core.h b/include/openssl/core.h index 848b714..e9bc489 100644 --- a/include/openssl/core.h +++ b/include/openssl/core.h @@ -146,7 +146,7 @@ struct ossl_param_st { /* * Typedef for the thread stop handling callback. Used both internally and by * providers. - * + * * Providers may register for notifications about threads stopping by * registering a callback to hear about such events. Providers register the * callback using the OSSL_FUNC_CORE_THREAD_START function in the |in| dispatch diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 37756e2..974fd2e 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -47,7 +47,7 @@ void RAND_seed(const void *buf, int num); void RAND_keep_random_devices_open(int keep); # if defined(__ANDROID__) && defined(__NDK_FPABI__) -__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ # endif void RAND_add(const void *buf, int num, double randomness); int RAND_load_file(const char *file, long max_bytes); diff --git a/providers/common/provlib.c b/providers/common/provlib.c index 43da7cd..2bab77d 100644 --- a/providers/common/provlib.c +++ b/providers/common/provlib.c @@ -16,6 +16,6 @@ */ const char *ossl_prov_util_nid_to_name(int nid) { - return OBJ_nid2sn(nid); + return OBJ_nid2sn(nid); } diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 8978d1b..c1fbe4a 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -132,7 +132,7 @@ static int dummy_evp_call(void *provctx) || !BN_add(a, a, b) || BN_cmp(a, b) != 0) goto err; - + if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) goto err; @@ -143,7 +143,7 @@ static int dummy_evp_call(void *provctx) err: BN_CTX_end(bnctx); BN_CTX_free(bnctx); - + EVP_MD_CTX_free(ctx); EVP_MD_meth_free(sha256); return ret; diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 2a9b796..4941da3 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -629,7 +629,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 && type == TLSEXT_TYPE_cryptopro_bug) #endif - ) { + ) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION); goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 05c4ba5..93b14b8 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1721,8 +1721,8 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) continue; clu = ssl_cert_lookup_by_idx(lu->sig_idx); - if (clu == NULL) - continue; + if (clu == NULL) + continue; /* If algorithm is disabled see if we can enable it */ if ((clu->amask & disabled_mask) != 0 diff --git a/test/bntest.c b/test/bntest.c index 1e50210..c3d6b93 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2526,7 +2526,7 @@ int setup_tests(void) break; default: case OPT_ERR: - return 0; + return 0; } } n = test_get_argument_count(); diff --git a/test/drbg_cavs_test.c b/test/drbg_cavs_test.c index ce7a565..183624c 100644 --- a/test/drbg_cavs_test.c +++ b/test/drbg_cavs_test.c @@ -273,7 +273,7 @@ static int test_cavs_kats(const struct drbg_kat *test[], int i) if (!single_kat_pr_true(td)) goto err; break; - default: /* cant happen */ + default: /* cant happen */ goto err; } rv = 1; diff --git a/test/ecstresstest.c b/test/ecstresstest.c index a589103..5a831e3 100644 --- a/test/ecstresstest.c +++ b/test/ecstresstest.c @@ -144,7 +144,7 @@ int setup_tests(void) break; default: case OPT_ERR: - return 0; + return 0; } } diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 7a1a589..40ed373 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -162,10 +162,10 @@ static int check_single_test_params(char *name, char *testname, char *itname) if (strcmp(name, all_tests[i].test_case_name) == 0) { single_test = 1 + i; break; - } + } } - if (i >= num_tests) - single_test = atoi(name); + if (i >= num_tests) + single_test = atoi(name); } From no-reply at appveyor.com Wed Jul 17 03:13:25 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Jul 2019 03:13:25 +0000 Subject: Build completed: openssl master.25990 Message-ID: <20190717031325.1.B05AC549101A056C@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 17 03:17:44 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 17 Jul 2019 03:17:44 +0000 Subject: Still Failing: openssl/openssl#26575 (master - 4bd8b24) In-Reply-To: Message-ID: <5d2e93587c8e5_43f937e4832e8366f7@2f635a97-0ec0-4a55-8694-dcbe5dcd4a5a.mail> Build Update for openssl/openssl ------------------------------------- Build: #26575 Status: Still Failing Duration: 18 mins and 44 secs Commit: 4bd8b24 (master) Author: Pauli Message: remove end of line spaces Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/9397) View the changeset: https://github.com/openssl/openssl/compare/e3a0d367299e...4bd8b24045e1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559762492?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 17 03:23:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Jul 2019 03:23:14 +0000 Subject: Build failed: openssl master.25991 Message-ID: <20190717032314.1.6B36F5C86090FBA7@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 17 03:49:03 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Jul 2019 03:49:03 +0000 Subject: Build completed: openssl master.25992 Message-ID: <20190717034903.1.3577A28ACC2D5B45@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 17 06:09:13 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jul 2019 06:09:13 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1563343753.224118.20908.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: e3a0d36729 Auto add a label depending on the type of issue they report. da02018143 Provider config module: allow providers to already be loaded fe9edc9d39 Fix SSL_CTX_set_session_id_context() docs c17d60ea29 s390x assembly pack: fix restoring of SIGILL action 5fe499cb75 Actually silently ignore GET / OCSP requests 12df11bdf1 Document the new EVP_KEYEXCH type and related functions 35aca9eccb Add the ability to set PKCS#3 DH padding in providers 94b40fb77c Enable PKCS#3 DH in the providers 89e291742f Implement PKCS#3 DH Key Exchange in the default provider ff64702b3d Make the EVP Key Exchange code provider aware cbfa5b0398 Regenerate mkerr files aac96e2797 Remove function name from errors 3d9b33b5e4 Remove DRBG from SSL structure. 459b15d451 Add Common shared code needed to move aes ciphers to providers 0d03acea7a remove end of line whitespace b880583475 Convert asn1_dsa.c to use the WPACKET API instead 15cb0f0958 Give WPACKET the ability to have a NULL buffer underneath it 8ae173bb57 Convert asn1_dsa.c to use the PACKET API instead 0d345f0e10 Make the PACKET/WPACKET code available to both libcrypto and libssl 54846b7c6e Add simple ASN.1 utils for DSA signature DER. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:294: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:305: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:311: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:314: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:317: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:402: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:422: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:435: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:468: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:469: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_memdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strndup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OPENSSL_hexstr2buf': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:162: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:165: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:168: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:259: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7151: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Wed Jul 17 06:59:36 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 17 Jul 2019 06:59:36 +0000 Subject: [openssl] master update Message-ID: <1563346776.880751.23438.nullmailer@dev.openssl.org> The branch master has been updated via 3c93fbacf6f5abd63e1d1763e7da537ed87f2a5d (commit) from 4bd8b24045e1b044a2696b0675a9120ac0384567 (commit) - Log ----------------------------------------------------------------- commit 3c93fbacf6f5abd63e1d1763e7da537ed87f2a5d Author: Pauli Date: Wed Jul 17 16:59:09 2019 +1000 Parameter building utilities. A fuller implementation of PARAMS_TEMPLATE as per #9266 but renamed. This introduces a statis data type which can be used to constructor a description of a parameter array. It can then be converted into a OSSL_PARAM array and the allocated storage freed by a single call to OPENSSL_free. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9305) ----------------------------------------------------------------------- Summary of changes: crypto/build.info | 2 +- crypto/cpt_err.c | 18 ++ crypto/err/openssl.txt | 22 +- crypto/param_build.c | 341 +++++++++++++++++++++ doc/internal/man3/ossl_param_bld_init.pod | 191 ++++++++++++ include/internal/param_build.h | 77 +++++ include/openssl/cryptoerr.h | 20 ++ test/build.info | 6 +- test/param_build_test.c | 295 ++++++++++++++++++ .../{04-test_params.t => 04-test_param_build.t} | 4 +- 10 files changed, 971 insertions(+), 5 deletions(-) create mode 100644 crypto/param_build.c create mode 100644 doc/internal/man3/ossl_param_bld_init.pod create mode 100644 include/internal/param_build.h create mode 100644 test/param_build_test.c copy test/recipes/{04-test_params.t => 04-test_param_build.t} (83%) diff --git a/crypto/build.info b/crypto/build.info index 90ccbc8..088ec87 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -68,7 +68,7 @@ SOURCE[../providers/fips]=$CORE_COMMON $UTIL_COMMON=\ cryptlib.c params.c bsearch.c ex_data.c o_str.c \ ctype.c threads_pthread.c threads_win.c threads_none.c initthread.c \ - context.c sparse_array.c $CPUIDASM + context.c sparse_array.c param_build.c $CPUIDASM $UTIL_DEFINE=$CPUIDDEF SOURCE[../libcrypto]=$UTIL_COMMON \ diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 9408134..fdf0e6e 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -18,12 +18,30 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = { "fips mode not supported"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_DATA_SPACE), + "insufficient data space"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_PARAM_SIZE), + "insufficient param size"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE), + "insufficient secure data space"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NULL_ARGUMENT), + "invalid null argument"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_OSSL_PARAM_TYPE), + "invalid ossl param type"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_ALREADY_EXISTS), "provider already exists"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_SECTION_ERROR), "provider section error"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_SECURE_MALLOC_FAILURE), + "secure malloc failure"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_STRING_TOO_LONG), "string too long"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_BYTES), "too many bytes"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_RECORDS), + "too many records"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ZERO_LENGTH_NUMBER), + "zero length number"}, {0, NULL} }; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 4608938..8aa62a6 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -397,11 +397,21 @@ CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup +CRYPTO_F_OSSL_PARAM_BLD_PUSH_BN:143: +CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR:144: +CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING:145: +CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR:146: +CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING:147: +CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM:148: +CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX:149: +CRYPTO_F_OSSL_PARAM_TYPE_TO_PARAM:150: CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN:132:OSSL_PROVIDER_add_builtin CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER:139:ossl_provider_add_parameter CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH:140:ossl_provider_set_module_path +CRYPTO_F_PARAM_PUSH:151: +CRYPTO_F_PARAM_PUSH_NUM:152: CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init @@ -807,11 +817,11 @@ EVP_F_EVP_DIGESTUPDATE:231:EVP_DigestUpdate EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate -EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id +EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup @@ -2215,9 +2225,19 @@ CRMF_R_UNSUPPORTED_POPO_METHOD:116:unsupported popo method CRMF_R_UNSUPPORTED_POPO_NOT_ACCEPTED:117:unsupported popo not accepted CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit +CRYPTO_R_INSUFFICIENT_DATA_SPACE:106:insufficient data space +CRYPTO_R_INSUFFICIENT_PARAM_SIZE:107:insufficient param size +CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE:108:insufficient secure data space +CRYPTO_R_INVALID_NULL_ARGUMENT:109:invalid null argument +CRYPTO_R_INVALID_OSSL_PARAM_TYPE:110:invalid ossl param type CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits CRYPTO_R_PROVIDER_ALREADY_EXISTS:104:provider already exists CRYPTO_R_PROVIDER_SECTION_ERROR:105:provider section error +CRYPTO_R_SECURE_MALLOC_FAILURE:111:secure malloc failure +CRYPTO_R_STRING_TOO_LONG:112:string too long +CRYPTO_R_TOO_MANY_BYTES:113:too many bytes +CRYPTO_R_TOO_MANY_RECORDS:114:too many records +CRYPTO_R_ZERO_LENGTH_NUMBER:115:zero length number CT_R_BASE64_DECODE_ERROR:108:base64 decode error CT_R_INVALID_LOG_ID_LENGTH:100:invalid log id length CT_R_LOG_CONF_INVALID:109:log conf invalid diff --git a/crypto/param_build.c b/crypto/param_build.c new file mode 100644 index 0000000..851b735 --- /dev/null +++ b/crypto/param_build.c @@ -0,0 +1,341 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "internal/param_build.h" + +typedef union { + OSSL_UNION_ALIGN; +} OSSL_PARAM_BLD_BLOCK; + +#define ALIGN_SIZE sizeof(OSSL_PARAM_BLD_BLOCK) + +static size_t bytes_to_blocks(size_t bytes) +{ + return (bytes + ALIGN_SIZE - 1) / ALIGN_SIZE; +} + +static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key, + int size, size_t alloc, int type, + int secure) +{ + OSSL_PARAM_BLD_DEF *pd; + + if (bld->curr >= OSSL_PARAM_BLD_MAX) { + CRYPTOerr(CRYPTO_F_PARAM_PUSH, CRYPTO_R_TOO_MANY_RECORDS); + return NULL; + } + pd = bld->params + bld->curr++; + memset(pd, 0, sizeof(*pd)); + pd->key = key; + pd->type = type; + pd->size = size; + pd->alloc_blocks = bytes_to_blocks(size); + if ((pd->secure = secure) != 0) + bld->secure_blocks += pd->alloc_blocks; + else + bld->total_blocks += pd->alloc_blocks; + return pd; +} + +static int param_push_num(OSSL_PARAM_BLD *bld, const char *key, + void *num, size_t size, int type) +{ + OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0); + + if (pd == NULL) + return 0; + if (size > sizeof(pd->num)) { + CRYPTOerr(CRYPTO_F_PARAM_PUSH_NUM, CRYPTO_R_TOO_MANY_BYTES); + return 0; + } + memcpy(&pd->num, num, size); + return 1; +} + +void ossl_param_bld_init(OSSL_PARAM_BLD *bld) +{ + memset(bld, 0, sizeof(*bld)); +} + +int ossl_param_bld_push_int(OSSL_PARAM_BLD *bld, const char *key, int num) +{ + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); +} + +int ossl_param_bld_push_uint(OSSL_PARAM_BLD *bld, const char *key, + unsigned int num) +{ + return param_push_num(bld, key, &num, sizeof(num), + OSSL_PARAM_UNSIGNED_INTEGER); +} + +int ossl_param_bld_push_long(OSSL_PARAM_BLD *bld, const char *key, + long int num) +{ + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); +} + +int ossl_param_bld_push_ulong(OSSL_PARAM_BLD *bld, const char *key, + unsigned long int num) +{ + return param_push_num(bld, key, &num, sizeof(num), + OSSL_PARAM_UNSIGNED_INTEGER); +} + +int ossl_param_bld_push_int32(OSSL_PARAM_BLD *bld, const char *key, + int32_t num) +{ + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); +} + +int ossl_param_bld_push_uint32(OSSL_PARAM_BLD *bld, const char *key, + uint32_t num) +{ + return param_push_num(bld, key, &num, sizeof(num), + OSSL_PARAM_UNSIGNED_INTEGER); +} + +int ossl_param_bld_push_int64(OSSL_PARAM_BLD *bld, const char *key, + int64_t num) +{ + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); +} + +int ossl_param_bld_push_uint64(OSSL_PARAM_BLD *bld, const char *key, + uint64_t num) +{ + return param_push_num(bld, key, &num, sizeof(num), + OSSL_PARAM_UNSIGNED_INTEGER); +} + +int ossl_param_bld_push_size_t(OSSL_PARAM_BLD *bld, const char *key, + size_t num) +{ + return param_push_num(bld, key, &num, sizeof(num), + OSSL_PARAM_UNSIGNED_INTEGER); +} + +int ossl_param_bld_push_double(OSSL_PARAM_BLD *bld, const char *key, + double num) +{ + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL); +} + +int ossl_param_bld_push_BN(OSSL_PARAM_BLD *bld, const char *key, + const BIGNUM *bn) +{ + int sz = -1, secure = 0; + OSSL_PARAM_BLD_DEF *pd; + + if (bn != NULL) { + sz = BN_num_bytes(bn); + if (sz < 0) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_BN, + CRYPTO_R_ZERO_LENGTH_NUMBER); + return 0; + } + if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE) + secure = 1; + } + pd = param_push(bld, key, sz, sz >= 0 ? sz : 0, + OSSL_PARAM_UNSIGNED_INTEGER, secure); + if (pd == NULL) + return 0; + pd->bn = bn; + return 1; +} + +int ossl_param_bld_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, + char *buf, size_t bsize) +{ + OSSL_PARAM_BLD_DEF *pd; + + if (bsize == 0) { + bsize = strlen(buf) + 1; + } else if (bsize > INT_MAX) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING, + CRYPTO_R_STRING_TOO_LONG); + return 0; + } + pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_UTF8_STRING, 0); + if (pd == NULL) + return 0; + pd->string = buf; + return 1; +} + +int ossl_param_bld_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, + char *buf, size_t bsize) +{ + OSSL_PARAM_BLD_DEF *pd; + + if (bsize == 0) { + bsize = strlen(buf) + 1; + } else if (bsize > INT_MAX) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR, + CRYPTO_R_STRING_TOO_LONG); + return 0; + } + pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0); + if (pd == NULL) + return 0; + pd->string = buf; + return 1; +} + +int ossl_param_bld_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, + void *buf, size_t bsize) +{ + OSSL_PARAM_BLD_DEF *pd; + + if (bsize > INT_MAX) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING, + CRYPTO_R_STRING_TOO_LONG); + return 0; + } + pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0); + if (pd == NULL) + return 0; + pd->string = buf; + return 1; +} + +int ossl_param_bld_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, + void *buf, size_t bsize) +{ + OSSL_PARAM_BLD_DEF *pd; + + if (bsize > INT_MAX) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR, + CRYPTO_R_STRING_TOO_LONG); + return 0; + } + pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0); + if (pd == NULL) + return 0; + pd->string = buf; + return 1; +} + +static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param, + OSSL_PARAM_BLD_BLOCK *blk, + OSSL_PARAM_BLD_BLOCK *secure) +{ + size_t i; + OSSL_PARAM_BLD_DEF *pd; + void *p; + + for (i = 0; i < bld->curr; i++) { + pd = bld->params + i; + param[i].key = pd->key; + param[i].data_type = pd->type; + param[i].data_size = pd->size; + param[i].return_size = 0; + + if (pd->secure) { + p = secure; + secure += pd->alloc_blocks; + } else { + p = blk; + blk += pd->alloc_blocks; + } + param[i].data = p; + if (pd->bn != NULL) { + /* BIGNUM */ + BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size); + } else if (pd->type == OSSL_PARAM_OCTET_PTR + || pd->type == OSSL_PARAM_UTF8_PTR) { + /* PTR */ + *(void **)p = pd->string; + } else if (pd->type == OSSL_PARAM_OCTET_STRING + || pd->type == OSSL_PARAM_UTF8_STRING) { + if (pd->string != NULL) + memcpy(p, pd->string, pd->size); + else + memset(p, 0, pd->size); + } else { + /* Number, but could also be a NULL BIGNUM */ + if (pd->size > sizeof(pd->num)) + memset(p, 0, pd->size); + else if (pd->size > 0) + memcpy(p, &pd->num, pd->size); + } + } + param[i] = OSSL_PARAM_construct_end(); + return param; +} + +OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld, void **secure) +{ + OSSL_PARAM_BLD_BLOCK *blk, *s = NULL; + OSSL_PARAM *param; + const size_t p_blks = bytes_to_blocks((bld->curr + 1) * sizeof(*param)); + const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks); + + if (bld->secure_blocks > 0) { + if (secure == NULL) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, + CRYPTO_R_INVALID_NULL_ARGUMENT); + return NULL; + } + s = OPENSSL_secure_malloc(bld->secure_blocks * ALIGN_SIZE); + if (s == NULL) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, + CRYPTO_R_SECURE_MALLOC_FAILURE); + return NULL; + } + } + param = OPENSSL_malloc(total); + if (param == NULL) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE); + OPENSSL_secure_free(s); + return NULL; + } + if (secure != NULL) + *secure = s; + blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(param); + param_bld_convert(bld, param, blk, s); + return param; +} + +OSSL_PARAM *ossl_param_bld_to_param_ex(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, + size_t param_n, void *data, + size_t data_n, void *secure, + size_t secure_n) +{ + if (params == NULL || data == NULL) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX, + CRYPTO_R_INVALID_NULL_ARGUMENT); + return NULL; + } + if (param_n < bld->curr + 1) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX, + CRYPTO_R_INSUFFICIENT_PARAM_SIZE); + return NULL; + } + if (data_n < ALIGN_SIZE * bld->total_blocks) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX, + CRYPTO_R_INSUFFICIENT_DATA_SPACE); + return NULL; + } + if (bld->secure_blocks > 0 && secure_n < ALIGN_SIZE * bld->secure_blocks) { + CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX, + CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE); + return NULL; + } + param_bld_convert(bld, params, (OSSL_PARAM_BLD_BLOCK *)data, + (OSSL_PARAM_BLD_BLOCK *)secure); + return params; +} diff --git a/doc/internal/man3/ossl_param_bld_init.pod b/doc/internal/man3/ossl_param_bld_init.pod new file mode 100644 index 0000000..ca206c7 --- /dev/null +++ b/doc/internal/man3/ossl_param_bld_init.pod @@ -0,0 +1,191 @@ +=pod + +=head1 NAME + +ossl_param_build_init, +ossl_param_build_to_param, ossl_param_build_push_int, +ossl_param_build_push_uint, ossl_param_build_push_long, +ossl_param_build_push_ulong, ossl_param_build_push_int32, +ossl_param_build_push_uint32, ossl_param_build_push_int64, +ossl_param_build_push_uint64, ossl_param_build_push_size_t, +ossl_param_build_push_double, ossl_param_build_push_BN, +ossl_param_build_push_utf8_string, ossl_param_build_push_utf8_ptr, +ossl_param_build_push_octet_string, ossl_param_build_push_octet_ptr +- functions to assist in the creation of OSSL_PARAM arrays + +=head1 SYNOPSIS + +=for comment generic + + #include "internal/params_template.h" + + #define OSSL_PARAM_BLD_MAX 10 + typedef struct { ... } OSSL_PARAM_BLD; + + void ossl_param_build_init(OSSL_PARAM_BLD *bld); + OSSL_PARAM *ossl_param_build_to_param(OSSL_PARAM_BLD *bld, void **secure); + OSSL_PARAM *ossl_param_build_to_param_ex(OSSL_PARAM_BLD *bld, + OSSL_PARAM *params, size_t param_n, + void *data, size_t data_n, + void *secure, size_t secure_n); + + int ossl_param_build_push_TYPE(OSSL_PARAM_BLD *bld, const char *key, TYPE val); + + int ossl_param_build_push_BN(OSSL_PARAM_BLD *bld, const char *key, + const BIGNUM *bn); + + int ossl_param_build_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, + char *buf, size_t bsize); + int ossl_param_build_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, + char *buf, size_t bsize); + int ossl_param_build_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, + void *buf, size_t bsize); + int ossl_param_build_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, + void *buf, size_t bsize); + + +=head1 DESCRIPTION + +A collection of utility functions that simplify the creation of OSSL_PARAM +arrays. The B names are as per L. + +ossl_param_build_init() initialises the OSSL_PARAM_BLD structure so that values +can be added. +Any existing values are cleared. + +ossl_param_build_to_param() converts a built up OSSL_PARAM_BLD structure +B into an allocated OSSL_PARAM array. +The pointer referenced by the B argument is set to point to an +allocated block of secure memory if required and to NULL it not. +The OSSL_PARAM array and all associated storage can be freed by calling +OPENSSL_free() with the functions return value and OPENSSL_secure_free() +with the pointer referenced by B. + +ossl_param_build_to_param_ex() behaves like ossl_param_build_to_param(), except that +no additional memory is allocated. +An OSSL_PARAM array of at least B elements is passed in as B. +The auxiliary storage for the parameters is a block of memory pointed to +by B of at least B bytes in size. +If required, secure memory for private BIGNUMs should be pointed to by +B of at least B bytes in size. + +ossl_param_build_push_TYPE() are a series of functions which will create +OSSL_PARAM objects of the specified size and correct type for the B +argument. +B is stored by value and an expression or auto variable can be used. + +ossl_param_build_push_BN() is a function that will create an OSSL_PARAM object +that holds the specified BIGNUM B. +If B is marked as being securely allocated, the secure flag is +set in the OSSL_PARAM_BLD structure. +The B argument is stored by reference and the underlying BIGNUM object +must exist until after ossl_param_build_to_param() has been called. + +ossl_param_build_push_utf8_string() is a function that will create an OSSL_PARAM +object that references the UTF8 string specified by B. +If the length of the string, B, is zero then it will be calculated. +The string that B points to is stored by reference and must remain in +scope until after ossl_param_build_to_param() has been called. + +ossl_param_build_push_octet_string() is a function that will create an OSSL_PARAM +object that references the octet string specified by B and . +The memory that B points to is stored by reference and must remain in +scope until after ossl_param_build_to_param() has been called. + +ossl_param_build_push_utf8_ptr() is a function that will create an OSSL_PARAM +object that references the UTF8 string specified by B. +If the length of the string, B, is zero then it will be calculated. +The string B points to is stored by reference and must remain in +scope until the OSSL_PARAM array is freed. + +ossl_param_build_push_octet_ptr() is a function that will create an OSSL_PARAM +object that references the octet string specified by B. +The memory B points to is stored by reference and must remain in +scope until the OSSL_PARAM array is freed. + +=head1 RETURN VALUES + +ossl_param_build_to_param() and ossl_param_bld_to_param_ex() return the +allocated OSSL_PARAM array, or NULL on error. + +All of the ossl_param_build_push_TYPE functions return 1 on success and 0 +on error. + +=head1 NOTES + +The constant B specifies the maximum number of parameters +that can be added. +Exceeding this will result in the push functions returning errors. + +The structure B should be considered opaque and subject to +change between versions. + +=head1 EXAMPLES + +Both examples creating an OSSL_PARAM array that contains an RSA key. +For both, the predefined key variables are: + + BIGNUM *p, *q; /* both prime */ + BIGNUM *n; /* = p * q */ + unsigned int e; /* exponent, usually 65537 */ + BIGNUM *d; /* e^-1 */ + +=head2 Example 1 + +This example shows how to create an OSSL_PARAM array that contains an RSA +private key. + + OSSL_PARAM_BLD bld; + OSSL_PARAM *params; + void *secure; + + ossl_param_build_init(&bld, &secure); + if (!ossl_param_build_push_BN(&bld, "p", p) + || !ossl_param_build_push_BN(&bld, "q", q) + || !ossl_param_build_push_uint(&bld, "e", e) + || !ossl_param_build_push_BN(&bld, "n", n) + || !ossl_param_build_push_BN(&bld, "d", d) + || (params = ossl_param_build_to_param(&bld)) == NULL) + goto err; + /* Use params */ + ... + OPENSSL_free(params); + OPENSSL_secure_free(secure); + +=head2 Example 2 + +This example shows how to create an OSSL_PARAM array that contains an RSA +public key. + + OSSL_PARAM_BLD bld; + OSSL_PARAM *params; + void *secure; + + ossl_param_build_init(&bld, &secure); + if (!ossl_param_build_push_BN(&bld, "n", n) + || !ossl_param_build_push_BN(&bld, "d", d) + || (params = ossl_param_build_to_param(&bld)) == NULL) + goto err; + /* Use params */ + ... + OPENSSL_free(params); + OPENSSL_secure_free(secure); + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The functions described here were all added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/internal/param_build.h b/include/internal/param_build.h new file mode 100644 index 0000000..762d7b1 --- /dev/null +++ b/include/internal/param_build.h @@ -0,0 +1,77 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#define OSSL_PARAM_BLD_MAX 10 + +typedef struct { + const char *key; + int type; + int secure; + size_t size; + size_t alloc_blocks; + const BIGNUM *bn; + void *string; + union { + /* + * These fields are never directly addressed, but their sizes are + * imporant so that all native types can be copied here without overrun. + */ + ossl_intmax_t i; + ossl_uintmax_t u; + double d; + } num; +} OSSL_PARAM_BLD_DEF; + +typedef struct { + size_t curr; + size_t total_blocks; + size_t secure_blocks; + OSSL_PARAM_BLD_DEF params[OSSL_PARAM_BLD_MAX]; +} OSSL_PARAM_BLD; + +void ossl_param_bld_init(OSSL_PARAM_BLD *bld); +OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld, void **secure); +OSSL_PARAM *ossl_param_bld_to_param_ex(OSSL_PARAM_BLD *bld, + OSSL_PARAM *params, size_t param_n, + void *data, size_t data_n, + void *secure, size_t secure_n); + +int ossl_param_bld_push_int(OSSL_PARAM_BLD *bld, const char *key, int val); +int ossl_param_bld_push_uint(OSSL_PARAM_BLD *bld, const char *key, + unsigned int val); +int ossl_param_bld_push_long(OSSL_PARAM_BLD *bld, const char *key, + long int val); +int ossl_param_bld_push_ulong(OSSL_PARAM_BLD *bld, const char *key, + unsigned long int val); +int ossl_param_bld_push_int32(OSSL_PARAM_BLD *bld, const char *key, + int32_t val); +int ossl_param_bld_push_uint32(OSSL_PARAM_BLD *bld, const char *key, + uint32_t val); +int ossl_param_bld_push_int64(OSSL_PARAM_BLD *bld, const char *key, + int64_t val); +int ossl_param_bld_push_uint64(OSSL_PARAM_BLD *bld, const char *key, + uint64_t val); +int ossl_param_bld_push_size_t(OSSL_PARAM_BLD *bld, const char *key, + size_t val); +int ossl_param_bld_push_double(OSSL_PARAM_BLD *bld, const char *key, + double val); +int ossl_param_bld_push_BN(OSSL_PARAM_BLD *bld, const char *key, + const BIGNUM *bn); +int ossl_param_bld_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, + char *buf, size_t bsize); +int ossl_param_bld_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, + char *buf, size_t bsize); +int ossl_param_bld_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, + void *buf, size_t bsize); +int ossl_param_bld_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, + void *buf, size_t bsize); diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index 5df2247..9fdf52c 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -46,11 +46,21 @@ int ERR_load_CRYPTO_strings(void); # define CRYPTO_F_OPENSSL_LH_NEW 0 # define CRYPTO_F_OPENSSL_SK_DEEP_COPY 0 # define CRYPTO_F_OPENSSL_SK_DUP 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_BN 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING 0 +# define CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM 0 +# define CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX 0 +# define CRYPTO_F_OSSL_PARAM_TYPE_TO_PARAM 0 # define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 0 # define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN 0 # define CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER 0 # define CRYPTO_F_OSSL_PROVIDER_NEW 0 # define CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH 0 +# define CRYPTO_F_PARAM_PUSH 0 +# define CRYPTO_F_PARAM_PUSH_NUM 0 # define CRYPTO_F_PKEY_HMAC_INIT 0 # define CRYPTO_F_PKEY_POLY1305_INIT 0 # define CRYPTO_F_PKEY_SIPHASH_INIT 0 @@ -67,8 +77,18 @@ int ERR_load_CRYPTO_strings(void); */ # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 # define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106 +# define CRYPTO_R_INSUFFICIENT_PARAM_SIZE 107 +# define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE 108 +# define CRYPTO_R_INVALID_NULL_ARGUMENT 109 +# define CRYPTO_R_INVALID_OSSL_PARAM_TYPE 110 # define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 # define CRYPTO_R_PROVIDER_ALREADY_EXISTS 104 # define CRYPTO_R_PROVIDER_SECTION_ERROR 105 +# define CRYPTO_R_SECURE_MALLOC_FAILURE 111 +# define CRYPTO_R_STRING_TOO_LONG 112 +# define CRYPTO_R_TOO_MANY_BYTES 113 +# define CRYPTO_R_TOO_MANY_RECORDS 114 +# define CRYPTO_R_ZERO_LENGTH_NUMBER 115 #endif diff --git a/test/build.info b/test/build.info index 6966149..f9d429e 100644 --- a/test/build.info +++ b/test/build.info @@ -44,7 +44,7 @@ IF[{- !$disabled{tests} -}] packettest asynctest secmemtest srptest memleaktest stack_test \ dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ - bio_callback_test bio_memleak_test \ + bio_callback_test bio_memleak_test param_build_test \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test \ @@ -326,6 +326,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[params_conversion_test]=../include ../apps/include DEPEND[params_conversion_test]=../libcrypto libtestutil.a + SOURCE[param_build_test]=param_build_test.c + INCLUDE[param_build_test]=../include ../apps/include + DEPEND[param_build_test]=../libcrypto.a libtestutil.a + SOURCE[sslapitest]=sslapitest.c ssltestlib.c INCLUDE[sslapitest]=../include ../apps/include .. DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a diff --git a/test/param_build_test.c b/test/param_build_test.c new file mode 100644 index 0000000..278553d --- /dev/null +++ b/test/param_build_test.c @@ -0,0 +1,295 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/param_build.h" +#include "internal/nelem.h" +#include "testutil.h" + +static int template_public_test(void) +{ + OSSL_PARAM_BLD bld; + OSSL_PARAM *params = NULL, *p; + void *secure = (void *)"abc"; + int i; + long int l; + int32_t i32; + int64_t i64; + double d; + char *utf = NULL; + const char *cutf; + int res = 0; + + ossl_param_bld_init(&bld); + if (!TEST_true(ossl_param_bld_push_int(&bld, "i", -6)) + || !TEST_true(ossl_param_bld_push_long(&bld, "l", 42)) + || !TEST_true(ossl_param_bld_push_int32(&bld, "i32", 1532)) + || !TEST_true(ossl_param_bld_push_int64(&bld, "i64", -9999999)) + || !TEST_true(ossl_param_bld_push_double(&bld, "d", 1.61803398875)) + || !TEST_true(ossl_param_bld_push_utf8_string(&bld, "utf8_s", "foo", + sizeof("foo"))) + || !TEST_true(ossl_param_bld_push_utf8_ptr(&bld, "utf8_p", "bar-boom", + 0)) + || !TEST_ptr(params = ossl_param_bld_to_param(&bld, &secure)) + || !TEST_ptr_null(secure) + /* Check int */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "i")) + || !TEST_true(OSSL_PARAM_get_int(p, &i)) + || !TEST_str_eq(p->key, "i") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(int)) + || !TEST_int_eq(i, -6) + /* Check int32 */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "i32")) + || !TEST_true(OSSL_PARAM_get_int32(p, &i32)) + || !TEST_str_eq(p->key, "i32") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(int32_t)) + || !TEST_int_eq((int)i32, 1532) + /* Check int64 */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "i64")) + || !TEST_str_eq(p->key, "i64") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(int64_t)) + || !TEST_true(OSSL_PARAM_get_int64(p, &i64)) + || !TEST_long_eq((long)i64, -9999999) + /* Check long */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "l")) + || !TEST_str_eq(p->key, "l") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(long int)) + || !TEST_true(OSSL_PARAM_get_long(p, &l)) + || !TEST_long_eq(l, 42) + /* Check double */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "d")) + || !TEST_true(OSSL_PARAM_get_double(p, &d)) + || !TEST_str_eq(p->key, "d") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_REAL) + || !TEST_size_t_eq(p->data_size, sizeof(double)) + || !TEST_double_eq(d, 1.61803398875) + /* Check UTF8 string */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "utf8_s")) + || !TEST_str_eq(p->data, "foo") + || !TEST_true(OSSL_PARAM_get_utf8_string(p, &utf, 0)) + || !TEST_str_eq(utf, "foo") + /* Check UTF8 pointer */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "utf8_p")) + || !TEST_true(OSSL_PARAM_get_utf8_ptr(p, &cutf)) + || !TEST_str_eq(cutf, "bar-boom")) + goto err; + res = 1; +err: + OPENSSL_free(params); + OPENSSL_secure_free(secure); + OPENSSL_free(utf); + return res; +} + +static int template_private_test(void) +{ + static int data1[] = { 2, 3, 5, 7, 11, 15, 17 }; + static unsigned char data2[] = { 2, 4, 6, 8, 10 }; + OSSL_PARAM_BLD bld; + OSSL_PARAM *params = NULL, *p; + void *secure = (void *)"abc"; + unsigned int i; + unsigned long int l; + uint32_t i32; + uint64_t i64; + size_t st; + BIGNUM *bn = NULL, *bn_res = NULL; + int res = 0; + + ossl_param_bld_init(&bld); + if (!TEST_true(ossl_param_bld_push_uint(&bld, "i", 6)) + || !TEST_true(ossl_param_bld_push_ulong(&bld, "l", 42)) + || !TEST_true(ossl_param_bld_push_uint32(&bld, "i32", 1532)) + || !TEST_true(ossl_param_bld_push_uint64(&bld, "i64", 9999999)) + || !TEST_true(ossl_param_bld_push_size_t(&bld, "st", 65537)) + || !TEST_ptr(bn = BN_new()) + || !TEST_true(BN_set_word(bn, 1729)) + || !TEST_true(ossl_param_bld_push_BN(&bld, "bignumber", bn)) + || !TEST_true(ossl_param_bld_push_octet_string(&bld, "oct_s", data1, + sizeof(data1))) + || !TEST_true(ossl_param_bld_push_octet_ptr(&bld, "oct_p", data2, + sizeof(data2))) + || !TEST_ptr(params = ossl_param_bld_to_param(&bld, &secure)) + /* Check unsigned int */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "i")) + || !TEST_true(OSSL_PARAM_get_uint(p, &i)) + || !TEST_str_eq(p->key, "i") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(int)) + || !TEST_uint_eq(i, 6) + /* Check unsigned int32 */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "i32")) + || !TEST_true(OSSL_PARAM_get_uint32(p, &i32)) + || !TEST_str_eq(p->key, "i32") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(int32_t)) + || !TEST_uint_eq((unsigned int)i32, 1532) + /* Check unsigned int64 */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "i64")) + || !TEST_str_eq(p->key, "i64") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(int64_t)) + || !TEST_true(OSSL_PARAM_get_uint64(p, &i64)) + || !TEST_ulong_eq((unsigned long)i64, 9999999) + /* Check unsigned long int */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "l")) + || !TEST_str_eq(p->key, "l") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(unsigned long int)) + || !TEST_true(OSSL_PARAM_get_ulong(p, &l)) + || !TEST_ulong_eq(l, 42) + /* Check size_t */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "st")) + || !TEST_str_eq(p->key, "st") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(size_t)) + || !TEST_true(OSSL_PARAM_get_size_t(p, &st)) + || !TEST_size_t_eq(st, 65537) + /* Check octet string */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "oct_s")) + || !TEST_str_eq(p->key, "oct_s") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_OCTET_STRING) + || !TEST_mem_eq(p->data, p->data_size, data1, sizeof(data1)) + /* Check octet pointer */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "oct_p")) + || !TEST_str_eq(p->key, "oct_p") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_OCTET_PTR) + || !TEST_mem_eq(*(void **)p->data, p->data_size, data2, sizeof(data2)) + /* Check BN */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "bignumber")) + || !TEST_str_eq(p->key, "bignumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &bn_res)) + || !TEST_int_eq(BN_cmp(bn_res, bn), 0)) + goto err; + res = 1; +err: + OPENSSL_secure_free(secure); + OPENSSL_free(params); + BN_free(bn); + BN_free(bn_res); + return res; +} + +static int template_static_params_test(int n) +{ + unsigned char data[1000], secure[500]; + OSSL_PARAM_BLD bld; + OSSL_PARAM params[20], *p; + BIGNUM *bn = NULL, *bn_r = NULL; + unsigned int i; + char *utf = NULL; + int res = 0; + + ossl_param_bld_init(&bld); + if (!TEST_true(ossl_param_bld_push_uint(&bld, "i", 6)) + || !TEST_ptr(bn = (n & 1) == 0 ? BN_new() : BN_secure_new()) + || !TEST_true(BN_set_word(bn, 1337)) + || !TEST_true(ossl_param_bld_push_BN(&bld, "bn", bn)) + || !TEST_true(ossl_param_bld_push_utf8_string(&bld, "utf8_s", "bar", + 0)) + || !TEST_ptr(ossl_param_bld_to_param_ex(&bld, params, + OSSL_NELEM(params), + data, sizeof(data), + secure, sizeof(secure))) + /* Check unsigned int */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "i")) + || !TEST_true(OSSL_PARAM_get_uint(p, &i)) + || !TEST_str_eq(p->key, "i") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_size_t_eq(p->data_size, sizeof(int)) + || !TEST_uint_eq(i, 6) + /* Check BIGNUM */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "bn")) + || !TEST_true(OSSL_PARAM_get_BN(p, &bn_r)) + || !TEST_str_eq(p->key, "bn") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_size_t_le(p->data_size, sizeof(BN_ULONG)) + || !TEST_uint_eq((unsigned int)BN_get_word(bn_r), 1337) + /* Check UTF8 string */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "utf8_s")) + || !TEST_str_eq(p->data, "bar") + || !TEST_true(OSSL_PARAM_get_utf8_string(p, &utf, 0)) + || !TEST_str_eq(utf, "bar")) + goto err; + res = 1; +err: + OPENSSL_free(utf); + BN_free(bn); + BN_free(bn_r); + return res; +} + +static int template_static_fail_test(int n) +{ + unsigned char data[10000], secure[500]; + OSSL_PARAM_BLD bld; + OSSL_PARAM prms[20]; + BIGNUM *bn = NULL; + int res = 0; + + ossl_param_bld_init(&bld); + if (!TEST_true(ossl_param_bld_push_uint(&bld, "i", 6)) + || !TEST_ptr(bn = (n & 1) == 0 ? BN_new() : BN_secure_new()) + || !TEST_true(BN_hex2bn(&bn, "ABCDEF78901234567890ABCDEF0987987654321")) + || !TEST_true(ossl_param_bld_push_BN(&bld, "bn", bn)) + || !TEST_true(ossl_param_bld_push_utf8_string(&bld, "utf8_s", "abc", + 1000)) + /* No OSSL_PARAMS */ + || !TEST_ptr_null(ossl_param_bld_to_param_ex(&bld, NULL, 0, data, + sizeof(data), secure, + sizeof(secure))) + /* Short OSSL_PARAMS */ + || !TEST_ptr_null(ossl_param_bld_to_param_ex(&bld, prms, 2, + data, sizeof(data), + secure, sizeof(secure))) + /* No normal data */ + || !TEST_ptr_null(ossl_param_bld_to_param_ex(&bld, prms, + OSSL_NELEM(prms), + NULL, 0, secure, + sizeof(secure))) + /* Not enough normal data */ + || !TEST_ptr_null(ossl_param_bld_to_param_ex(&bld, prms, + OSSL_NELEM(prms), + data, 50, secure, + sizeof(secure)))) + goto err; + if ((n & 1) == 1) { + /* No secure data */ + if (!TEST_ptr_null(ossl_param_bld_to_param_ex(&bld, prms, + OSSL_NELEM(prms), + data, sizeof(data), + NULL, 0)) + /* Not enough secure data */ + || !TEST_ptr_null(ossl_param_bld_to_param_ex(&bld, prms, + OSSL_NELEM(prms), + data, sizeof(data), + secure, 4))) + goto err; + } + res = 1; +err: + BN_free(bn); + return res; +} + +int setup_tests(void) +{ + ADD_TEST(template_public_test); + ADD_TEST(template_private_test); + ADD_ALL_TESTS(template_static_params_test, 2); + ADD_ALL_TESTS(template_static_fail_test, 2); + return 1; +} diff --git a/test/recipes/04-test_params.t b/test/recipes/04-test_param_build.t similarity index 83% copy from test/recipes/04-test_params.t copy to test/recipes/04-test_param_build.t index ae83d4f..b9846c5 100644 --- a/test/recipes/04-test_params.t +++ b/test/recipes/04-test_param_build.t @@ -10,6 +10,6 @@ use strict; use OpenSSL::Test; use OpenSSL::Test::Simple; -setup("test_params"); +setup("test_param_build"); -simple_test("test_params", "params_test"); +simple_test("test_param_build", "param_build_test"); From builds at travis-ci.org Wed Jul 17 07:20:06 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 17 Jul 2019 07:20:06 +0000 Subject: Still Failing: openssl/openssl#26578 (master - 3c93fba) In-Reply-To: Message-ID: <5d2ecc268d3c8_43fde0cc2aedc1120df@7fe9aa0b-5cda-4447-bb07-f0404aa1764b.mail> Build Update for openssl/openssl ------------------------------------- Build: #26578 Status: Still Failing Duration: 19 mins and 57 secs Commit: 3c93fba (master) Author: Pauli Message: Parameter building utilities. A fuller implementation of PARAMS_TEMPLATE as per #9266 but renamed. This introduces a statis data type which can be used to constructor a description of a parameter array. It can then be converted into a OSSL_PARAM array and the allocated storage freed by a single call to OPENSSL_free. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9305) View the changeset: https://github.com/openssl/openssl/compare/4bd8b24045e1...3c93fbacf6f5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559822981?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Wed Jul 17 11:44:12 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 17 Jul 2019 11:44:12 +0000 Subject: [openssl] master update Message-ID: <1563363852.033600.4479.nullmailer@dev.openssl.org> The branch master has been updated via 7bc82358ae930cfbd353602bc1fd25bfad107350 (commit) from 3c93fbacf6f5abd63e1d1763e7da537ed87f2a5d (commit) - Log ----------------------------------------------------------------- commit 7bc82358ae930cfbd353602bc1fd25bfad107350 Author: Matt Caswell Date: Tue Jul 16 15:32:35 2019 +0100 Fix the return value for SSL_get0_chain_certs() This function was always returning 0. It should return 1 on success. Fixes #9374 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9395) ----------------------------------------------------------------------- Summary of changes: ssl/s3_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3238fd9..8a22d01 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3552,6 +3552,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_CHAIN_CERTS: *(STACK_OF(X509) **)parg = s->cert->key->chain; + ret = 1; break; case SSL_CTRL_SELECT_CURRENT_CERT: From matt at openssl.org Wed Jul 17 11:44:31 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 17 Jul 2019 11:44:31 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563363871.620086.5548.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via beeaa8d06e68b22733f0df0c8cc7dcd42adad360 (commit) from 686ead4537ade69368ebf87679397105aee5d5c8 (commit) - Log ----------------------------------------------------------------- commit beeaa8d06e68b22733f0df0c8cc7dcd42adad360 Author: Matt Caswell Date: Tue Jul 16 15:32:35 2019 +0100 Fix the return value for SSL_get0_chain_certs() This function was always returning 0. It should return 1 on success. Fixes #9374 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9395) (cherry picked from commit 7bc82358ae930cfbd353602bc1fd25bfad107350) ----------------------------------------------------------------------- Summary of changes: ssl/s3_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d7dbf99..55c0192 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3567,6 +3567,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_CHAIN_CERTS: *(STACK_OF(X509) **)parg = s->cert->key->chain; + ret = 1; break; case SSL_CTRL_SELECT_CURRENT_CERT: From bernd.edlinger at hotmail.de Wed Jul 17 12:19:21 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 17 Jul 2019 12:19:21 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563365961.999112.24557.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 8d64f00fd91f83e36017d7517c9e6d9fd98f6237 (commit) from beeaa8d06e68b22733f0df0c8cc7dcd42adad360 (commit) - Log ----------------------------------------------------------------- commit 8d64f00fd91f83e36017d7517c9e6d9fd98f6237 Author: Bernd Edlinger Date: Mon Jul 15 21:10:59 2019 +0200 Fix a C++ comment in the refcount.h Although in a false-conditional code section gcc-4.8.4 flagged this with a C90 warning :-( include/internal/refcount.h:108:7: error: C++ style comments are not allowed in ISO C90 [-Werror] // under Windows CE we still have old-style Interlocked* functions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9388) ----------------------------------------------------------------------- Summary of changes: include/internal/refcount.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/internal/refcount.h b/include/internal/refcount.h index d2364c6..6e1a840 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -105,7 +105,7 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) # if _WIN32_WCE >= 0x600 extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); # else - // under Windows CE we still have old-style Interlocked* functions + /* under Windows CE we still have old-style Interlocked* functions */ extern long __cdecl InterlockedExchangeAdd(long volatile*, long); # define _InterlockedExchangeAdd InterlockedExchangeAdd # endif From builds at travis-ci.org Wed Jul 17 12:09:48 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 17 Jul 2019 12:09:48 +0000 Subject: Still Failing: openssl/openssl#26589 (master - 7bc8235) In-Reply-To: Message-ID: <5d2f100c9a492_43fdf3ef15e4830687e@41c21bab-120e-4fa2-9bf5-dba7b400b29d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26589 Status: Still Failing Duration: 25 mins and 2 secs Commit: 7bc8235 (master) Author: Matt Caswell Message: Fix the return value for SSL_get0_chain_certs() This function was always returning 0. It should return 1 on success. Fixes #9374 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9395) View the changeset: https://github.com/openssl/openssl/compare/3c93fbacf6f5...7bc82358ae93 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559923026?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Jul 17 12:50:05 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 17 Jul 2019 12:50:05 +0000 Subject: [openssl] master update Message-ID: <1563367805.561326.11679.nullmailer@dev.openssl.org> The branch master has been updated via e7aa7c11c71e84b2d6c06b1c81d130e8c1fba296 (commit) from 7bc82358ae930cfbd353602bc1fd25bfad107350 (commit) - Log ----------------------------------------------------------------- commit e7aa7c11c71e84b2d6c06b1c81d130e8c1fba296 Author: Rich Salz Date: Wed Jul 10 16:22:12 2019 -0400 Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop} They were only used for recursive ASN1 parsing. Even if the internal memory-debugging facility remains, this simplification seems worthwhile. Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9342) ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 +- crypto/asn1/tasn_new.c | 26 ------- crypto/mem_dbg.c | 169 ++------------------------------------------ doc/man3/OPENSSL_malloc.pod | 40 +++++------ include/internal/cryptlib.h | 3 - include/openssl/crypto.h | 16 +++-- util/indent.pro | 2 - util/libcrypto.num | 4 +- util/private.num | 4 +- 9 files changed, 43 insertions(+), 226 deletions(-) diff --git a/CHANGES b/CHANGES index f6062af..6b9e7c4 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been + deprecated. + [Rich Salz] + *) A new type, EVP_KEYEXCH, has been introduced to represent key exchange algorithms. An implementation of a key exchange algorithm can be obtained by using the function EVP_KEYEXCH_fetch(). An EVP_KEYEXCH algorithm can be @@ -22,7 +26,6 @@ *) Removed the function names from error messages and deprecated the xxx_F_xxx define's. - [Rich Salz] *) Removed NextStep support and the macro OPENSSL_UNISTD [Rich Salz] diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 0612a04..f9b924c 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -52,10 +52,6 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) else asn1_cb = 0; -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new"); -#endif - switch (it->itype) { case ASN1_ITYPE_EXTERN: @@ -85,9 +81,6 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) if (!i) goto auxerr; if (i == 2) { -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 1; } } @@ -110,9 +103,6 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) if (!i) goto auxerr; if (i == 2) { -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 1; } } @@ -141,27 +131,18 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) goto auxerr2; break; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 1; memerr2: asn1_item_embed_free(pval, it, embed); memerr: ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 0; auxerr2: asn1_item_embed_free(pval, it, embed); auxerr: ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 0; } @@ -219,10 +200,6 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) *pval = NULL; return 1; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_push(tt->field_name - ? tt->field_name : "asn1_template_new"); -#endif /* If SET OF or SEQUENCE OF, its a STACK */ if (tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *skval; @@ -239,9 +216,6 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) /* Otherwise pass it back to the item routine */ ret = asn1_item_embed_new(pval, it, embed); done: -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return ret; } diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 8fcdbec..3b1e37f 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -39,26 +39,9 @@ static int mh_mode = CRYPTO_MEM_CHECK_OFF; #ifndef OPENSSL_NO_CRYPTO_MDEBUG static unsigned long order = 0; /* number of memory requests */ -/*- - * For application-defined information (static C-string `info') - * to be displayed in memory leak list. - * Each thread has its own stack. For applications, there is - * OPENSSL_mem_debug_push("...") to push an entry, - * OPENSSL_mem_debug_pop() to pop an entry, - */ -struct app_mem_info_st { - CRYPTO_THREAD_ID threadid; - const char *file; - int line; - const char *info; - struct app_mem_info_st *next; /* tail of thread's stack */ - int references; -}; - static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT; CRYPTO_RWLOCK *memdbg_lock; static CRYPTO_RWLOCK *long_memdbg_lock; -static CRYPTO_THREAD_LOCAL appinfokey; /* memory-block description */ struct mem_st { @@ -69,7 +52,6 @@ struct mem_st { CRYPTO_THREAD_ID threadid; unsigned long order; time_t time; - APP_INFO *app_info; #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE void *array[30]; size_t array_siz; @@ -95,8 +77,7 @@ DEFINE_RUN_ONCE_STATIC(do_memdbg_init) { memdbg_lock = CRYPTO_THREAD_lock_new(); long_memdbg_lock = CRYPTO_THREAD_lock_new(); - if (memdbg_lock == NULL || long_memdbg_lock == NULL - || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) { + if (memdbg_lock == NULL || long_memdbg_lock == NULL) { CRYPTO_THREAD_lock_free(memdbg_lock); memdbg_lock = NULL; CRYPTO_THREAD_lock_free(long_memdbg_lock); @@ -106,15 +87,6 @@ DEFINE_RUN_ONCE_STATIC(do_memdbg_init) return 1; } -static void app_info_free(APP_INFO *inf) -{ - if (inf == NULL) - return; - if (--(inf->references) <= 0) { - app_info_free(inf->next); - OPENSSL_free(inf); - } -} #endif int CRYPTO_mem_ctrl(int mode) @@ -237,77 +209,14 @@ static unsigned long mem_hash(const MEM *a) return ret; } -/* returns 1 if there was an info to pop, 0 if the stack was empty. */ -static int pop_info(void) -{ - APP_INFO *current = NULL; - - if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) - return 0; - - current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); - if (current != NULL) { - APP_INFO *next = current->next; - - if (next != NULL) { - next->references++; - CRYPTO_THREAD_set_local(&appinfokey, next); - } else { - CRYPTO_THREAD_set_local(&appinfokey, NULL); - } - if (--(current->references) <= 0) { - current->next = NULL; - if (next != NULL) - next->references--; - OPENSSL_free(current); - } - return 1; - } - return 0; -} - int CRYPTO_mem_debug_push(const char *info, const char *file, int line) { - APP_INFO *ami, *amim; - int ret = 0; - - if (mem_check_on()) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - - if (!RUN_ONCE(&memdbg_init, do_memdbg_init) - || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL) - goto err; - - ami->threadid = CRYPTO_THREAD_get_current_id(); - ami->file = file; - ami->line = line; - ami->info = info; - ami->references = 1; - ami->next = NULL; - - amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); - CRYPTO_THREAD_set_local(&appinfokey, ami); - - if (amim != NULL) - ami->next = amim; - ret = 1; - err: - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - } - - return ret; + return 0; } int CRYPTO_mem_debug_pop(void) { - int ret = 0; - - if (mem_check_on()) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - ret = pop_info(); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - } - return ret; + return 0; } static unsigned long break_order_num = 0; @@ -316,7 +225,6 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, const char *file, int line) { MEM *m, *mm; - APP_INFO *amim; switch (before_p & 127) { case 0: @@ -359,18 +267,8 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, # endif m->time = time(NULL); - amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); - m->app_info = amim; - if (amim != NULL) - amim->references++; - - if ((mm = lh_MEM_insert(mh, m)) != NULL) { - /* Not good, but don't sweat it */ - if (mm->app_info != NULL) { - mm->app_info->references--; - } + if ((mm = lh_MEM_insert(mh, m)) != NULL) OPENSSL_free(mm); - } err: CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); } @@ -391,14 +289,9 @@ void CRYPTO_mem_debug_free(void *addr, int before_p, if (mem_check_on() && (mh != NULL)) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - m.addr = addr; mp = lh_MEM_delete(mh, &m); - if (mp != NULL) { - app_info_free(mp->app_info); - OPENSSL_free(mp); - } - + OPENSSL_free(mp); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); } break; @@ -456,11 +349,9 @@ static void print_leak(const MEM *m, MEM_LEAK *l) { char buf[1024]; char *bufp = buf, *hex; - size_t len = sizeof(buf), ami_cnt; - APP_INFO *amip; + size_t len = sizeof(buf); int n; struct tm *lcl = NULL; - CRYPTO_THREAD_ID ti; lcl = localtime(&m->time); n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ", @@ -490,56 +381,9 @@ static void print_leak(const MEM *m, MEM_LEAK *l) len -= n; l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg); - l->chunks++; l->bytes += m->num; - amip = m->app_info; - ami_cnt = 0; - - if (amip) { - ti = amip->threadid; - - do { - int buf_len; - int info_len; - - ami_cnt++; - if (ami_cnt >= sizeof(buf) - 1) - break; - memset(buf, '>', ami_cnt); - buf[ami_cnt] = '\0'; - hex = OPENSSL_buf2hexstr((const unsigned char *)&amip->threadid, - sizeof(amip->threadid)); - n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt, - "thread=%s, file=%s, line=%d, info=\"", - hex, amip->file, amip->line); - OPENSSL_free(hex); - if (n <= 0) - break; - buf_len = ami_cnt + n; - info_len = strlen(amip->info); - if (128 - buf_len - 3 < info_len) { - memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); - buf_len = 128 - 3; - } else { - n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s", - amip->info); - if (n < 0) - break; - buf_len += n; - } - n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n"); - if (n <= 0) - break; - - l->print_cb(buf, buf_len + n, l->print_cb_arg); - - amip = amip->next; - } - while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti)); - } - #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE { size_t i; @@ -607,7 +451,6 @@ int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); /* Clean up locks etc */ - CRYPTO_THREAD_cleanup_local(&appinfokey); CRYPTO_THREAD_lock_free(memdbg_lock); CRYPTO_THREAD_lock_free(long_memdbg_lock); memdbg_lock = NULL; diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index f1de27a..38edf49 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -72,17 +72,18 @@ OPENSSL_MALLOC_FD int CRYPTO_mem_ctrl(int mode); - int OPENSSL_mem_debug_push(const char *info) - int OPENSSL_mem_debug_pop(void); - - int CRYPTO_mem_debug_push(const char *info, const char *file, int line); - int CRYPTO_mem_debug_pop(void); - int CRYPTO_mem_leaks(BIO *b); int CRYPTO_mem_leaks_fp(FILE *fp); int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), void *u); +Deprecated: + + int OPENSSL_mem_debug_push(const char *info) + int OPENSSL_mem_debug_pop(void); + int CRYPTO_mem_debug_push(const char *info, const char *file, int line); + int CRYPTO_mem_debug_pop(void); + =head1 DESCRIPTION OpenSSL memory allocation is handled by the B API. These are @@ -155,15 +156,6 @@ the B. To disable tracking call CRYPTO_mem_ctrl() with a B argument of the B. -While checking memory, it can be useful to store additional context -about what is being done. -For example, identifying the field names when parsing a complicated -data structure. -OPENSSL_mem_debug_push() (which calls CRYPTO_mem_debug_push()) -attachs an identifying string to the allocation stack. -This must be a global or other static string; it is not copied. -OPENSSL_mem_debug_pop() removes identifying state from the stack. - At the end of the program, calling CRYPTO_mem_leaks() or CRYPTO_mem_leaks_fp() will report all "leaked" memory, writing it to the specified BIO B or FILE B. These functions return 1 if @@ -207,6 +199,9 @@ to use this (will not work on all platforms): export OPENSSL_MALLOC_FD ...app invocation... 3>/tmp/log$$ +OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), +CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() +have been deprecated and replaced with functions that only return zero. =head1 RETURN VALUES @@ -232,16 +227,19 @@ always because allocations have already happened). CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the previous value of the mode. -OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop() -return 1 on success or 0 on failure. - =head1 NOTES While it's permitted to swap out only a few and not all the functions with CRYPTO_set_mem_functions(), it's recommended to swap them all out -at once. I C I +at once, especially if OpenSSL was built with the +configuration option> C. + +=head1 HISTORY + +OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), +CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() +were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 1aa1dc6..d54ca24 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -54,11 +54,8 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, void *align_ptr typedef struct ex_callback_st EX_CALLBACK; - DEFINE_STACK_OF(EX_CALLBACK) -typedef struct app_mem_info_st APP_INFO; - typedef struct mem_st MEM; DEFINE_LHASH_OF(MEM); diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 7953119..875ee55 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -310,12 +310,16 @@ size_t CRYPTO_secure_used(void); void OPENSSL_cleanse(void *ptr, size_t len); # ifndef OPENSSL_NO_CRYPTO_MDEBUG -# define OPENSSL_mem_debug_push(info) \ - CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_mem_debug_pop() \ - CRYPTO_mem_debug_pop() -int CRYPTO_mem_debug_push(const char *info, const char *file, int line); -int CRYPTO_mem_debug_pop(void); +# if !OPENSSL_API_3 +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +# endif +DEPRECATEDIN_3(int CRYPTO_mem_debug_push(const char *info, + const char *file, int line)) +DEPRECATEDIN_3(int CRYPTO_mem_debug_pop(void)) + void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); /*- diff --git a/util/indent.pro b/util/indent.pro index 3d3f747..de260ae 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -36,7 +36,6 @@ -T ACCESS_DESCRIPTION -T ADDED_OBJ -T AES_KEY --T APP_INFO -T ARGS -T ASIdOrRange -T ASIdOrRanges @@ -586,7 +585,6 @@ -T STACK_OF_nid_triple_ -T STACK_OF_void_ -T LHASH_OF_ADDED_OBJ_ --T LHASH_OF_APP_INFO_ -T LHASH_OF_CONF_VALUE_ -T LHASH_OF_ENGINE_PILE_ -T LHASH_OF_ERR_STATE_ diff --git a/util/libcrypto.num b/util/libcrypto.num index d036249..648aed9 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1157,7 +1157,7 @@ EVP_PKEY_CTX_set0_keygen_info 1183 3_0_0 EXIST::FUNCTION: ENGINE_unregister_digests 1184 3_0_0 EXIST::FUNCTION:ENGINE IPAddressOrRange_new 1185 3_0_0 EXIST::FUNCTION:RFC3779 EVP_aes_256_ofb 1186 3_0_0 EXIST::FUNCTION: -CRYPTO_mem_debug_push 1187 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG +CRYPTO_mem_debug_push 1187 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3 X509_PKEY_new 1188 3_0_0 EXIST::FUNCTION: X509_get_key_usage 1189 3_0_0 EXIST::FUNCTION: X509_ATTRIBUTE_create_by_txt 1190 3_0_0 EXIST::FUNCTION: @@ -1848,7 +1848,7 @@ IDEA_cbc_encrypt 1890 3_0_0 EXIST::FUNCTION:IDEA BN_CTX_secure_new 1891 3_0_0 EXIST::FUNCTION: OCSP_ONEREQ_add_ext 1892 3_0_0 EXIST::FUNCTION:OCSP CMS_uncompress 1893 3_0_0 EXIST::FUNCTION:CMS -CRYPTO_mem_debug_pop 1895 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG +CRYPTO_mem_debug_pop 1895 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3 EVP_aes_192_cfb128 1896 3_0_0 EXIST::FUNCTION: OCSP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:OCSP EVP_CIPHER_CTX_copy 1898 3_0_0 EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index fb5d0b2..f63319d 100644 --- a/util/private.num +++ b/util/private.num @@ -311,8 +311,8 @@ OPENSSL_clear_realloc define OPENSSL_free define OPENSSL_malloc define OPENSSL_malloc_init define -OPENSSL_mem_debug_pop define -OPENSSL_mem_debug_push define +OPENSSL_mem_debug_pop define deprecated 3.0.0 +OPENSSL_mem_debug_push define deprecated 3.0.0 OPENSSL_memdup define OPENSSL_no_config define deprecated 1.1.0 OPENSSL_realloc define From openssl at openssl.org Wed Jul 17 13:14:04 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jul 2019 13:14:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1563369244.216924.21265.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: e3a0d36729 Auto add a label depending on the type of issue they report. da02018143 Provider config module: allow providers to already be loaded fe9edc9d39 Fix SSL_CTX_set_session_id_context() docs c17d60ea29 s390x assembly pack: fix restoring of SIGILL action 5fe499cb75 Actually silently ignore GET / OCSP requests 12df11bdf1 Document the new EVP_KEYEXCH type and related functions 35aca9eccb Add the ability to set PKCS#3 DH padding in providers 94b40fb77c Enable PKCS#3 DH in the providers 89e291742f Implement PKCS#3 DH Key Exchange in the default provider ff64702b3d Make the EVP Key Exchange code provider aware cbfa5b0398 Regenerate mkerr files aac96e2797 Remove function name from errors 3d9b33b5e4 Remove DRBG from SSL structure. 459b15d451 Add Common shared code needed to move aes ciphers to providers 0d03acea7a remove end of line whitespace b880583475 Convert asn1_dsa.c to use the WPACKET API instead 15cb0f0958 Give WPACKET the ability to have a NULL buffer underneath it 8ae173bb57 Convert asn1_dsa.c to use the PACKET API instead 0d345f0e10 Make the PACKET/WPACKET code available to both libcrypto and libssl 54846b7c6e Add simple ASN.1 utils for DSA signature DER. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=173, Tests=1561, 217 wallclock secs ( 1.76 usr 0.34 sys + 210.89 cusr 17.40 csys = 230.39 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Wed Jul 17 13:33:30 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 17 Jul 2019 13:33:30 +0000 Subject: Still Failing: openssl/openssl#26600 (master - e7aa7c1) In-Reply-To: Message-ID: <5d2f23a9a3501_43f99e16a67784673f1@dafd1b43-a20e-4daf-b49c-699f7b20a3c2.mail> Build Update for openssl/openssl ------------------------------------- Build: #26600 Status: Still Failing Duration: 26 mins and 53 secs Commit: e7aa7c1 (master) Author: Rich Salz Message: Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop} They were only used for recursive ASN1 parsing. Even if the internal memory-debugging facility remains, this simplification seems worthwhile. Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9342) View the changeset: https://github.com/openssl/openssl/compare/7bc82358ae93...e7aa7c11c71e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/559952816?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 17 14:00:58 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jul 2019 14:00:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1563372058.908425.13123.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: e3a0d36729 Auto add a label depending on the type of issue they report. da02018143 Provider config module: allow providers to already be loaded fe9edc9d39 Fix SSL_CTX_set_session_id_context() docs c17d60ea29 s390x assembly pack: fix restoring of SIGILL action 5fe499cb75 Actually silently ignore GET / OCSP requests 12df11bdf1 Document the new EVP_KEYEXCH type and related functions 35aca9eccb Add the ability to set PKCS#3 DH padding in providers 94b40fb77c Enable PKCS#3 DH in the providers 89e291742f Implement PKCS#3 DH Key Exchange in the default provider ff64702b3d Make the EVP Key Exchange code provider aware cbfa5b0398 Regenerate mkerr files aac96e2797 Remove function name from errors 3d9b33b5e4 Remove DRBG from SSL structure. 459b15d451 Add Common shared code needed to move aes ciphers to providers 0d03acea7a remove end of line whitespace b880583475 Convert asn1_dsa.c to use the WPACKET API instead 15cb0f0958 Give WPACKET the ability to have a NULL buffer underneath it 8ae173bb57 Convert asn1_dsa.c to use the PACKET API instead 0d345f0e10 Make the PACKET/WPACKET code available to both libcrypto and libssl 54846b7c6e Add simple ASN.1 utils for DSA signature DER. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=173, Tests=1561, 214 wallclock secs ( 1.76 usr 0.28 sys + 209.16 cusr 18.44 csys = 229.64 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jul 17 17:11:59 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Jul 2019 17:11:59 +0000 Subject: Build failed: openssl master.26024 Message-ID: <20190717171159.1.8E5AFD1A64BA1E31@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 17 18:16:12 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Jul 2019 18:16:12 +0000 Subject: Build completed: openssl master.26025 Message-ID: <20190717181612.1.855A02DF047D1C28@appveyor.com> An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Wed Jul 17 19:15:10 2019 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Wed, 17 Jul 2019 19:15:10 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563390910.506482.22456.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 0f6fd6145924ad5fbddb96570877d36f1e077707 (commit) from 8d64f00fd91f83e36017d7517c9e6d9fd98f6237 (commit) - Log ----------------------------------------------------------------- commit 0f6fd6145924ad5fbddb96570877d36f1e077707 Author: Patrick Steuer Date: Mon Jul 15 17:00:15 2019 +0200 s390x assembly pack: fix restoring of SIGILL action Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9381) (cherry picked from commit c17d60ea293746d7cd06a910ced446edbb6c1eba) ----------------------------------------------------------------------- Summary of changes: crypto/s390xcap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index e7c7f0a..a40efe0 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -29,7 +29,7 @@ struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; void OPENSSL_cpuid_setup(void) { sigset_t oset; - struct sigaction ill_act, oact; + struct sigaction ill_act, oact_ill, oact_fpe; if (OPENSSL_s390xcap_P.stfle[0]) return; @@ -44,8 +44,8 @@ void OPENSSL_cpuid_setup(void) sigdelset(&ill_act.sa_mask, SIGFPE); sigdelset(&ill_act.sa_mask, SIGTRAP); sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); - sigaction(SIGILL, &ill_act, &oact); - sigaction(SIGFPE, &ill_act, &oact); + sigaction(SIGILL, &ill_act, &oact_ill); + sigaction(SIGFPE, &ill_act, &oact_fpe); /* protection against missing store-facility-list-extended */ if (sigsetjmp(ill_jmp, 1) == 0) @@ -61,7 +61,7 @@ void OPENSSL_cpuid_setup(void) | S390X_CAPBIT(S390X_VXE)); } - sigaction(SIGFPE, &oact, NULL); - sigaction(SIGILL, &oact, NULL); + sigaction(SIGFPE, &oact_fpe, NULL); + sigaction(SIGILL, &oact_ill, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); } From openssl at openssl.org Thu Jul 18 01:17:40 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jul 2019 01:17:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1563412660.750369.5321.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: e7aa7c11c7 Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop} 7bc82358ae Fix the return value for SSL_get0_chain_certs() 3c93fbacf6 Parameter building utilities. 4bd8b24045 remove end of line spaces dd6b270618 Remove tab characters from C source files. Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/err/libcrypto-lib-err_prn.d.tmp -MT crypto/err/libcrypto-lib-err_prn.o -c -o crypto/err/libcrypto-lib-err_prn.o ../openssl/crypto/err/err_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/ess/libcrypto-lib-ess_asn1.d.tmp -MT crypto/ess/libcrypto-lib-ess_asn1.o -c -o crypto/ess/libcrypto-lib-ess_asn1.o ../openssl/crypto/ess/ess_asn1.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/ess/libcrypto-lib-ess_err.d.tmp -MT crypto/ess/libcrypto-lib-ess_err.o -c -o crypto/ess/libcrypto-lib-ess_err.o ../openssl/crypto/ess/ess_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/ess/libcrypto-lib-ess_lib.d.tmp -MT crypto/ess/libcrypto-lib-ess_lib.o -c -o crypto/ess/libcrypto-lib-ess_lib.o ../openssl/crypto/ess/ess_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_b64.d.tmp -MT crypto/evp/libcrypto-lib-bio_b64.o -c -o crypto/evp/libcrypto-lib-bio_b64.o ../openssl/crypto/evp/bio_b64.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_enc.d.tmp -MT crypto/evp/libcrypto-lib-bio_enc.o -c -o crypto/evp/libcrypto-lib-bio_enc.o ../openssl/crypto/evp/bio_enc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_md.d.tmp -MT crypto/evp/libcrypto-lib-bio_md.o -c -o crypto/evp/libcrypto-lib-bio_md.o ../openssl/crypto/evp/bio_md.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_ok.d.tmp -MT crypto/evp/libcrypto-lib-bio_ok.o -c -o crypto/evp/libcrypto-lib-bio_ok.o ../openssl/crypto/evp/bio_ok.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allc.d.tmp -MT crypto/evp/libcrypto-lib-c_allc.o -c -o crypto/evp/libcrypto-lib-c_allc.o ../openssl/crypto/evp/c_allc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_alld.d.tmp -MT crypto/evp/libcrypto-lib-c_alld.o -c -o crypto/evp/libcrypto-lib-c_alld.o ../openssl/crypto/evp/c_alld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allkdf.d.tmp -MT crypto/evp/libcrypto-lib-c_allkdf.o -c -o crypto/evp/libcrypto-lib-c_allkdf.o ../openssl/crypto/evp/c_allkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allm.d.tmp -MT crypto/evp/libcrypto-lib-c_allm.o -c -o crypto/evp/libcrypto-lib-c_allm.o ../openssl/crypto/evp/c_allm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-cmeth_lib.d.tmp -MT crypto/evp/libcrypto-lib-cmeth_lib.o -c -o crypto/evp/libcrypto-lib-cmeth_lib.o ../openssl/crypto/evp/cmeth_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-digest.d.tmp -MT crypto/evp/libcrypto-lib-digest.o -c -o crypto/evp/libcrypto-lib-digest.o ../openssl/crypto/evp/digest.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes.d.tmp -MT crypto/evp/libcrypto-lib-e_aes.o -c -o crypto/evp/libcrypto-lib-e_aes.o ../openssl/crypto/evp/e_aes.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha1.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha256.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aria.d.tmp -MT crypto/evp/libcrypto-lib-e_aria.o -c -o crypto/evp/libcrypto-lib-e_aria.o ../openssl/crypto/evp/e_aria.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_bf.d.tmp -MT crypto/evp/libcrypto-lib-e_bf.o -c -o crypto/evp/libcrypto-lib-e_bf.o ../openssl/crypto/evp/e_bf.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_camellia.d.tmp -MT crypto/evp/libcrypto-lib-e_camellia.o -c -o crypto/evp/libcrypto-lib-e_camellia.o ../openssl/crypto/evp/e_camellia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_cast.d.tmp -MT crypto/evp/libcrypto-lib-e_cast.o -c -o crypto/evp/libcrypto-lib-e_cast.o ../openssl/crypto/evp/e_cast.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_chacha20_poly1305.d.tmp -MT crypto/evp/libcrypto-lib-e_chacha20_poly1305.o -c -o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o ../openssl/crypto/evp/e_chacha20_poly1305.c clang -Icrypto -I../openssl/crypto -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_des.d.tmp -MT crypto/evp/libcrypto-lib-e_des.o -c -o crypto/evp/libcrypto-lib-e_des.o ../openssl/crypto/evp/e_des.c clang -Icrypto -I../openssl/crypto -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_des3.d.tmp -MT crypto/evp/libcrypto-lib-e_des3.o -c -o crypto/evp/libcrypto-lib-e_des3.o ../openssl/crypto/evp/e_des3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_idea.d.tmp -MT crypto/evp/libcrypto-lib-e_idea.o -c -o crypto/evp/libcrypto-lib-e_idea.o ../openssl/crypto/evp/e_idea.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_null.d.tmp -MT crypto/evp/libcrypto-lib-e_null.o -c -o crypto/evp/libcrypto-lib-e_null.o ../openssl/crypto/evp/e_null.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_old.d.tmp -MT crypto/evp/libcrypto-lib-e_old.o -c -o crypto/evp/libcrypto-lib-e_old.o ../openssl/crypto/evp/e_old.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc2.d.tmp -MT crypto/evp/libcrypto-lib-e_rc2.o -c -o crypto/evp/libcrypto-lib-e_rc2.o ../openssl/crypto/evp/e_rc2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc4.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4.o -c -o crypto/evp/libcrypto-lib-e_rc4.o ../openssl/crypto/evp/e_rc4.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc4_hmac_md5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o -c -o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o ../openssl/crypto/evp/e_rc4_hmac_md5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc5.o -c -o crypto/evp/libcrypto-lib-e_rc5.o ../openssl/crypto/evp/e_rc5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_seed.d.tmp -MT crypto/evp/libcrypto-lib-e_seed.o -c -o crypto/evp/libcrypto-lib-e_seed.o ../openssl/crypto/evp/e_seed.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_sm4.d.tmp -MT crypto/evp/libcrypto-lib-e_sm4.o -c -o crypto/evp/libcrypto-lib-e_sm4.o ../openssl/crypto/evp/e_sm4.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_xcbc_d.d.tmp -MT crypto/evp/libcrypto-lib-e_xcbc_d.o -c -o crypto/evp/libcrypto-lib-e_xcbc_d.o ../openssl/crypto/evp/e_xcbc_d.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-encode.d.tmp -MT crypto/evp/libcrypto-lib-encode.o -c -o crypto/evp/libcrypto-lib-encode.o ../openssl/crypto/evp/encode.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_cnf.d.tmp -MT crypto/evp/libcrypto-lib-evp_cnf.o -c -o crypto/evp/libcrypto-lib-evp_cnf.o ../openssl/crypto/evp/evp_cnf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_enc.d.tmp -MT crypto/evp/libcrypto-lib-evp_enc.o -c -o crypto/evp/libcrypto-lib-evp_enc.o ../openssl/crypto/evp/evp_enc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_err.d.tmp -MT crypto/evp/libcrypto-lib-evp_err.o -c -o crypto/evp/libcrypto-lib-evp_err.o ../openssl/crypto/evp/evp_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_fetch.d.tmp -MT crypto/evp/libcrypto-lib-evp_fetch.o -c -o crypto/evp/libcrypto-lib-evp_fetch.o ../openssl/crypto/evp/evp_fetch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_key.d.tmp -MT crypto/evp/libcrypto-lib-evp_key.o -c -o crypto/evp/libcrypto-lib-evp_key.o ../openssl/crypto/evp/evp_key.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_lib.d.tmp -MT crypto/evp/libcrypto-lib-evp_lib.o -c -o crypto/evp/libcrypto-lib-evp_lib.o ../openssl/crypto/evp/evp_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_pbe.d.tmp -MT crypto/evp/libcrypto-lib-evp_pbe.o -c -o crypto/evp/libcrypto-lib-evp_pbe.o ../openssl/crypto/evp/evp_pbe.c ../openssl/crypto/evp/evp_lib.c:820:25: error: no member named 'dh' in 'union evp_pkey_st::(anonymous at ../openssl/crypto/include/internal/evp_int.h:513:5)' DH *dh = pkey->pkey.dh; ~~~~~~~~~~ ^ ../openssl/crypto/evp/evp_lib.c:822:23: error: implicit declaration of function 'DH_get0_p' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:822:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:822:43: error: implicit declaration of function 'DH_get0_g' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:43: note: did you mean 'DH_get0_p'? ../openssl/crypto/evp/evp_lib.c:822:23: note: 'DH_get0_p' declared here const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~ DH_get0_p ../openssl/crypto/evp/evp_lib.c:822:43: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:39: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:822:63: error: implicit declaration of function 'DH_get0_q' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:63: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:822:59: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:823:29: error: implicit declaration of function 'DH_get0_pub_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:823:29: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:823:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ~~~~~~~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:824:30: error: implicit declaration of function 'DH_get0_priv_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:30: note: did you mean 'DH_get0_pub_key'? ../openssl/crypto/evp/evp_lib.c:823:29: note: 'DH_get0_pub_key' declared here const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:30: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ~~~~~~~~~~~~~~~~~~~~ 16 errors generated. Makefile:9335: recipe for target 'crypto/evp/libcrypto-lib-evp_lib.o' failed make[1]: *** [crypto/evp/libcrypto-lib-evp_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Thu Jul 18 02:16:59 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jul 2019 02:16:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1563416219.822340.20436.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: e7aa7c11c7 Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop} 7bc82358ae Fix the return value for SSL_get0_chain_certs() 3c93fbacf6 Parameter building utilities. 4bd8b24045 remove end of line spaces dd6b270618 Remove tab characters from C source files. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1647, 250 wallclock secs ( 2.93 usr 0.41 sys + 238.90 cusr 20.74 csys = 262.98 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matthias.st.pierre at ncp-e.com Thu Jul 18 04:22:26 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 18 Jul 2019 04:22:26 +0000 Subject: [openssl] master update Message-ID: <1563423746.434937.10026.nullmailer@dev.openssl.org> The branch master has been updated via 3b438ef95b5b1c45602b1332921209363e4776bd (commit) from e7aa7c11c71e84b2d6c06b1c81d130e8c1fba296 (commit) - Log ----------------------------------------------------------------- commit 3b438ef95b5b1c45602b1332921209363e4776bd Author: Dr. Matthias St. Pierre Date: Wed Jul 17 19:14:01 2019 +0200 Fix init_get_thread_local() Previously, init_get_thread_local() pushed the thread event handler list onto the global register before calling CRYPTO_THREAD_set_local(), and when the latter failed, forgot to pop the list from the stack again. Instead of cleaning the stack on error, this commit avoids the situation entirely by postponing the push operation until all other operations succeeded. This reordering also significantly reduces the scope of the critical section. Another simplification of the code is achieved by moving the push operation onto the register (which is disabled in FIPS mode) into a separate function. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9401) ----------------------------------------------------------------------- Summary of changes: crypto/initthread.c | 64 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/crypto/initthread.c b/crypto/initthread.c index b3f45b9..7de8a36 100644 --- a/crypto/initthread.c +++ b/crypto/initthread.c @@ -77,6 +77,12 @@ static GLOBAL_TEVENT_REGISTER *get_global_tevent_register(void) } #endif +#ifndef FIPS_MODE +static int init_thread_push_handlers(THREAD_EVENT_HANDLER **hands); +static void init_thread_remove_handlers(THREAD_EVENT_HANDLER **handsin); +static void init_thread_destructor(void *hands); +static int init_thread_deregister(void *arg, int all); +#endif static void init_thread_stop(void *arg, THREAD_EVENT_HANDLER **hands); static THREAD_EVENT_HANDLER ** @@ -86,40 +92,22 @@ init_get_thread_local(CRYPTO_THREAD_LOCAL *local, int alloc, int keep) if (alloc) { if (hands == NULL) { -#ifndef FIPS_MODE - GLOBAL_TEVENT_REGISTER *gtr; -#endif - if ((hands = OPENSSL_zalloc(sizeof(*hands))) == NULL) { - OPENSSL_free(hands); + if ((hands = OPENSSL_zalloc(sizeof(*hands))) == NULL) return NULL; - } -#ifndef FIPS_MODE - /* - * The thread event handler is thread specific and is a linked - * list of all handler functions that should be called for the - * current thread. We also keep a global reference to that linked - * list, so that we can deregister handlers if necessary before all - * the threads are stopped. - */ - gtr = get_global_tevent_register(); - if (gtr == NULL) { + if (!CRYPTO_THREAD_set_local(local, hands)) { OPENSSL_free(hands); return NULL; } - CRYPTO_THREAD_write_lock(gtr->lock); - if (!sk_THREAD_EVENT_HANDLER_PTR_push(gtr->skhands, hands)) { + +#ifndef FIPS_MODE + if (!init_thread_push_handlers(hands)) { + CRYPTO_THREAD_set_local(local, NULL); OPENSSL_free(hands); - CRYPTO_THREAD_unlock(gtr->lock); return NULL; } - CRYPTO_THREAD_unlock(gtr->lock); #endif - if (!CRYPTO_THREAD_set_local(local, hands)) { - OPENSSL_free(hands); - return NULL; - } } } else if (!keep) { CRYPTO_THREAD_set_local(local, NULL); @@ -148,6 +136,32 @@ static union { CRYPTO_THREAD_LOCAL value; } destructor_key = { -1 }; +/* + * The thread event handler list is a thread specific linked list + * of callback functions which are invoked in list order by the + * current thread in case of certain events. (Currently, there is + * only one type of event, the 'thread stop' event.) + * + * We also keep a global reference to that linked list, so that we + * can deregister handlers if necessary before all the threads are + * stopped. + */ +static int init_thread_push_handlers(THREAD_EVENT_HANDLER **hands) +{ + int ret; + GLOBAL_TEVENT_REGISTER *gtr; + + gtr = get_global_tevent_register(); + if (gtr == NULL) + return 0; + + CRYPTO_THREAD_write_lock(gtr->lock); + ret = (sk_THREAD_EVENT_HANDLER_PTR_push(gtr->skhands, hands) != 0); + CRYPTO_THREAD_unlock(gtr->lock); + + return ret; +} + static void init_thread_remove_handlers(THREAD_EVENT_HANDLER **handsin) { GLOBAL_TEVENT_REGISTER *gtr; @@ -187,8 +201,6 @@ int ossl_init_thread(void) return 1; } -static int init_thread_deregister(void *arg, int all); - void ossl_cleanup_thread(void) { init_thread_deregister(NULL, 1); From builds at travis-ci.org Thu Jul 18 04:43:15 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Jul 2019 04:43:15 +0000 Subject: Still Failing: openssl/openssl#26631 (master - 3b438ef) In-Reply-To: Message-ID: <5d2ff8e3449e1_43f88987797681866f5@c9181fee-f907-4c21-ad5f-316e9263ac4d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26631 Status: Still Failing Duration: 20 mins and 11 secs Commit: 3b438ef (master) Author: Dr. Matthias St. Pierre Message: Fix init_get_thread_local() Previously, init_get_thread_local() pushed the thread event handler list onto the global register before calling CRYPTO_THREAD_set_local(), and when the latter failed, forgot to pop the list from the stack again. Instead of cleaning the stack on error, this commit avoids the situation entirely by postponing the push operation until all other operations succeeded. This reordering also significantly reduces the scope of the critical section. Another simplification of the code is achieved by moving the push operation onto the register (which is disabled in FIPS mode) into a separate function. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9401) View the changeset: https://github.com/openssl/openssl/compare/e7aa7c11c71e...3b438ef95b5b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/560306334?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Thu Jul 18 05:12:07 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 18 Jul 2019 05:12:07 +0000 Subject: [openssl] master update Message-ID: <1563426727.439066.24079.nullmailer@dev.openssl.org> The branch master has been updated via 7a9abccde7b7a5e36efe42d89246f6cfd4d59f44 (commit) from 3b438ef95b5b1c45602b1332921209363e4776bd (commit) - Log ----------------------------------------------------------------- commit 7a9abccde7b7a5e36efe42d89246f6cfd4d59f44 Author: Shane Lontis Date: Mon Jul 15 12:42:38 2019 +1000 Cleanup use of X509 STORE locks Cosmetic changes to use the X509_STORE_lock/unlock functions. Renamed some ctx variables to store. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9366) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 77 ++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index e994633..d3c1fef 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -289,24 +289,25 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { - X509_STORE *ctx = vs->ctx; + X509_STORE *store = vs->ctx; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; int i, j; - if (ctx == NULL) + if (store == NULL) return 0; stmp.type = X509_LU_NONE; stmp.data.ptr = NULL; - CRYPTO_THREAD_write_lock(ctx->lock); - tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); - CRYPTO_THREAD_unlock(ctx->lock); + + X509_STORE_lock(store); + tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name); + X509_STORE_unlock(store); if (tmp == NULL || type == X509_LU_CRL) { - for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { - lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(store->get_cert_methods, i); j = X509_LOOKUP_by_subject(lu, type, name, &stmp); if (j) { tmp = &stmp; @@ -325,7 +326,7 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 1; } -static int x509_store_add(X509_STORE *ctx, void *x, int crl) { +static int x509_store_add(X509_STORE *store, void *x, int crl) { X509_OBJECT *obj; int ret = 0, added = 0; @@ -344,16 +345,14 @@ static int x509_store_add(X509_STORE *ctx, void *x, int crl) { } X509_OBJECT_up_ref_count(obj); - CRYPTO_THREAD_write_lock(ctx->lock); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { + X509_STORE_lock(store); + if (X509_OBJECT_retrieve_match(store->objs, obj)) { ret = 1; } else { - added = sk_X509_OBJECT_push(ctx->objs, obj); + added = sk_X509_OBJECT_push(store->objs, obj); ret = added != 0; } - - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_unlock(store); if (added == 0) /* obj not pushed */ X509_OBJECT_free(obj); @@ -534,12 +533,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509) *sk = NULL; X509 *x; X509_OBJECT *obj; + X509_STORE *store = ctx->ctx; - if (ctx->ctx == NULL) + if (store == NULL) return NULL; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { /* * Nothing found in cache: do lookup to possibly add new objects to @@ -547,7 +547,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) */ X509_OBJECT *xobj = X509_OBJECT_new(); - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); + if (xobj == NULL) return NULL; if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { @@ -555,27 +556,27 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return NULL; } } sk = sk_X509_new_null(); for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.x509; X509_up_ref(x); if (!sk_X509_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_free(x); sk_X509_pop_free(sk, X509_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } @@ -585,37 +586,38 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); X509_CRL *x; X509_OBJECT *obj, *xobj = X509_OBJECT_new(); + X509_STORE *store = ctx->ctx; /* Always do lookup to possibly add new CRLs to cache */ if (sk == NULL || xobj == NULL - || ctx->ctx == NULL + || store == NULL || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { X509_OBJECT_free(xobj); sk_X509_CRL_free(sk); return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); sk_X509_CRL_free(sk); return NULL; } for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.crl; X509_CRL_up_ref(x); if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_CRL_free(x); sk_X509_CRL_pop_free(sk, X509_CRL_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } @@ -663,6 +665,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; + X509_STORE *store = ctx->ctx; int i, ok, idx, ret; if (obj == NULL) @@ -685,18 +688,18 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } X509_OBJECT_free(obj); - if (ctx->ctx == NULL) + if (store == NULL) return 0; /* Else find index of first cert accepted by 'check_issued' */ ret = 0; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + X509_STORE_lock(store); + idx = X509_OBJECT_idx_by_subject(store->objs, X509_LU_X509, xn); if (idx != -1) { /* should be true as we've had at least one * match */ /* Look through all matching certs for suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + for (i = idx; i < sk_X509_OBJECT_num(store->objs); i++) { + pobj = sk_X509_OBJECT_value(store->objs, i); /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; @@ -717,7 +720,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); if (*issuer) X509_up_ref(*issuer); return ret; From shane.lontis at oracle.com Thu Jul 18 05:20:48 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 18 Jul 2019 05:20:48 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563427248.309717.32661.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 0a9a7540d4850dc39e69d5ccd0f382e604bdfee4 (commit) from 0f6fd6145924ad5fbddb96570877d36f1e077707 (commit) - Log ----------------------------------------------------------------- commit 0a9a7540d4850dc39e69d5ccd0f382e604bdfee4 Author: Shane Lontis Date: Mon Jul 15 12:42:38 2019 +1000 Cleanup use of X509 STORE locks Cosmetic changes to use the X509_STORE_lock/unlock functions. Renamed some ctx variables to store. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9366) (cherry picked from commit 7a9abccde7b7a5e36efe42d89246f6cfd4d59f44) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 77 ++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 8ddd7ec..8c7e5e3 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -289,24 +289,25 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { - X509_STORE *ctx = vs->ctx; + X509_STORE *store = vs->ctx; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; int i, j; - if (ctx == NULL) + if (store == NULL) return 0; stmp.type = X509_LU_NONE; stmp.data.ptr = NULL; - CRYPTO_THREAD_write_lock(ctx->lock); - tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); - CRYPTO_THREAD_unlock(ctx->lock); + + X509_STORE_lock(store); + tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name); + X509_STORE_unlock(store); if (tmp == NULL || type == X509_LU_CRL) { - for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { - lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(store->get_cert_methods, i); j = X509_LOOKUP_by_subject(lu, type, name, &stmp); if (j) { tmp = &stmp; @@ -325,7 +326,7 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 1; } -static int x509_store_add(X509_STORE *ctx, void *x, int crl) { +static int x509_store_add(X509_STORE *store, void *x, int crl) { X509_OBJECT *obj; int ret = 0, added = 0; @@ -344,16 +345,14 @@ static int x509_store_add(X509_STORE *ctx, void *x, int crl) { } X509_OBJECT_up_ref_count(obj); - CRYPTO_THREAD_write_lock(ctx->lock); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { + X509_STORE_lock(store); + if (X509_OBJECT_retrieve_match(store->objs, obj)) { ret = 1; } else { - added = sk_X509_OBJECT_push(ctx->objs, obj); + added = sk_X509_OBJECT_push(store->objs, obj); ret = added != 0; } - - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_unlock(store); if (added == 0) /* obj not pushed */ X509_OBJECT_free(obj); @@ -534,12 +533,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509) *sk = NULL; X509 *x; X509_OBJECT *obj; + X509_STORE *store = ctx->ctx; - if (ctx->ctx == NULL) + if (store == NULL) return NULL; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { /* * Nothing found in cache: do lookup to possibly add new objects to @@ -547,7 +547,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) */ X509_OBJECT *xobj = X509_OBJECT_new(); - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); + if (xobj == NULL) return NULL; if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { @@ -555,27 +556,27 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return NULL; } } sk = sk_X509_new_null(); for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.x509; X509_up_ref(x); if (!sk_X509_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_free(x); sk_X509_pop_free(sk, X509_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } @@ -585,37 +586,38 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); X509_CRL *x; X509_OBJECT *obj, *xobj = X509_OBJECT_new(); + X509_STORE *store = ctx->ctx; /* Always do lookup to possibly add new CRLs to cache */ if (sk == NULL || xobj == NULL - || ctx->ctx == NULL + || store == NULL || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { X509_OBJECT_free(xobj); sk_X509_CRL_free(sk); return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); sk_X509_CRL_free(sk); return NULL; } for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.crl; X509_CRL_up_ref(x); if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_CRL_free(x); sk_X509_CRL_pop_free(sk, X509_CRL_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } @@ -663,6 +665,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; + X509_STORE *store = ctx->ctx; int i, ok, idx, ret; if (obj == NULL) @@ -685,18 +688,18 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } X509_OBJECT_free(obj); - if (ctx->ctx == NULL) + if (store == NULL) return 0; /* Else find index of first cert accepted by 'check_issued' */ ret = 0; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + X509_STORE_lock(store); + idx = X509_OBJECT_idx_by_subject(store->objs, X509_LU_X509, xn); if (idx != -1) { /* should be true as we've had at least one * match */ /* Look through all matching certs for suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + for (i = idx; i < sk_X509_OBJECT_num(store->objs); i++) { + pobj = sk_X509_OBJECT_value(store->objs, i); /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; @@ -717,7 +720,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); if (*issuer) X509_up_ref(*issuer); return ret; From no-reply at appveyor.com Thu Jul 18 05:51:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Jul 2019 05:51:48 +0000 Subject: Build failed: openssl master.26060 Message-ID: <20190718055148.1.FDFF8B0DB09F3079@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Jul 18 05:36:56 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Jul 2019 05:36:56 +0000 Subject: Still Failing: openssl/openssl#26636 (master - 7a9abcc) In-Reply-To: Message-ID: <5d3005789ae8f_43fb6afa7bc2844046@b2a622c1-5690-4f08-b3a1-07299f521f22.mail> Build Update for openssl/openssl ------------------------------------- Build: #26636 Status: Still Failing Duration: 22 mins and 19 secs Commit: 7a9abcc (master) Author: Shane Lontis Message: Cleanup use of X509 STORE locks Cosmetic changes to use the X509_STORE_lock/unlock functions. Renamed some ctx variables to store. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9366) View the changeset: https://github.com/openssl/openssl/compare/3b438ef95b5b...7a9abccde7b7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/560317455?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 18 06:06:17 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jul 2019 06:06:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1563429977.847431.11071.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: e7aa7c11c7 Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop} 7bc82358ae Fix the return value for SSL_get0_chain_certs() 3c93fbacf6 Parameter building utilities. 4bd8b24045 remove end of line spaces dd6b270618 Remove tab characters from C source files. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:294: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:305: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:311: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:314: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:317: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:402: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:422: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:435: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:468: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:469: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_memdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strndup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OPENSSL_hexstr2buf': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:162: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:165: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:168: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:259: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7159: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From shane.lontis at oracle.com Thu Jul 18 06:08:35 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 18 Jul 2019 06:08:35 +0000 Subject: [openssl] master update Message-ID: <1563430115.283286.5596.nullmailer@dev.openssl.org> The branch master has been updated via 05f4eb2dc983d45bface421e19913ccdfd3f9a9f (commit) from 7a9abccde7b7a5e36efe42d89246f6cfd4d59f44 (commit) - Log ----------------------------------------------------------------- commit 05f4eb2dc983d45bface421e19913ccdfd3f9a9f Author: Shane Lontis Date: Thu Jul 18 08:25:44 2019 +1000 Fix S390X compile error due to missing defines Add the missing S390X_aes_XXX_gcm_CAPABLE() macros into aes_platform.h. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9403) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/aes_platform.h | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/crypto/include/internal/aes_platform.h b/crypto/include/internal/aes_platform.h index 5174081..26d9fdd 100644 --- a/crypto/include/internal/aes_platform.h +++ b/crypto/include/internal/aes_platform.h @@ -315,14 +315,24 @@ void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, # define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ # define S390X_aes_256_xts_CAPABLE 1 -# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ +# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ +# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ +# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ S390X_CAPBIT(S390X_AES_256))) # define S390X_CCM_AAD_FLAG 0x40 From builds at travis-ci.org Thu Jul 18 06:26:51 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Jul 2019 06:26:51 +0000 Subject: Still Failing: openssl/openssl#26640 (master - 05f4eb2) In-Reply-To: Message-ID: <5d30112b7935a_43f8892562d0419668a@c9181fee-f907-4c21-ad5f-316e9263ac4d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26640 Status: Still Failing Duration: 17 mins and 45 secs Commit: 05f4eb2 (master) Author: Shane Lontis Message: Fix S390X compile error due to missing defines Add the missing S390X_aes_XXX_gcm_CAPABLE() macros into aes_platform.h. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9403) View the changeset: https://github.com/openssl/openssl/compare/7a9abccde7b7...05f4eb2dc983 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/560330493?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 18 07:23:21 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Jul 2019 07:23:21 +0000 Subject: Build failed: openssl master.26064 Message-ID: <20190718072321.1.32BA95DB10ECD02D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 18 08:17:08 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Jul 2019 08:17:08 +0000 Subject: Build completed: openssl master.26065 Message-ID: <20190718081708.1.D8E30F4DA56CDF1A@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 18 13:18:02 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jul 2019 13:18:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1563455882.435628.13517.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: e7aa7c11c7 Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop} 7bc82358ae Fix the return value for SSL_get0_chain_certs() 3c93fbacf6 Parameter building utilities. 4bd8b24045 remove end of line spaces dd6b270618 Remove tab characters from C source files. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 210 wallclock secs ( 1.45 usr 0.30 sys + 206.19 cusr 16.04 csys = 223.98 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Thu Jul 18 14:01:51 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 18 Jul 2019 14:01:51 +0000 Subject: [openssl] master update Message-ID: <1563458511.022510.16355.nullmailer@dev.openssl.org> The branch master has been updated via 04edd688b3727835f9b2c7cca7e4c963bf3ed2ba (commit) from 05f4eb2dc983d45bface421e19913ccdfd3f9a9f (commit) - Log ----------------------------------------------------------------- commit 04edd688b3727835f9b2c7cca7e4c963bf3ed2ba Author: Bernd Edlinger Date: Fri Jun 21 21:26:19 2019 +0200 Add value_barriers in constant time select functions The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: Tomas Mraz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9217) ----------------------------------------------------------------------- Summary of changes: include/internal/constant_time_locl.h | 62 ++++++++++++++++++++++++++++++++--- 1 file changed, 58 insertions(+), 4 deletions(-) diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h index e861b93..f7b264e 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time_locl.h @@ -213,18 +213,72 @@ static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) return constant_time_eq_8((unsigned)(a), (unsigned)(b)); } +/* + * Returns the value unmodified, but avoids optimizations. + * The barriers prevent the compiler from narrowing down the + * possible value range of the mask and ~mask in the select + * statements, which avoids the recognition of the select + * and turning it into a conditional load or branch. + */ +static ossl_inline unsigned int value_barrier(unsigned int a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned int r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned int r = a; +#endif + return r; +} + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t value_barrier_32(uint32_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint32_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint32_t r = a; +#endif + return r; +} + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t value_barrier_64(uint64_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint64_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint64_t r = a; +#endif + return r; +} + +/* Convenience method for size_t. */ +static ossl_inline size_t value_barrier_s(size_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + size_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile size_t r = a; +#endif + return r; +} + static ossl_inline unsigned int constant_time_select(unsigned int mask, unsigned int a, unsigned int b) { - return (mask & a) | (~mask & b); + return (value_barrier(mask) & a) | (value_barrier(~mask) & b); } static ossl_inline size_t constant_time_select_s(size_t mask, size_t a, size_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); } static ossl_inline unsigned char constant_time_select_8(unsigned char mask, @@ -249,13 +303,13 @@ static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, uint32_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); } static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, uint64_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); } /* From bernd.edlinger at hotmail.de Thu Jul 18 14:02:29 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 18 Jul 2019 14:02:29 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563458549.009777.18118.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7fab4310409189767e86b9d2f5fa6d3fa3fd6270 (commit) from 0a9a7540d4850dc39e69d5ccd0f382e604bdfee4 (commit) - Log ----------------------------------------------------------------- commit 7fab4310409189767e86b9d2f5fa6d3fa3fd6270 Author: Bernd Edlinger Date: Fri Jun 21 21:26:19 2019 +0200 Add value_barriers in constant time select functions The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: Tomas Mraz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9217) (cherry picked from commit 04edd688b3727835f9b2c7cca7e4c963bf3ed2ba) ----------------------------------------------------------------------- Summary of changes: include/internal/constant_time_locl.h | 62 ++++++++++++++++++++++++++++++++--- 1 file changed, 58 insertions(+), 4 deletions(-) diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h index cde30f4..ac0c62b 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time_locl.h @@ -213,18 +213,72 @@ static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) return constant_time_eq_8((unsigned)(a), (unsigned)(b)); } +/* + * Returns the value unmodified, but avoids optimizations. + * The barriers prevent the compiler from narrowing down the + * possible value range of the mask and ~mask in the select + * statements, which avoids the recognition of the select + * and turning it into a conditional load or branch. + */ +static ossl_inline unsigned int value_barrier(unsigned int a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned int r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned int r = a; +#endif + return r; +} + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t value_barrier_32(uint32_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint32_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint32_t r = a; +#endif + return r; +} + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t value_barrier_64(uint64_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint64_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint64_t r = a; +#endif + return r; +} + +/* Convenience method for size_t. */ +static ossl_inline size_t value_barrier_s(size_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + size_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile size_t r = a; +#endif + return r; +} + static ossl_inline unsigned int constant_time_select(unsigned int mask, unsigned int a, unsigned int b) { - return (mask & a) | (~mask & b); + return (value_barrier(mask) & a) | (value_barrier(~mask) & b); } static ossl_inline size_t constant_time_select_s(size_t mask, size_t a, size_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); } static ossl_inline unsigned char constant_time_select_8(unsigned char mask, @@ -249,13 +303,13 @@ static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, uint32_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); } static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, uint64_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); } /* From openssl at openssl.org Thu Jul 18 14:05:03 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jul 2019 14:05:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1563458703.801210.6733.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: e7aa7c11c7 Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop} 7bc82358ae Fix the return value for SSL_get0_chain_certs() 3c93fbacf6 Parameter building utilities. 4bd8b24045 remove end of line spaces dd6b270618 Remove tab characters from C source files. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 243 wallclock secs ( 1.72 usr 0.38 sys + 238.16 cusr 18.00 csys = 258.26 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Thu Jul 18 14:21:14 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Jul 2019 14:21:14 +0000 Subject: Still Failing: openssl/openssl#26651 (master - 04edd68) In-Reply-To: Message-ID: <5d308059d6c7c_43f9e0a64455093368@e9c5638e-ef1b-4ac4-a4ac-4432e40f7969.mail> Build Update for openssl/openssl ------------------------------------- Build: #26651 Status: Still Failing Duration: 18 mins and 45 secs Commit: 04edd68 (master) Author: Bernd Edlinger Message: Add value_barriers in constant time select functions The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: Tomas Mraz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9217) View the changeset: https://github.com/openssl/openssl/compare/05f4eb2dc983...04edd688b372 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/560498475?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 18 14:40:24 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Jul 2019 14:40:24 +0000 Subject: Build failed: openssl master.26075 Message-ID: <20190718144024.1.FA23482744963447@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 18 15:49:27 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Jul 2019 15:49:27 +0000 Subject: Build completed: openssl master.26076 Message-ID: <20190718154927.1.1E4974905F5B8A0E@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Jul 18 23:38:39 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 18 Jul 2019 23:38:39 +0000 Subject: [openssl] master update Message-ID: <1563493119.772215.28244.nullmailer@dev.openssl.org> The branch master has been updated via a1c5cefaf47ad9992c77960e8899d8979901507a (commit) from 04edd688b3727835f9b2c7cca7e4c963bf3ed2ba (commit) - Log ----------------------------------------------------------------- commit a1c5cefaf47ad9992c77960e8899d8979901507a Author: Richard Levitte Date: Thu Jul 18 09:25:24 2019 +0200 Correct some OSSL_PARAM documentation The documentation wasn't quite in sync with the implementation. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9408) ----------------------------------------------------------------------- Summary of changes: doc/internal/man3/ossl_param_bld_init.pod | 86 +++++++++++++++---------------- doc/man3/OSSL_PARAM_int.pod | 63 ++++++++++++---------- 2 files changed, 80 insertions(+), 69 deletions(-) diff --git a/doc/internal/man3/ossl_param_bld_init.pod b/doc/internal/man3/ossl_param_bld_init.pod index ca206c7..a65aa8b 100644 --- a/doc/internal/man3/ossl_param_bld_init.pod +++ b/doc/internal/man3/ossl_param_bld_init.pod @@ -2,15 +2,15 @@ =head1 NAME -ossl_param_build_init, -ossl_param_build_to_param, ossl_param_build_push_int, -ossl_param_build_push_uint, ossl_param_build_push_long, -ossl_param_build_push_ulong, ossl_param_build_push_int32, -ossl_param_build_push_uint32, ossl_param_build_push_int64, -ossl_param_build_push_uint64, ossl_param_build_push_size_t, -ossl_param_build_push_double, ossl_param_build_push_BN, -ossl_param_build_push_utf8_string, ossl_param_build_push_utf8_ptr, -ossl_param_build_push_octet_string, ossl_param_build_push_octet_ptr +ossl_param_bld_init, +ossl_param_bld_to_param, ossl_param_bld_push_int, +ossl_param_bld_push_uint, ossl_param_bld_push_long, +ossl_param_bld_push_ulong, ossl_param_bld_push_int32, +ossl_param_bld_push_uint32, ossl_param_bld_push_int64, +ossl_param_bld_push_uint64, ossl_param_bld_push_size_t, +ossl_param_bld_push_double, ossl_param_bld_push_BN, +ossl_param_bld_push_utf8_string, ossl_param_bld_push_utf8_ptr, +ossl_param_bld_push_octet_string, ossl_param_bld_push_octet_ptr - functions to assist in the creation of OSSL_PARAM arrays =head1 SYNOPSIS @@ -22,25 +22,25 @@ ossl_param_build_push_octet_string, ossl_param_build_push_octet_ptr #define OSSL_PARAM_BLD_MAX 10 typedef struct { ... } OSSL_PARAM_BLD; - void ossl_param_build_init(OSSL_PARAM_BLD *bld); - OSSL_PARAM *ossl_param_build_to_param(OSSL_PARAM_BLD *bld, void **secure); - OSSL_PARAM *ossl_param_build_to_param_ex(OSSL_PARAM_BLD *bld, + void ossl_param_bld_init(OSSL_PARAM_BLD *bld); + OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld, void **secure); + OSSL_PARAM *ossl_param_bld_to_param_ex(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, size_t param_n, void *data, size_t data_n, void *secure, size_t secure_n); - int ossl_param_build_push_TYPE(OSSL_PARAM_BLD *bld, const char *key, TYPE val); + int ossl_param_bld_push_TYPE(OSSL_PARAM_BLD *bld, const char *key, TYPE val); - int ossl_param_build_push_BN(OSSL_PARAM_BLD *bld, const char *key, + int ossl_param_bld_push_BN(OSSL_PARAM_BLD *bld, const char *key, const BIGNUM *bn); - int ossl_param_build_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, + int ossl_param_bld_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, char *buf, size_t bsize); - int ossl_param_build_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, + int ossl_param_bld_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, char *buf, size_t bsize); - int ossl_param_build_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, + int ossl_param_bld_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, void *buf, size_t bsize); - int ossl_param_build_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, + int ossl_param_bld_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, void *buf, size_t bsize); @@ -49,11 +49,11 @@ ossl_param_build_push_octet_string, ossl_param_build_push_octet_ptr A collection of utility functions that simplify the creation of OSSL_PARAM arrays. The B names are as per L. -ossl_param_build_init() initialises the OSSL_PARAM_BLD structure so that values +ossl_param_bld_init() initialises the OSSL_PARAM_BLD structure so that values can be added. Any existing values are cleared. -ossl_param_build_to_param() converts a built up OSSL_PARAM_BLD structure +ossl_param_bld_to_param() converts a built up OSSL_PARAM_BLD structure B into an allocated OSSL_PARAM array. The pointer referenced by the B argument is set to point to an allocated block of secure memory if required and to NULL it not. @@ -61,7 +61,7 @@ The OSSL_PARAM array and all associated storage can be freed by calling OPENSSL_free() with the functions return value and OPENSSL_secure_free() with the pointer referenced by B. -ossl_param_build_to_param_ex() behaves like ossl_param_build_to_param(), except that +ossl_param_bld_to_param_ex() behaves like ossl_param_bld_to_param(), except that no additional memory is allocated. An OSSL_PARAM array of at least B elements is passed in as B. The auxiliary storage for the parameters is a block of memory pointed to @@ -69,46 +69,46 @@ by B of at least B bytes in size. If required, secure memory for private BIGNUMs should be pointed to by B of at least B bytes in size. -ossl_param_build_push_TYPE() are a series of functions which will create +ossl_param_bld_push_TYPE() are a series of functions which will create OSSL_PARAM objects of the specified size and correct type for the B argument. B is stored by value and an expression or auto variable can be used. -ossl_param_build_push_BN() is a function that will create an OSSL_PARAM object +ossl_param_bld_push_BN() is a function that will create an OSSL_PARAM object that holds the specified BIGNUM B. If B is marked as being securely allocated, the secure flag is set in the OSSL_PARAM_BLD structure. The B argument is stored by reference and the underlying BIGNUM object -must exist until after ossl_param_build_to_param() has been called. +must exist until after ossl_param_bld_to_param() has been called. -ossl_param_build_push_utf8_string() is a function that will create an OSSL_PARAM +ossl_param_bld_push_utf8_string() is a function that will create an OSSL_PARAM object that references the UTF8 string specified by B. If the length of the string, B, is zero then it will be calculated. The string that B points to is stored by reference and must remain in -scope until after ossl_param_build_to_param() has been called. +scope until after ossl_param_bld_to_param() has been called. -ossl_param_build_push_octet_string() is a function that will create an OSSL_PARAM +ossl_param_bld_push_octet_string() is a function that will create an OSSL_PARAM object that references the octet string specified by B and . The memory that B points to is stored by reference and must remain in -scope until after ossl_param_build_to_param() has been called. +scope until after ossl_param_bld_to_param() has been called. -ossl_param_build_push_utf8_ptr() is a function that will create an OSSL_PARAM +ossl_param_bld_push_utf8_ptr() is a function that will create an OSSL_PARAM object that references the UTF8 string specified by B. If the length of the string, B, is zero then it will be calculated. The string B points to is stored by reference and must remain in scope until the OSSL_PARAM array is freed. -ossl_param_build_push_octet_ptr() is a function that will create an OSSL_PARAM +ossl_param_bld_push_octet_ptr() is a function that will create an OSSL_PARAM object that references the octet string specified by B. The memory B points to is stored by reference and must remain in scope until the OSSL_PARAM array is freed. =head1 RETURN VALUES -ossl_param_build_to_param() and ossl_param_bld_to_param_ex() return the +ossl_param_bld_to_param() and ossl_param_bld_to_param_ex() return the allocated OSSL_PARAM array, or NULL on error. -All of the ossl_param_build_push_TYPE functions return 1 on success and 0 +All of the ossl_param_bld_push_TYPE functions return 1 on success and 0 on error. =head1 NOTES @@ -139,13 +139,13 @@ private key. OSSL_PARAM *params; void *secure; - ossl_param_build_init(&bld, &secure); - if (!ossl_param_build_push_BN(&bld, "p", p) - || !ossl_param_build_push_BN(&bld, "q", q) - || !ossl_param_build_push_uint(&bld, "e", e) - || !ossl_param_build_push_BN(&bld, "n", n) - || !ossl_param_build_push_BN(&bld, "d", d) - || (params = ossl_param_build_to_param(&bld)) == NULL) + ossl_param_bld_init(&bld, &secure); + if (!ossl_param_bld_push_BN(&bld, "p", p) + || !ossl_param_bld_push_BN(&bld, "q", q) + || !ossl_param_bld_push_uint(&bld, "e", e) + || !ossl_param_bld_push_BN(&bld, "n", n) + || !ossl_param_bld_push_BN(&bld, "d", d) + || (params = ossl_param_bld_to_param(&bld)) == NULL) goto err; /* Use params */ ... @@ -161,10 +161,10 @@ public key. OSSL_PARAM *params; void *secure; - ossl_param_build_init(&bld, &secure); - if (!ossl_param_build_push_BN(&bld, "n", n) - || !ossl_param_build_push_BN(&bld, "d", d) - || (params = ossl_param_build_to_param(&bld)) == NULL) + ossl_param_bld_init(&bld, &secure); + if (!ossl_param_bld_push_BN(&bld, "n", n) + || !ossl_param_bld_push_BN(&bld, "d", d) + || (params = ossl_param_bld_to_param(&bld)) == NULL) goto err; /* Use params */ ... diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 0640bcf..b73d2b1 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -6,25 +6,27 @@ OSSL_PARAM_double, OSSL_PARAM_int, OSSL_PARAM_int32, OSSL_PARAM_int64, OSSL_PARAM_long, OSSL_PARAM_size_t, OSSL_PARAM_uint, OSSL_PARAM_uint32, OSSL_PARAM_uint64, OSSL_PARAM_ulong, OSSL_PARAM_BN, OSSL_PARAM_utf8_string, OSSL_PARAM_octet_string, OSSL_PARAM_utf8_ptr, OSSL_PARAM_octet_ptr, -OSSL_PARAM_END, OSSL_PARAM_construct_BN, OSSL_PARAM_construct_double, -OSSL_PARAM_construct_int, OSSL_PARAM_construct_int32, -OSSL_PARAM_construct_int64, OSSL_PARAM_construct_long, -OSSL_PARAM_construct_size_t, OSSL_PARAM_construct_uint, -OSSL_PARAM_construct_uint32, OSSL_PARAM_construct_uint64, -OSSL_PARAM_construct_ulong, OSSL_PARAM_END, OSSL_PARAM_construct_BN, -OSSL_PARAM_construct_utf8_string, OSSL_PARAM_construct_utf8_ptr, -OSSL_PARAM_construct_octet_string, OSSL_PARAM_construct_octet_ptr, -OSSL_PARAM_construct_end, OSSL_PARAM_locate, OSSL_PARAM_locate_const, +OSSL_PARAM_END, +OSSL_PARAM_construct_double, OSSL_PARAM_construct_int, +OSSL_PARAM_construct_int32, OSSL_PARAM_construct_int64, +OSSL_PARAM_construct_long, OSSL_PARAM_construct_size_t, +OSSL_PARAM_construct_uint, OSSL_PARAM_construct_uint32, +OSSL_PARAM_construct_uint64, OSSL_PARAM_construct_ulong, +OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string, +OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string, +OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_locate_const, OSSL_PARAM_get_double, OSSL_PARAM_get_int, OSSL_PARAM_get_int32, OSSL_PARAM_get_int64, OSSL_PARAM_get_long, OSSL_PARAM_get_size_t, OSSL_PARAM_get_uint, OSSL_PARAM_get_uint32, OSSL_PARAM_get_uint64, -OSSL_PARAM_get_ulong, OSSL_PARAM_set_double, OSSL_PARAM_set_int, -OSSL_PARAM_set_int32, OSSL_PARAM_set_int64, OSSL_PARAM_set_long, -OSSL_PARAM_set_size_t, OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, -OSSL_PARAM_set_uint64, OSSL_PARAM_set_ulong, OSSL_PARAM_get_BN, -OSSL_PARAM_set_BN, OSSL_PARAM_get_utf8_string, OSSL_PARAM_set_utf8_string, -OSSL_PARAM_get_octet_string, OSSL_PARAM_set_octet_string, -OSSL_PARAM_get_utf8_ptr, OSSL_PARAM_set_utf8_ptr, OSSL_PARAM_get_octet_ptr, +OSSL_PARAM_get_ulong, OSSL_PARAM_get_BN, OSSL_PARAM_get_utf8_string, +OSSL_PARAM_get_octet_string, OSSL_PARAM_get_utf8_ptr, +OSSL_PARAM_get_octet_ptr, +OSSL_PARAM_set_double, OSSL_PARAM_set_int, OSSL_PARAM_set_int32, +OSSL_PARAM_set_int64, OSSL_PARAM_set_long, OSSL_PARAM_set_size_t, +OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, OSSL_PARAM_set_uint64, +OSSL_PARAM_set_ulong, OSSL_PARAM_set_BN, OSSL_PARAM_set_utf8_string, +OSSL_PARAM_set_octet_string, OSSL_PARAM_set_utf8_ptr, OSSL_PARAM_set_octet_ptr - OSSL_PARAM helpers @@ -34,15 +36,23 @@ OSSL_PARAM_set_octet_ptr #include + /* + * TYPE in function names is one of: + * double, int, int32, int64, long, size_t, uint, uint32, uint64, ulong + * Corresponding TYPE in function arguments is one of: + * double, int, int32_t, int64_t, long, size_t, unsigned int, uint32_t, + * uint64_t, unsigned long + */ + #define OSSL_PARAM_TYPE(key, address) + #define OSSL_PARAM_BN(key, address, size) #define OSSL_PARAM_utf8_string(key, address, size) #define OSSL_PARAM_octet_string(key, address, size) #define OSSL_PARAM_utf8_ptr(key, address, size) #define OSSL_PARAM_octet_ptr(key, address, size) - #define OSSL_PARAM_BN(key, address, size) #define OSSL_PARAM_END - OSSL_PARAM OSSL_PARAM_construct_TYPE(const char *key, TYPE *buf, size_t *ret); + OSSL_PARAM OSSL_PARAM_construct_TYPE(const char *key, TYPE *buf); OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, size_t bsize); OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, @@ -59,11 +69,11 @@ OSSL_PARAM_set_octet_ptr const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *array, const char *key); - int OSSL_PARAM_get_TYPE(const OSSL_PARAM *p, const char *key, TYPE *val); - int OSSL_PARAM_set_TYPE(OSSL_PARAM *p, const char *key, TYPE val); + int OSSL_PARAM_get_TYPE(const OSSL_PARAM *p, TYPE *val); + int OSSL_PARAM_set_TYPE(OSSL_PARAM *p, TYPE val); - int OSSL_PARAM_get_BN(const OSSL_PARAM *p, const char *key, BIGNUM **val); - int OSSL_PARAM_set_BN(OSSL_PARAM *p, const char *key, const BIGNUM *val); + int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val); + int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val); int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, size_t max_len); @@ -73,12 +83,13 @@ OSSL_PARAM_set_octet_ptr size_t max_len, size_t *used_len); int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); - int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, char **val); - int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, char *val); + int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); + int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); - int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, void **val, + int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, size_t *used_len); - int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, void *val, size_t used_len); + int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, + size_t used_len); =head1 DESCRIPTION From builds at travis-ci.org Fri Jul 19 00:09:57 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Jul 2019 00:09:57 +0000 Subject: Still Failing: openssl/openssl#26661 (master - a1c5cef) In-Reply-To: Message-ID: <5d310a554257b_43fb6afb0ed5c25481c@b2a622c1-5690-4f08-b3a1-07299f521f22.mail> Build Update for openssl/openssl ------------------------------------- Build: #26661 Status: Still Failing Duration: 30 mins and 36 secs Commit: a1c5cef (master) Author: Richard Levitte Message: Correct some OSSL_PARAM documentation The documentation wasn't quite in sync with the implementation. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9408) View the changeset: https://github.com/openssl/openssl/compare/04edd688b372...a1c5cefaf47a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/560762371?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 19 01:21:57 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 19 Jul 2019 01:21:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1563499317.152519.29859.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 04edd688b3 Add value_barriers in constant time select functions 05f4eb2dc9 Fix S390X compile error due to missing defines 7a9abccde7 Cleanup use of X509 STORE locks 3b438ef95b Fix init_get_thread_local() Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_b64.d.tmp -MT crypto/evp/libcrypto-lib-bio_b64.o -c -o crypto/evp/libcrypto-lib-bio_b64.o ../openssl/crypto/evp/bio_b64.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_enc.d.tmp -MT crypto/evp/libcrypto-lib-bio_enc.o -c -o crypto/evp/libcrypto-lib-bio_enc.o ../openssl/crypto/evp/bio_enc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_md.d.tmp -MT crypto/evp/libcrypto-lib-bio_md.o -c -o crypto/evp/libcrypto-lib-bio_md.o ../openssl/crypto/evp/bio_md.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-bio_ok.d.tmp -MT crypto/evp/libcrypto-lib-bio_ok.o -c -o crypto/evp/libcrypto-lib-bio_ok.o ../openssl/crypto/evp/bio_ok.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allc.d.tmp -MT crypto/evp/libcrypto-lib-c_allc.o -c -o crypto/evp/libcrypto-lib-c_allc.o ../openssl/crypto/evp/c_allc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_alld.d.tmp -MT crypto/evp/libcrypto-lib-c_alld.o -c -o crypto/evp/libcrypto-lib-c_alld.o ../openssl/crypto/evp/c_alld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allkdf.d.tmp -MT crypto/evp/libcrypto-lib-c_allkdf.o -c -o crypto/evp/libcrypto-lib-c_allkdf.o ../openssl/crypto/evp/c_allkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-c_allm.d.tmp -MT crypto/evp/libcrypto-lib-c_allm.o -c -o crypto/evp/libcrypto-lib-c_allm.o ../openssl/crypto/evp/c_allm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-cmeth_lib.d.tmp -MT crypto/evp/libcrypto-lib-cmeth_lib.o -c -o crypto/evp/libcrypto-lib-cmeth_lib.o ../openssl/crypto/evp/cmeth_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-digest.d.tmp -MT crypto/evp/libcrypto-lib-digest.o -c -o crypto/evp/libcrypto-lib-digest.o ../openssl/crypto/evp/digest.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes.d.tmp -MT crypto/evp/libcrypto-lib-e_aes.o -c -o crypto/evp/libcrypto-lib-e_aes.o ../openssl/crypto/evp/e_aes.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha1.c clang -Icrypto/modes -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.d.tmp -MT crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o -c -o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o ../openssl/crypto/evp/e_aes_cbc_hmac_sha256.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_aria.d.tmp -MT crypto/evp/libcrypto-lib-e_aria.o -c -o crypto/evp/libcrypto-lib-e_aria.o ../openssl/crypto/evp/e_aria.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_bf.d.tmp -MT crypto/evp/libcrypto-lib-e_bf.o -c -o crypto/evp/libcrypto-lib-e_bf.o ../openssl/crypto/evp/e_bf.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_camellia.d.tmp -MT crypto/evp/libcrypto-lib-e_camellia.o -c -o crypto/evp/libcrypto-lib-e_camellia.o ../openssl/crypto/evp/e_camellia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_cast.d.tmp -MT crypto/evp/libcrypto-lib-e_cast.o -c -o crypto/evp/libcrypto-lib-e_cast.o ../openssl/crypto/evp/e_cast.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_chacha20_poly1305.d.tmp -MT crypto/evp/libcrypto-lib-e_chacha20_poly1305.o -c -o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o ../openssl/crypto/evp/e_chacha20_poly1305.c clang -Icrypto -I../openssl/crypto -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_des.d.tmp -MT crypto/evp/libcrypto-lib-e_des.o -c -o crypto/evp/libcrypto-lib-e_des.o ../openssl/crypto/evp/e_des.c clang -Icrypto -I../openssl/crypto -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_des3.d.tmp -MT crypto/evp/libcrypto-lib-e_des3.o -c -o crypto/evp/libcrypto-lib-e_des3.o ../openssl/crypto/evp/e_des3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_idea.d.tmp -MT crypto/evp/libcrypto-lib-e_idea.o -c -o crypto/evp/libcrypto-lib-e_idea.o ../openssl/crypto/evp/e_idea.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_null.d.tmp -MT crypto/evp/libcrypto-lib-e_null.o -c -o crypto/evp/libcrypto-lib-e_null.o ../openssl/crypto/evp/e_null.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_old.d.tmp -MT crypto/evp/libcrypto-lib-e_old.o -c -o crypto/evp/libcrypto-lib-e_old.o ../openssl/crypto/evp/e_old.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc2.d.tmp -MT crypto/evp/libcrypto-lib-e_rc2.o -c -o crypto/evp/libcrypto-lib-e_rc2.o ../openssl/crypto/evp/e_rc2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc4.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4.o -c -o crypto/evp/libcrypto-lib-e_rc4.o ../openssl/crypto/evp/e_rc4.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc4_hmac_md5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o -c -o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o ../openssl/crypto/evp/e_rc4_hmac_md5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_rc5.d.tmp -MT crypto/evp/libcrypto-lib-e_rc5.o -c -o crypto/evp/libcrypto-lib-e_rc5.o ../openssl/crypto/evp/e_rc5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_seed.d.tmp -MT crypto/evp/libcrypto-lib-e_seed.o -c -o crypto/evp/libcrypto-lib-e_seed.o ../openssl/crypto/evp/e_seed.c clang -Icrypto -Icrypto/modes -I../openssl/crypto -I../openssl/crypto/modes -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_sm4.d.tmp -MT crypto/evp/libcrypto-lib-e_sm4.o -c -o crypto/evp/libcrypto-lib-e_sm4.o ../openssl/crypto/evp/e_sm4.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-e_xcbc_d.d.tmp -MT crypto/evp/libcrypto-lib-e_xcbc_d.o -c -o crypto/evp/libcrypto-lib-e_xcbc_d.o ../openssl/crypto/evp/e_xcbc_d.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-encode.d.tmp -MT crypto/evp/libcrypto-lib-encode.o -c -o crypto/evp/libcrypto-lib-encode.o ../openssl/crypto/evp/encode.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_cnf.d.tmp -MT crypto/evp/libcrypto-lib-evp_cnf.o -c -o crypto/evp/libcrypto-lib-evp_cnf.o ../openssl/crypto/evp/evp_cnf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_enc.d.tmp -MT crypto/evp/libcrypto-lib-evp_enc.o -c -o crypto/evp/libcrypto-lib-evp_enc.o ../openssl/crypto/evp/evp_enc.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_err.d.tmp -MT crypto/evp/libcrypto-lib-evp_err.o -c -o crypto/evp/libcrypto-lib-evp_err.o ../openssl/crypto/evp/evp_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_fetch.d.tmp -MT crypto/evp/libcrypto-lib-evp_fetch.o -c -o crypto/evp/libcrypto-lib-evp_fetch.o ../openssl/crypto/evp/evp_fetch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_key.d.tmp -MT crypto/evp/libcrypto-lib-evp_key.o -c -o crypto/evp/libcrypto-lib-evp_key.o ../openssl/crypto/evp/evp_key.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_lib.d.tmp -MT crypto/evp/libcrypto-lib-evp_lib.o -c -o crypto/evp/libcrypto-lib-evp_lib.o ../openssl/crypto/evp/evp_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_pbe.d.tmp -MT crypto/evp/libcrypto-lib-evp_pbe.o -c -o crypto/evp/libcrypto-lib-evp_pbe.o ../openssl/crypto/evp/evp_pbe.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_pkey.d.tmp -MT crypto/evp/libcrypto-lib-evp_pkey.o -c -o crypto/evp/libcrypto-lib-evp_pkey.o ../openssl/crypto/evp/evp_pkey.c ../openssl/crypto/evp/evp_lib.c:820:25: error: no member named 'dh' in 'union evp_pkey_st::(anonymous at ../openssl/crypto/include/internal/evp_int.h:513:5)' DH *dh = pkey->pkey.dh; ~~~~~~~~~~ ^ clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-evp_utils.d.tmp -MT crypto/evp/libcrypto-lib-evp_utils.o -c -o crypto/evp/libcrypto-lib-evp_utils.o ../openssl/crypto/evp/evp_utils.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-exchange.d.tmp -MT crypto/evp/libcrypto-lib-exchange.o -c -o crypto/evp/libcrypto-lib-exchange.o ../openssl/crypto/evp/exchange.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/evp/libcrypto-lib-kdf_lib.d.tmp -MT crypto/evp/libcrypto-lib-kdf_lib.o -c -o crypto/evp/libcrypto-lib-kdf_lib.o ../openssl/crypto/evp/kdf_lib.c ../openssl/crypto/evp/evp_lib.c:822:23: error: implicit declaration of function 'DH_get0_p' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:822:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:822:43: error: implicit declaration of function 'DH_get0_g' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:43: note: did you mean 'DH_get0_p'? ../openssl/crypto/evp/evp_lib.c:822:23: note: 'DH_get0_p' declared here const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~ DH_get0_p ../openssl/crypto/evp/evp_lib.c:822:43: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:39: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:822:63: error: implicit declaration of function 'DH_get0_q' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ../openssl/crypto/evp/evp_lib.c:822:63: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:822:59: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); ^ ~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:823:29: error: implicit declaration of function 'DH_get0_pub_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:823:29: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/crypto/evp/evp_lib.c:823:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ~~~~~~~~~~~~~~~~~~~ ../openssl/crypto/evp/evp_lib.c:824:30: error: implicit declaration of function 'DH_get0_priv_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:30: note: did you mean 'DH_get0_pub_key'? ../openssl/crypto/evp/evp_lib.c:823:29: note: 'DH_get0_pub_key' declared here const BIGNUM *pub_key = DH_get0_pub_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:30: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ../openssl/crypto/evp/evp_lib.c:824:19: error: incompatible integer to pointer conversion initializing 'const BIGNUM *' (aka 'const struct bignum_st *') with an expression of type 'int' [-Werror,-Wint-conversion] const BIGNUM *priv_key = DH_get0_priv_key(dh); ^ ~~~~~~~~~~~~~~~~~~~~ 16 errors generated. Makefile:9335: recipe for target 'crypto/evp/libcrypto-lib-evp_lib.o' failed make[1]: *** [crypto/evp/libcrypto-lib-evp_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Fri Jul 19 02:21:01 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 19 Jul 2019 02:21:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1563502861.420553.12452.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 04edd688b3 Add value_barriers in constant time select functions 05f4eb2dc9 Fix S390X compile error due to missing defines 7a9abccde7 Cleanup use of X509 STORE locks 3b438ef95b Fix init_get_thread_local() Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1647, 241 wallclock secs ( 3.02 usr 0.37 sys + 229.22 cusr 21.46 csys = 254.07 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 19 06:21:11 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 19 Jul 2019 06:21:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1563517271.133758.23860.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 04edd688b3 Add value_barriers in constant time select functions 05f4eb2dc9 Fix S390X compile error due to missing defines 7a9abccde7 Cleanup use of X509 STORE locks 3b438ef95b Fix init_get_thread_local() Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:294: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:305: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:311: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:314: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:317: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:402: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:422: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:435: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:468: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:469: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_memdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strndup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OPENSSL_hexstr2buf': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:162: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:165: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:168: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:259: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7159: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Fri Jul 19 13:18:42 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 19 Jul 2019 13:18:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1563542322.647439.24143.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 04edd688b3 Add value_barriers in constant time select functions 05f4eb2dc9 Fix S390X compile error due to missing defines 7a9abccde7 Cleanup use of X509 STORE locks 3b438ef95b Fix init_get_thread_local() Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 211 wallclock secs ( 1.76 usr 0.29 sys + 207.11 cusr 17.79 csys = 226.95 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 19 14:05:31 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 19 Jul 2019 14:05:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1563545131.032369.17258.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 04edd688b3 Add value_barriers in constant time select functions 05f4eb2dc9 Fix S390X compile error due to missing defines 7a9abccde7 Cleanup use of X509 STORE locks 3b438ef95b Fix init_get_thread_local() Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 216 wallclock secs ( 1.73 usr 0.29 sys + 211.81 cusr 17.46 csys = 231.29 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Fri Jul 19 16:37:41 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Jul 2019 16:37:41 +0000 Subject: [openssl] master update Message-ID: <1563554261.350004.15628.nullmailer@dev.openssl.org> The branch master has been updated via 76ca35e7246b0071040cd242de06154c0195bcff (commit) from a1c5cefaf47ad9992c77960e8899d8979901507a (commit) - Log ----------------------------------------------------------------- commit 76ca35e7246b0071040cd242de06154c0195bcff Author: Matt Caswell Date: Wed Jul 17 11:40:41 2019 +0100 Fix no-dh The recent move of the DH code into the default provider broke no-dh. This adds back in various missing guards. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9399) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_lib.c | 6 +++++- crypto/evp/pmeth_lib.c | 6 ++++++ providers/common/exchange/build.info | 6 ++++-- providers/default/defltprov.c | 2 ++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 3e64a1f..47bbb2b 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -729,12 +729,13 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), } #ifndef FIPS_MODE +# ifndef OPENSSL_NO_DH /* * TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added * in later. */ -#define MAX_PARAMS 10 +# define MAX_PARAMS 10 typedef struct { /* Number of the current param */ size_t curr; @@ -845,12 +846,15 @@ static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz) return param_template_to_param(&tmpl, sz); } +# endif /* OPENSSL_NO_DH */ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz) { switch (pkey->type) { +# ifndef OPENSSL_NO_DH case EVP_PKEY_DH: return evp_pkey_dh_to_param(pkey, sz); +# endif default: return NULL; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index d444e71..169b056 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -393,6 +393,7 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return 0; } +#ifndef OPENSSL_NO_DH int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) { OSSL_PARAM dh_pad_params[2]; @@ -407,13 +408,16 @@ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) return EVP_PKEY_CTX_set_params(ctx, dh_pad_params); } +#endif static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { switch (cmd) { +#ifndef OPENSSL_NO_DH case EVP_PKEY_CTRL_DH_PAD: return EVP_PKEY_CTX_set_dh_pad(ctx, p1); +#endif } return 0; } @@ -470,12 +474,14 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, const char *value) { +#ifndef OPENSSL_NO_DH if (strcmp(name, "dh_pad") == 0) { int pad; pad = atoi(value); return EVP_PKEY_CTX_set_dh_pad(ctx, pad); } +#endif return 0; } diff --git a/providers/common/exchange/build.info b/providers/common/exchange/build.info index 1039075..7957f51 100644 --- a/providers/common/exchange/build.info +++ b/providers/common/exchange/build.info @@ -1,5 +1,7 @@ LIBS=../../../libcrypto -SOURCE[../../../libcrypto]=\ - dh.c +IF[{- !$disabled{dh} -}] + SOURCE[../../../libcrypto]=\ + dh.c +ENDIF diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 6ac2bdb..18e3a5c 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -115,7 +115,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { }; static const OSSL_ALGORITHM deflt_keyexch[] = { +#ifndef OPENSSL_NO_DH { "dhKeyAgreement", "default=yes", dh_functions }, +#endif { NULL, NULL, NULL } }; From builds at travis-ci.org Fri Jul 19 16:57:11 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Jul 2019 16:57:11 +0000 Subject: Still Failing: openssl/openssl#26673 (master - 76ca35e) In-Reply-To: Message-ID: <5d31f666f0781_43fa2b3332ea47094@6be26225-8361-4487-9664-b0c91d1c6f37.mail> Build Update for openssl/openssl ------------------------------------- Build: #26673 Status: Still Failing Duration: 18 mins and 46 secs Commit: 76ca35e (master) Author: Matt Caswell Message: Fix no-dh The recent move of the DH code into the default provider broke no-dh. This adds back in various missing guards. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9399) View the changeset: https://github.com/openssl/openssl/compare/a1c5cefaf47a...76ca35e7246b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561102967?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Jul 19 18:17:15 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 19 Jul 2019 18:17:15 +0000 Subject: [openssl] master update Message-ID: <1563560235.840434.23635.nullmailer@dev.openssl.org> The branch master has been updated via 3cb45a55853db05d5af1b564a55491a22f592305 (commit) via f6800e37b762563e79115ebdb233c0c07afc23e5 (commit) from 76ca35e7246b0071040cd242de06154c0195bcff (commit) - Log ----------------------------------------------------------------- commit 3cb45a55853db05d5af1b564a55491a22f592305 Author: Richard Levitte Date: Thu Jul 18 09:19:43 2019 +0200 doc: fix some links Some links are aged and need an adjustment. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9407) commit f6800e37b762563e79115ebdb233c0c07afc23e5 Author: Richard Levitte Date: Thu Jul 18 09:03:18 2019 +0200 util/find-doc-nits: fixups - Treat .pod.in files as well, and parse out the base name for those too. - Correct the detection of the description part in the NAME section (the separating dash MUST be preceeded with a space) - Allow slahes in names of the NAME section (convert them to dashes for file name comparison). This allows manual pages for some of our header files, such as openssl/core.h. - Properly detect repeated names in the NAME section. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9407) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_KDF_CTX.pod | 2 +- doc/man3/EVP_MD_fetch.pod | 2 +- doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod | 7 +++++-- doc/man3/OSSL_PARAM.pod | 2 +- doc/man3/OSSL_trace_set_channel.pod | 2 ++ doc/man7/x509.pod | 1 - util/find-doc-nits | 29 +++++++++++++++++------------ 7 files changed, 27 insertions(+), 18 deletions(-) diff --git a/doc/man3/EVP_KDF_CTX.pod b/doc/man3/EVP_KDF_CTX.pod index e65becf..1ae79bc 100644 --- a/doc/man3/EVP_KDF_CTX.pod +++ b/doc/man3/EVP_KDF_CTX.pod @@ -278,7 +278,7 @@ L L L L -L +L =head1 HISTORY diff --git a/doc/man3/EVP_MD_fetch.pod b/doc/man3/EVP_MD_fetch.pod index 11390d0..98e4c84 100644 --- a/doc/man3/EVP_MD_fetch.pod +++ b/doc/man3/EVP_MD_fetch.pod @@ -69,7 +69,7 @@ the default provider unless the default search criteria have been changed and/or different providers have been loaded. Implicit fetching can also occur with functions such as -L where a NULL algorithm parameter is supplied. +L where a NULL algorithm parameter is supplied. In this case an algorithm implementation is implicitly fetched using default search criteria and an algorithm name that is consistent with the type of EVP_PKEY being used. diff --git a/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod b/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod index e9ca351..dfde4ff 100644 --- a/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod +++ b/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod @@ -29,7 +29,7 @@ EVP_PKEY_CTX_set_scrypt_maxmem_bytes These functions are used to set up the necessary data to use the scrypt KDF. -For more information on scrypt, see L. +For more information on scrypt, see L. EVP_PKEY_CTX_set1_scrypt_salt() sets the B bytes long salt value. @@ -54,6 +54,9 @@ respectively. =head1 NOTES +There is a newer generic API for KDFs, L, which is +preferred over the EVP_PKEY method. + The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as the value from the string controls "pass" and "hexpass". See L. @@ -69,7 +72,7 @@ supported by the public key algorithm. =head1 SEE ALSO -L, +L L, L, L diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index fbe37b4..0f6358c 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -285,7 +285,7 @@ could fill in the parameters like this: =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod index 9c03218..6a88fe7 100644 --- a/doc/man3/OSSL_trace_set_channel.pod +++ b/doc/man3/OSSL_trace_set_channel.pod @@ -1,5 +1,7 @@ =pod +=for comment foreign manuals: atexit(3) + =head1 NAME OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix, diff --git a/doc/man7/x509.pod b/doc/man7/x509.pod index 2d4edaa..095203c 100644 --- a/doc/man7/x509.pod +++ b/doc/man7/x509.pod @@ -58,7 +58,6 @@ L, L, L, L, -L, L =head1 COPYRIGHT diff --git a/util/find-doc-nits b/util/find-doc-nits index ecd9f9a..499a68f 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -79,8 +79,7 @@ sub name_synopsis() print "$id missing comma in NAME\n" if $tmp =~ /[^,] /; my $dirname = dirname($filename); - my $simplename = basename($filename); - $simplename =~ s/.pod$//; + my $simplename = basename(basename($filename, ".in"), ".pod"); my $foundfilename = 0; my %foundfilenames = (); my %names; @@ -92,9 +91,10 @@ sub name_synopsis() $names{$n} = 1; $foundfilename++ if $n eq $simplename; $foundfilenames{$n} = 1 - if -f "$dirname/$n.pod" && $n ne $simplename; + if ((-f "$dirname/$n.pod.in" || -f "$dirname/$n.pod") + && $n ne $simplename); } - print "$id the following exist as other .pod files:\n", + print "$id the following exist as other .pod or .pod.in files:\n", join(" ", sort keys %foundfilenames), "\n" if %foundfilenames; print "$id $simplename (filename) missing from NAME section\n" @@ -283,7 +283,7 @@ sub getdocced my $dir = shift; my %return; - foreach my $pod ( glob("$dir/*.pod") ) { + foreach my $pod ( glob("$dir/*.pod"), glob("$dir/*.pod.in") ) { my %podinfo = extract_pod_info($pod); foreach my $n ( @{$podinfo{names}} ) { $return{$n} = $pod; @@ -394,7 +394,7 @@ sub collectnames { my $filename = shift; $filename =~ m|man(\d)/|; my $section = $1; - my $simplename = basename($filename, ".pod"); + my $simplename = basename(basename($filename, ".in"), ".pod"); my $id = "${filename}:1:"; my $contents = ''; @@ -412,9 +412,12 @@ sub collectnames { return; } $tmp =~ tr/\n/ /; - $tmp =~ s/-.*//g; + $tmp =~ s/ -.*//g; - my @names = map { s/^\s+//g; s/\s+$//g; $_ } split(/,/, $tmp); + my @names = + map { s|/|-|g; $_ } # Treat slash as dash + map { s/^\s+//g; s/\s+$//g; $_ } # Trim prefix and suffix blanks + split(/,/, $tmp); unless (grep { $simplename eq $_ } @names) { print "$id missing $simplename\n"; push @names, $simplename; @@ -427,8 +430,10 @@ sub collectnames { my $name_sec = "$name($section)"; if (! exists $name_collection{$name_sec}) { $name_collection{$name_sec} = $filename; - } else { #elsif ($filename ne $name_collection{$name_sec}) { - print "$id $name_sec also in $name_collection{$name_sec}\n"; + } elsif ($filename eq $name_collection{$name_sec}) { + print "$id $name_sec repeated in NAME section of $name_collection{$name_sec}\n" + } else { + print "$id $name_sec also in NAME section of $name_collection{$name_sec}\n"; } } @@ -600,7 +605,7 @@ if ( $opt_c ) { } if ( $opt_l ) { - foreach (@ARGV ? @ARGV : (glob('doc/*/*.pod'), + foreach (@ARGV ? @ARGV : (glob('doc/*/*.pod'), glob('doc/*/*.pod.in'), glob('doc/internal/*/*.pod'))) { collectnames($_); } @@ -609,7 +614,7 @@ if ( $opt_l ) { if ( $opt_n ) { &publicize() if $opt_p; - foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) { + foreach (@ARGV ? @ARGV : (glob('doc/*/*.pod'), glob('doc/*/*.pod.in'))) { &check($_); } { From levitte at openssl.org Fri Jul 19 18:19:13 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 19 Jul 2019 18:19:13 +0000 Subject: [openssl] master update Message-ID: <1563560353.813788.8319.nullmailer@dev.openssl.org> The branch master has been updated via 5800ba761052894145abe7a74a1159df007b6875 (commit) from 3cb45a55853db05d5af1b564a55491a22f592305 (commit) - Log ----------------------------------------------------------------- commit 5800ba761052894145abe7a74a1159df007b6875 Author: Richard Levitte Date: Tue Jul 16 12:21:47 2019 +0200 test/enginetest.c: Make sure no config file is loaded If a config file gets loaded, the tests get disturbed. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9393) ----------------------------------------------------------------------- Summary of changes: test/enginetest.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/test/enginetest.c b/test/enginetest.c index b4d117e..9957f59 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -121,8 +121,12 @@ static int test_engines(void) display_engine_list(); /* - * Depending on whether there's any hardware support compiled in, this - * remove may be destined to fail. + * At this point, we should have an empty list, unless some hardware + * support engine got added. However, since we don't allow the config + * file to be loaded and don't otherwise load any built in engines, + * that is unlikely. Still, we check, if for nothing else, then to + * notify that something is a little off (and might mean that |new_h1| + * wasn't unloaded when it should have) */ if ((ptr = ENGINE_get_first()) != NULL) { if (!ENGINE_remove(ptr)) @@ -347,6 +351,15 @@ static int test_redirect(void) } #endif +int global_init(void) +{ + /* + * If the config file gets loaded, the dynamic engine will be loaded, + * and that interferes with our test above. + */ + return OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); +} + int setup_tests(void) { #ifdef OPENSSL_NO_ENGINE From levitte at openssl.org Fri Jul 19 18:20:09 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 19 Jul 2019 18:20:09 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563560409.413864.20884.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a9befadf73df107a1da3f143d0b7ae941b6b3d8e (commit) from 7fab4310409189767e86b9d2f5fa6d3fa3fd6270 (commit) - Log ----------------------------------------------------------------- commit a9befadf73df107a1da3f143d0b7ae941b6b3d8e Author: Richard Levitte Date: Tue Jul 16 12:21:47 2019 +0200 test/enginetest.c: Make sure no config file is loaded If a config file gets loaded, the tests get disturbed. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9393) (cherry picked from commit 5800ba761052894145abe7a74a1159df007b6875) ----------------------------------------------------------------------- Summary of changes: test/enginetest.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/test/enginetest.c b/test/enginetest.c index be57f16..a837b09 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -120,8 +120,12 @@ static int test_engines(void) display_engine_list(); /* - * Depending on whether there's any hardware support compiled in, this - * remove may be destined to fail. + * At this point, we should have an empty list, unless some hardware + * support engine got added. However, since we don't allow the config + * file to be loaded and don't otherwise load any built in engines, + * that is unlikely. Still, we check, if for nothing else, then to + * notify that something is a little off (and might mean that |new_h1| + * wasn't unloaded when it should have) */ if ((ptr = ENGINE_get_first()) != NULL) { if (!ENGINE_remove(ptr)) @@ -346,6 +350,15 @@ static int test_redirect(void) } #endif +int global_init(void) +{ + /* + * If the config file gets loaded, the dynamic engine will be loaded, + * and that interferes with our test above. + */ + return OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); +} + int setup_tests(void) { #ifdef OPENSSL_NO_ENGINE From builds at travis-ci.org Fri Jul 19 18:51:05 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Jul 2019 18:51:05 +0000 Subject: Still Failing: openssl/openssl#26676 (master - 3cb45a5) In-Reply-To: Message-ID: <5d320f02a67f7_43fbd9e842bb42297a8@04047826-0c1e-46a6-9650-3a10f3d217ad.mail> Build Update for openssl/openssl ------------------------------------- Build: #26676 Status: Still Failing Duration: 22 mins and 15 secs Commit: 3cb45a5 (master) Author: Richard Levitte Message: doc: fix some links Some links are aged and need an adjustment. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9407) View the changeset: https://github.com/openssl/openssl/compare/76ca35e7246b...3cb45a55853d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561141379?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Jul 19 18:56:10 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Jul 2019 18:56:10 +0000 Subject: Still Failing: openssl/openssl#26677 (master - 5800ba7) In-Reply-To: Message-ID: <5d32124a4b95d_43ff41bb17b381715f0@71c93378-802a-4c2b-ae71-90077d68d6cc.mail> Build Update for openssl/openssl ------------------------------------- Build: #26677 Status: Still Failing Duration: 26 mins and 9 secs Commit: 5800ba7 (master) Author: Richard Levitte Message: test/enginetest.c: Make sure no config file is loaded If a config file gets loaded, the tests get disturbed. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9393) View the changeset: https://github.com/openssl/openssl/compare/3cb45a55853d...5800ba761052 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561142271?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 19 21:29:12 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 19 Jul 2019 21:29:12 +0000 Subject: Build failed: openssl master.26106 Message-ID: <20190719212912.1.753BD7FB2AEFC063@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jul 20 05:06:28 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 20 Jul 2019 05:06:28 +0000 Subject: Build failed: openssl master.26108 Message-ID: <20190720050628.1.D786F517C1BAC963@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jul 20 06:19:53 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 20 Jul 2019 06:19:53 +0000 Subject: Build completed: openssl master.26109 Message-ID: <20190720061953.1.F3B8A1A1444BA98F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jul 20 08:25:39 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 20 Jul 2019 08:25:39 +0000 Subject: Build failed: openssl master.26112 Message-ID: <20190720082539.1.A2C19228100FFEC2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jul 20 10:17:41 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 20 Jul 2019 10:17:41 +0000 Subject: Build completed: openssl master.26113 Message-ID: <20190720101741.1.ECD401E2E1E6DA89@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jul 20 17:28:56 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 20 Jul 2019 17:28:56 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.26122 Message-ID: <20190720172856.1.1CA31BEBFF1FB741@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jul 20 21:38:45 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 20 Jul 2019 21:38:45 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.26123 Message-ID: <20190720213845.1.9A2ABE7069B14DA8@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jul 21 07:37:07 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 21 Jul 2019 07:37:07 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5d34162349b3_3d9d2ad3791d4f5885db@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0JH6B9WLr-2BPz7307Y4cY-2FPoPqXjuUJ98okiewlnR-2B-2FH1j1nyOdU9P3gk5-2BvnO-2FWbWE9f9nE2ltude5Eihrm-2FQyk4ffKDExsncgY7Ik6D1S57n1Ag3ZhCW-2B5gYomPfeGWTGF3keHxAZaEbbypySkSxdwrd6mj0WDeH-2Bov-2FUnbdVNLVugwmTzAwpv3McK4Dglys-3D Build ID: 265335 Analysis Summary: New defects found: 14 Defects eliminated: 5 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6zzUI-2FRfbrE6mNOeeukHUQw-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0JH6B9WLr-2BPz7307Y4cY-2FPoPqXjuUJ98okiewlnR-2B-2FH1iGgYtB-2BqP6El1yndUV-2FSvM1k8x1wzQytkQg-2FbnmywsXp9H85iuf26Urfvj58INoYGVn-2Br4FdRsJF-2ByQvA00l1nVdMR7wyLNQLzErrFQ8tekD7Wh-2FexhMKgdKY9fa521M0HeXz9QIu-2Bbe-2Bpl92UZno-3D From scan-admin at coverity.com Sun Jul 21 07:44:58 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 21 Jul 2019 07:44:58 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5d3417fa1e99a_41322ad3791d4f588540@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2SzT8lkRwlDHNY7uWd6SFdzqISbWpl-2B7xsII9Onp4BDC84WAUgbVvQPgDQLP70cZLysQ1c3kTB8qIWkCst84P6ZQeknBC226Sp7kY1-2FizV-2F8cKTkHYasEjN59-2FsZwbmJ90GPa9Os1I1tig7YxIEA3qPByAXEDU1PPcKxOwJKeUW8J7mUxfI2H99IUCfIeEoDw-3D Build ID: 265337 Analysis Summary: New defects found: 0 Defects eliminated: 0 From bernd.edlinger at hotmail.de Sun Jul 21 08:11:00 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 21 Jul 2019 08:11:00 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1563696660.903204.16228.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 92a2f01ea40ec52f8f77893ff433dc47c1f5b9ef (commit) from 69ae4153af5a6e62369611b694748c846a461d02 (commit) - Log ----------------------------------------------------------------- commit 92a2f01ea40ec52f8f77893ff433dc47c1f5b9ef Author: Bernd Edlinger Date: Fri Jun 21 21:26:19 2019 +0200 Add value_barriers in constant time select functions The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9418) ----------------------------------------------------------------------- Summary of changes: include/internal/constant_time_locl.h | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h index 18d2f56..b702675 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time_locl.h @@ -158,11 +158,29 @@ static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) return constant_time_eq_8((unsigned)(a), (unsigned)(b)); } +/* + * Returns the value unmodified, but avoids optimizations. + * The barriers prevent the compiler from narrowing down the + * possible value range of the mask and ~mask in the select + * statements, which avoids the recognition of the select + * and turning it into a conditional load or branch. + */ +static ossl_inline unsigned int value_barrier(unsigned int a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned int r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned int r = a; +#endif + return r; +} + static ossl_inline unsigned int constant_time_select(unsigned int mask, unsigned int a, unsigned int b) { - return (mask & a) | (~mask & b); + return (value_barrier(mask) & a) | (value_barrier(~mask) & b); } static ossl_inline unsigned char constant_time_select_8(unsigned char mask, From bernd.edlinger at hotmail.de Sun Jul 21 08:14:39 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 21 Jul 2019 08:14:39 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1563696879.834076.22304.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via aa8b244e5c22193078e3e80fad1f5b27bf62c73b (commit) from 7a7afc559ebc0ad88390cc62bfc34c221d595831 (commit) - Log ----------------------------------------------------------------- commit aa8b244e5c22193078e3e80fad1f5b27bf62c73b Author: Bernd Edlinger Date: Fri Jun 21 21:26:19 2019 +0200 Add value_barriers in constant time select functions The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9419) ----------------------------------------------------------------------- Summary of changes: crypto/constant_time_locl.h | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/crypto/constant_time_locl.h b/crypto/constant_time_locl.h index a5734f2..94e20bc 100644 --- a/crypto/constant_time_locl.h +++ b/crypto/constant_time_locl.h @@ -185,11 +185,29 @@ static inline unsigned char constant_time_eq_int_8(int a, int b) return constant_time_eq_8((unsigned)(a), (unsigned)(b)); } +/* + * Returns the value unmodified, but avoids optimizations. + * The barriers prevent the compiler from narrowing down the + * possible value range of the mask and ~mask in the select + * statements, which avoids the recognition of the select + * and turning it into a conditional load or branch. + */ +static inline unsigned int value_barrier(unsigned int a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned int r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned int r = a; +#endif + return r; +} + static inline unsigned int constant_time_select(unsigned int mask, unsigned int a, unsigned int b) { - return (mask & a) | (~mask & b); + return (value_barrier(mask) & a) | (value_barrier(~mask) & b); } static inline unsigned char constant_time_select_8(unsigned char mask, From builds at travis-ci.org Sun Jul 21 08:21:51 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 21 Jul 2019 08:21:51 +0000 Subject: Broken: openssl/openssl#26702 (OpenSSL_1_0_2-stable - aa8b244) In-Reply-To: Message-ID: <5d34209f9107f_43fa5301eca70196529@4338b56b-69cb-43d0-9dec-9dcea4d70bdf.mail> Build Update for openssl/openssl ------------------------------------- Build: #26702 Status: Broken Duration: 6 mins and 43 secs Commit: aa8b244 (OpenSSL_1_0_2-stable) Author: Bernd Edlinger Message: Add value_barriers in constant time select functions The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9419) View the changeset: https://github.com/openssl/openssl/compare/7a7afc559ebc...aa8b244e5c22 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561633306?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Sun Jul 21 09:08:20 2019 From: levitte at openssl.org (Richard Levitte) Date: Sun, 21 Jul 2019 09:08:20 +0000 Subject: [openssl] master update Message-ID: <1563700100.801962.24918.nullmailer@dev.openssl.org> The branch master has been updated via 38f6f99cdf0a87345d646d30a764c089c38627ad (commit) from 5800ba761052894145abe7a74a1159df007b6875 (commit) - Log ----------------------------------------------------------------- commit 38f6f99cdf0a87345d646d30a764c089c38627ad Author: Richard Levitte Date: Wed Jul 17 21:22:42 2019 +0200 Cygwin: enable the use of Dl_info and dladdr() These weren't available in Cygwin at the time our DSO code was written, but things have changed since. Fixes #9385 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9402) ----------------------------------------------------------------------- Summary of changes: crypto/dso/dso_dlfcn.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 5e98513..d076c7e 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -27,8 +27,7 @@ # endif # include # define HAVE_DLINFO 1 -# if defined(__CYGWIN__) || \ - defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ +# if defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ defined(__ANDROID__) From levitte at openssl.org Sun Jul 21 09:09:00 2019 From: levitte at openssl.org (Richard Levitte) Date: Sun, 21 Jul 2019 09:09:00 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563700140.876200.26795.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 12bd8f46311dda094e8b9f0be46d4053410894cb (commit) from a9befadf73df107a1da3f143d0b7ae941b6b3d8e (commit) - Log ----------------------------------------------------------------- commit 12bd8f46311dda094e8b9f0be46d4053410894cb Author: Richard Levitte Date: Wed Jul 17 21:22:42 2019 +0200 Cygwin: enable the use of Dl_info and dladdr() These weren't available in Cygwin at the time our DSO code was written, but things have changed since. Fixes #9385 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9402) (cherry picked from commit 38f6f99cdf0a87345d646d30a764c089c38627ad) ----------------------------------------------------------------------- Summary of changes: crypto/dso/dso_dlfcn.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 4240f5f..e2b87e8 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -27,8 +27,7 @@ # endif # include # define HAVE_DLINFO 1 -# if defined(__CYGWIN__) || \ - defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ +# if defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ defined(__ANDROID__) From builds at travis-ci.org Sun Jul 21 09:28:16 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 21 Jul 2019 09:28:16 +0000 Subject: Still Failing: openssl/openssl#26705 (master - 38f6f99) In-Reply-To: Message-ID: <5d34302f1ca4e_43fea70bb6c4c1876e7@c900e0be-d1a0-4cb3-823f-0bfd8d4af24b.mail> Build Update for openssl/openssl ------------------------------------- Build: #26705 Status: Still Failing Duration: 19 mins and 25 secs Commit: 38f6f99 (master) Author: Richard Levitte Message: Cygwin: enable the use of Dl_info and dladdr() These weren't available in Cygwin at the time our DSO code was written, but things have changed since. Fixes #9385 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9402) View the changeset: https://github.com/openssl/openssl/compare/5800ba761052...38f6f99cdf0a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561640748?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 21 18:35:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 21 Jul 2019 18:35:34 +0000 Subject: Build failed: openssl master.26134 Message-ID: <20190721183534.1.B51473F93F9B62F8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 21 19:56:41 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 21 Jul 2019 19:56:41 +0000 Subject: Build completed: openssl master.26135 Message-ID: <20190721195641.1.C08328699B81FBD2@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 22 01:24:38 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jul 2019 01:24:38 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1563758678.825772.8031.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 38f6f99cdf Cygwin: enable the use of Dl_info and dladdr() 5800ba7610 test/enginetest.c: Make sure no config file is loaded 3cb45a5585 doc: fix some links f6800e37b7 util/find-doc-nits: fixups 76ca35e724 Fix no-dh a1c5cefaf4 Correct some OSSL_PARAM documentation From openssl at openssl.org Mon Jul 22 02:23:58 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jul 2019 02:23:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1563762238.292292.23098.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 38f6f99cdf Cygwin: enable the use of Dl_info and dladdr() 5800ba7610 test/enginetest.c: Make sure no config file is loaded 3cb45a5585 doc: fix some links f6800e37b7 util/find-doc-nits: fixups 76ca35e724 Fix no-dh a1c5cefaf4 Correct some OSSL_PARAM documentation Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1647, 227 wallclock secs ( 2.47 usr 0.33 sys + 219.51 cusr 16.81 csys = 239.12 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Mon Jul 22 03:07:27 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 22 Jul 2019 03:07:27 +0000 Subject: [openssl] master update Message-ID: <1563764847.182533.22458.nullmailer@dev.openssl.org> The branch master has been updated via 7312ef3fc4a7d391272f3ba8075eabf81a229ad2 (commit) from 38f6f99cdf0a87345d646d30a764c089c38627ad (commit) - Log ----------------------------------------------------------------- commit 7312ef3fc4a7d391272f3ba8075eabf81a229ad2 Author: Pauli Date: Fri Jul 19 01:14:07 2019 +1000 Add param builder free function. This means include deallocation information in the return from the ossl_param_bld_to_param function. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9404) ----------------------------------------------------------------------- Summary of changes: crypto/param_build.c | 48 +++++++++++++++++++------------ doc/internal/man3/ossl_param_bld_init.pod | 45 ++++++++++++++--------------- include/internal/param_build.h | 3 +- test/param_build_test.c | 29 ++++++++++++------- 4 files changed, 71 insertions(+), 54 deletions(-) diff --git a/crypto/param_build.c b/crypto/param_build.c index 851b735..4d28c87 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -15,6 +15,8 @@ #include "internal/cryptlib.h" #include "internal/param_build.h" +#define OSSL_PARAM_ALLOCATED_END 127 + typedef union { OSSL_UNION_ALIGN; } OSSL_PARAM_BLD_BLOCK; @@ -274,40 +276,50 @@ static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param, } } param[i] = OSSL_PARAM_construct_end(); - return param; + return param + i; } -OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld, void **secure) +OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld) { OSSL_PARAM_BLD_BLOCK *blk, *s = NULL; - OSSL_PARAM *param; - const size_t p_blks = bytes_to_blocks((bld->curr + 1) * sizeof(*param)); + OSSL_PARAM *params, *last; + const size_t p_blks = bytes_to_blocks((1 + bld->curr) * sizeof(*params)); const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks); + const size_t ss = ALIGN_SIZE * bld->secure_blocks; - if (bld->secure_blocks > 0) { - if (secure == NULL) { - CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, - CRYPTO_R_INVALID_NULL_ARGUMENT); - return NULL; - } - s = OPENSSL_secure_malloc(bld->secure_blocks * ALIGN_SIZE); + if (ss > 0) { + s = OPENSSL_secure_malloc(ss); if (s == NULL) { CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, CRYPTO_R_SECURE_MALLOC_FAILURE); return NULL; } } - param = OPENSSL_malloc(total); - if (param == NULL) { + params = OPENSSL_malloc(total); + if (params == NULL) { CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE); OPENSSL_secure_free(s); return NULL; } - if (secure != NULL) - *secure = s; - blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(param); - param_bld_convert(bld, param, blk, s); - return param; + blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(params); + last = param_bld_convert(bld, params, blk, s); + last->data_size = ss; + last->data = s; + last->data_type = OSSL_PARAM_ALLOCATED_END; + return params; +} + +void ossl_param_bld_free(OSSL_PARAM *params) +{ + if (params != NULL) { + OSSL_PARAM *p; + + for (p = params; p->key != NULL; p++) + ; + if (p->data_type == OSSL_PARAM_ALLOCATED_END) + OPENSSL_secure_clear_free(p->data, p->data_size); + OPENSSL_free(params); + } } OSSL_PARAM *ossl_param_bld_to_param_ex(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, diff --git a/doc/internal/man3/ossl_param_bld_init.pod b/doc/internal/man3/ossl_param_bld_init.pod index a65aa8b..2385ffc 100644 --- a/doc/internal/man3/ossl_param_bld_init.pod +++ b/doc/internal/man3/ossl_param_bld_init.pod @@ -2,32 +2,33 @@ =head1 NAME -ossl_param_bld_init, -ossl_param_bld_to_param, ossl_param_bld_push_int, -ossl_param_bld_push_uint, ossl_param_bld_push_long, -ossl_param_bld_push_ulong, ossl_param_bld_push_int32, -ossl_param_bld_push_uint32, ossl_param_bld_push_int64, -ossl_param_bld_push_uint64, ossl_param_bld_push_size_t, -ossl_param_bld_push_double, ossl_param_bld_push_BN, -ossl_param_bld_push_utf8_string, ossl_param_bld_push_utf8_ptr, -ossl_param_bld_push_octet_string, ossl_param_bld_push_octet_ptr +ossl_param_bld_init, ossl_param_bld_to_param, ossl_param_bld_to_param_ex, +ossl_param_bld_free, ossl_param_bld_push_int, ossl_param_bld_push_uint, +ossl_param_bld_push_long, ossl_param_bld_push_ulong, +ossl_param_bld_push_int32, ossl_param_bld_push_uint32, +ossl_param_bld_push_int64, ossl_param_bld_push_uint64, +ossl_param_bld_push_size_t, ossl_param_bld_push_double, +ossl_param_bld_push_BN, ossl_param_bld_push_utf8_string, +ossl_param_bld_push_utf8_ptr, ossl_param_bld_push_octet_string, +ossl_param_bld_push_octet_ptr - functions to assist in the creation of OSSL_PARAM arrays =head1 SYNOPSIS =for comment generic - #include "internal/params_template.h" + #include "internal/params_build.h" #define OSSL_PARAM_BLD_MAX 10 typedef struct { ... } OSSL_PARAM_BLD; void ossl_param_bld_init(OSSL_PARAM_BLD *bld); - OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld, void **secure); + OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld); OSSL_PARAM *ossl_param_bld_to_param_ex(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, size_t param_n, void *data, size_t data_n, void *secure, size_t secure_n); + void ossl_param_bld_free(OSSL_PARAM *params); int ossl_param_bld_push_TYPE(OSSL_PARAM_BLD *bld, const char *key, TYPE val); @@ -55,11 +56,11 @@ Any existing values are cleared. ossl_param_bld_to_param() converts a built up OSSL_PARAM_BLD structure B into an allocated OSSL_PARAM array. -The pointer referenced by the B argument is set to point to an -allocated block of secure memory if required and to NULL it not. -The OSSL_PARAM array and all associated storage can be freed by calling -OPENSSL_free() with the functions return value and OPENSSL_secure_free() -with the pointer referenced by B. +The OSSL_PARAM array and all associated storage must be freed by calling +ossl_param_bld_free() with the functions return value. + +ossl_param_bld_free() deallocates the memory allocated by +ossl_param_bld_to_param(). ossl_param_bld_to_param_ex() behaves like ossl_param_bld_to_param(), except that no additional memory is allocated. @@ -76,8 +77,8 @@ B is stored by value and an expression or auto variable can be used. ossl_param_bld_push_BN() is a function that will create an OSSL_PARAM object that holds the specified BIGNUM B. -If B is marked as being securely allocated, the secure flag is -set in the OSSL_PARAM_BLD structure. +If B is marked as being securely allocated, it's OSSL_PARAM representation +will also be securely allocated. The B argument is stored by reference and the underlying BIGNUM object must exist until after ossl_param_bld_to_param() has been called. @@ -137,7 +138,6 @@ private key. OSSL_PARAM_BLD bld; OSSL_PARAM *params; - void *secure; ossl_param_bld_init(&bld, &secure); if (!ossl_param_bld_push_BN(&bld, "p", p) @@ -149,8 +149,7 @@ private key. goto err; /* Use params */ ... - OPENSSL_free(params); - OPENSSL_secure_free(secure); + ossl_param_bld_free(params); =head2 Example 2 @@ -159,7 +158,6 @@ public key. OSSL_PARAM_BLD bld; OSSL_PARAM *params; - void *secure; ossl_param_bld_init(&bld, &secure); if (!ossl_param_bld_push_BN(&bld, "n", n) @@ -168,8 +166,7 @@ public key. goto err; /* Use params */ ... - OPENSSL_free(params); - OPENSSL_secure_free(secure); + ossl_param_bld_free(params); =head1 SEE ALSO diff --git a/include/internal/param_build.h b/include/internal/param_build.h index 762d7b1..e1235ee 100644 --- a/include/internal/param_build.h +++ b/include/internal/param_build.h @@ -40,7 +40,8 @@ typedef struct { } OSSL_PARAM_BLD; void ossl_param_bld_init(OSSL_PARAM_BLD *bld); -OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld, void **secure); +OSSL_PARAM *ossl_param_bld_to_param(OSSL_PARAM_BLD *bld); +void ossl_param_bld_free(OSSL_PARAM *params); OSSL_PARAM *ossl_param_bld_to_param_ex(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, size_t param_n, void *data, size_t data_n, diff --git a/test/param_build_test.c b/test/param_build_test.c index 278553d..55f6f0e 100644 --- a/test/param_build_test.c +++ b/test/param_build_test.c @@ -18,7 +18,7 @@ static int template_public_test(void) { OSSL_PARAM_BLD bld; OSSL_PARAM *params = NULL, *p; - void *secure = (void *)"abc"; + BIGNUM *bn = NULL, *bn_res = NULL; int i; long int l; int32_t i32; @@ -34,12 +34,14 @@ static int template_public_test(void) || !TEST_true(ossl_param_bld_push_int32(&bld, "i32", 1532)) || !TEST_true(ossl_param_bld_push_int64(&bld, "i64", -9999999)) || !TEST_true(ossl_param_bld_push_double(&bld, "d", 1.61803398875)) + || !TEST_ptr(bn = BN_new()) + || !TEST_true(BN_set_word(bn, 1729)) + || !TEST_true(ossl_param_bld_push_BN(&bld, "bignumber", bn)) || !TEST_true(ossl_param_bld_push_utf8_string(&bld, "utf8_s", "foo", sizeof("foo"))) || !TEST_true(ossl_param_bld_push_utf8_ptr(&bld, "utf8_p", "bar-boom", 0)) - || !TEST_ptr(params = ossl_param_bld_to_param(&bld, &secure)) - || !TEST_ptr_null(secure) + || !TEST_ptr(params = ossl_param_bld_to_param(&bld)) /* Check int */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "i")) || !TEST_true(OSSL_PARAM_get_int(p, &i)) @@ -83,13 +85,20 @@ static int template_public_test(void) /* Check UTF8 pointer */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "utf8_p")) || !TEST_true(OSSL_PARAM_get_utf8_ptr(p, &cutf)) - || !TEST_str_eq(cutf, "bar-boom")) + || !TEST_str_eq(cutf, "bar-boom") + /* Check BN */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "bignumber")) + || !TEST_str_eq(p->key, "bignumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &bn_res)) + || !TEST_int_eq(BN_cmp(bn_res, bn), 0)) goto err; res = 1; err: - OPENSSL_free(params); - OPENSSL_secure_free(secure); + ossl_param_bld_free(params); OPENSSL_free(utf); + BN_free(bn); + BN_free(bn_res); return res; } @@ -99,7 +108,6 @@ static int template_private_test(void) static unsigned char data2[] = { 2, 4, 6, 8, 10 }; OSSL_PARAM_BLD bld; OSSL_PARAM *params = NULL, *p; - void *secure = (void *)"abc"; unsigned int i; unsigned long int l; uint32_t i32; @@ -114,14 +122,14 @@ static int template_private_test(void) || !TEST_true(ossl_param_bld_push_uint32(&bld, "i32", 1532)) || !TEST_true(ossl_param_bld_push_uint64(&bld, "i64", 9999999)) || !TEST_true(ossl_param_bld_push_size_t(&bld, "st", 65537)) - || !TEST_ptr(bn = BN_new()) + || !TEST_ptr(bn = BN_secure_new()) || !TEST_true(BN_set_word(bn, 1729)) || !TEST_true(ossl_param_bld_push_BN(&bld, "bignumber", bn)) || !TEST_true(ossl_param_bld_push_octet_string(&bld, "oct_s", data1, sizeof(data1))) || !TEST_true(ossl_param_bld_push_octet_ptr(&bld, "oct_p", data2, sizeof(data2))) - || !TEST_ptr(params = ossl_param_bld_to_param(&bld, &secure)) + || !TEST_ptr(params = ossl_param_bld_to_param(&bld)) /* Check unsigned int */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "i")) || !TEST_true(OSSL_PARAM_get_uint(p, &i)) @@ -176,8 +184,7 @@ static int template_private_test(void) goto err; res = 1; err: - OPENSSL_secure_free(secure); - OPENSSL_free(params); + ossl_param_bld_free(params); BN_free(bn); BN_free(bn_res); return res; From builds at travis-ci.org Mon Jul 22 03:26:18 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 03:26:18 +0000 Subject: Still Failing: openssl/openssl#26715 (master - 7312ef3) In-Reply-To: Message-ID: <5d352cda992b5_43ff44a8133a417593d@45a47fb1-592d-4861-ad91-7bf7bc0da12b.mail> Build Update for openssl/openssl ------------------------------------- Build: #26715 Status: Still Failing Duration: 18 mins and 10 secs Commit: 7312ef3 (master) Author: Pauli Message: Add param builder free function. This means include deallocation information in the return from the ossl_param_bld_to_param function. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9404) View the changeset: https://github.com/openssl/openssl/compare/38f6f99cdf0a...7312ef3fc4a7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561897400?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Jul 22 04:25:50 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 22 Jul 2019 04:25:50 +0000 Subject: [openssl] master update Message-ID: <1563769550.785077.26984.nullmailer@dev.openssl.org> The branch master has been updated via fa9faf010460f5fe0722a65f9d496221c2f41f7b (commit) via 4cae07fef3b24bee1646f6085c52175ef3755d5b (commit) via d0ea49a820e02713bbe8892a333f2552da633b16 (commit) via 70a1f7b4d7a0611508f45ef884472b9d84cbe108 (commit) via a94a3e0d91378b5c478f687a0dbc51914d4ed497 (commit) from 7312ef3fc4a7d391272f3ba8075eabf81a229ad2 (commit) - Log ----------------------------------------------------------------- commit fa9faf010460f5fe0722a65f9d496221c2f41f7b Author: Richard Levitte Date: Thu Jul 11 12:52:16 2019 +0200 Add an internal API to access the KEYMGMT provider functions Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9312) commit 4cae07fef3b24bee1646f6085c52175ef3755d5b Author: Richard Levitte Date: Wed Jul 10 14:30:55 2019 +0200 Add evp_keymgmt_clear_pkey_cache() and use it This function clears the cache of provider key references, and is used in evp_keymgmt_export_to_provider() when the internal key is dirty, as well as by EVP_PKEY_free_it(). Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9312) commit d0ea49a820e02713bbe8892a333f2552da633b16 Author: Richard Levitte Date: Tue Jul 9 17:31:24 2019 +0200 Adapt int_ctx_new() to use with providers This affects all its callers: EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(). They are now possible to called with "zero" values, i.e.: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(NULL, NULL); or EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(0, NULL); This is suitable for provider use, as the key functionality is tied with its keys, and the operation time is determined by the init functions the EVP_PKEY_CTX is used with. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9312) commit 70a1f7b4d7a0611508f45ef884472b9d84cbe108 Author: Richard Levitte Date: Sat Jul 6 21:57:15 2019 +0200 Add evp_keymgmt_export_to_provider(), for key transfer between providers This function is used to transport private key materia from whatever is already attached to the EVP_PKEY to the new provider, using key data export and import functionality. If a legacy lower level key has been assigned to the EVP_PKEY, we use its data to create a provider side key, and thereby have a bridge between old style public key types and the EVP_PKEY on providers. If successful, this function returns a reference to the appropriate provider side data for the key. This can be used by any operation that wants to use this key. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9312) commit a94a3e0d91378b5c478f687a0dbc51914d4ed497 Author: Richard Levitte Date: Fri Jul 5 00:31:42 2019 +0200 Add basic EVP_KEYMGMT API and libcrypto <-> provider interface The idea with the key management "operation" is to support the following set of functionality: - Key domain parameter generation - Key domain parameter import - Key domain parameter export - Key generation - Key import - Key export - Key loading (HSM / hidden key support) With that set of function, we can support handling domain parameters on one provider, key handling on another, and key usage on a third, with transparent export / import of applicable data. Of course, if a provider doesn't offer export / import functionality, then all operations surrounding a key must be performed with the same provider. This method also avoids having to do anything special with legacy assignment of libcrypto key structures, i.e. EVP_PKEY_assign_RSA(). They will simply be used as keys to be exported from whenever they are used with provider based operations. This change only adds the EVP_KEYMGMT API and the libcrypto <-> provider interface. Further changes will integrate them into existing libcrypto functionality. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9312) ----------------------------------------------------------------------- Summary of changes: crypto/evp/build.info | 3 +- crypto/evp/evp_locl.h | 27 +- crypto/evp/keymgmt_lib.c | 288 +++++++++++++++++++++ crypto/evp/keymgmt_meth.c | 189 ++++++++++++++ crypto/evp/p_lib.c | 3 + crypto/evp/pmeth_lib.c | 16 +- crypto/include/internal/asn1_int.h | 8 + crypto/include/internal/evp_int.h | 57 +++- .../man3/evp_keymgmt_export_to_provider.pod | 56 ++++ doc/internal/man3/evp_keymgmt_freekey.pod | 109 ++++++++ doc/man3/EVP_KEYMGMT.pod | 84 ++++++ doc/man3/EVP_PKEY_ASN1_METHOD.pod | 10 + include/openssl/core_numbers.h | 73 +++++- include/openssl/evp.h | 6 + include/openssl/ossl_typ.h | 2 + util/libcrypto.num | 4 + util/private.num | 1 + 17 files changed, 928 insertions(+), 8 deletions(-) create mode 100644 crypto/evp/keymgmt_lib.c create mode 100644 crypto/evp/keymgmt_meth.c create mode 100644 doc/internal/man3/evp_keymgmt_export_to_provider.pod create mode 100644 doc/internal/man3/evp_keymgmt_freekey.pod create mode 100644 doc/man3/EVP_KEYMGMT.pod diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 5030f3f..c650c28 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -1,5 +1,6 @@ LIBS=../../libcrypto -$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c +$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \ + keymgmt_meth.c keymgmt_lib.c SOURCE[../../libcrypto]=$COMMON\ encode.c evp_key.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 8aeb5d4..740c159 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -62,6 +62,32 @@ struct evp_kdf_ctx_st { EVP_KDF_IMPL *impl; /* Algorithm-specific data */ } /* EVP_KDF_CTX */ ; +struct evp_keymgmt_st { + int id; /* libcrypto internal */ + + const char *name; + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + + /* Domain parameter routines */ + OSSL_OP_keymgmt_importdomparams_fn *importdomparams; + OSSL_OP_keymgmt_gendomparams_fn *gendomparams; + OSSL_OP_keymgmt_freedomparams_fn *freedomparams; + OSSL_OP_keymgmt_exportdomparams_fn *exportdomparams; + OSSL_OP_keymgmt_importdomparam_types_fn *importdomparam_types; + OSSL_OP_keymgmt_exportdomparam_types_fn *exportdomparam_types; + + /* Key routines */ + OSSL_OP_keymgmt_importkey_fn *importkey; + OSSL_OP_keymgmt_genkey_fn *genkey; + OSSL_OP_keymgmt_loadkey_fn *loadkey; + OSSL_OP_keymgmt_freekey_fn *freekey; + OSSL_OP_keymgmt_exportkey_fn *exportkey; + OSSL_OP_keymgmt_importkey_types_fn *importkey_types; + OSSL_OP_keymgmt_exportkey_types_fn *exportkey_types; +} /* EVP_KEYMGMT */ ; + struct evp_keyexch_st { OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; @@ -76,7 +102,6 @@ struct evp_keyexch_st { OSSL_OP_keyexch_set_params_fn *set_params; } /* EVP_KEYEXCH */; - int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c new file mode 100644 index 0000000..8ee28fb --- /dev/null +++ b/crypto/evp/keymgmt_lib.c @@ -0,0 +1,288 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#include "internal/nelem.h" +#include "internal/evp_int.h" +#include "internal/asn1_int.h" +#include "internal/provider.h" +#include "evp_locl.h" + +static OSSL_PARAM *paramdefs_to_params(const OSSL_PARAM *paramdefs) +{ + size_t cnt; + const OSSL_PARAM *p; + OSSL_PARAM *params, *q; + + for (cnt = 1, p = paramdefs; p->key != NULL; p++, cnt++) + continue; + + params = OPENSSL_zalloc(cnt * sizeof(*params)); + + for (p = paramdefs, q = params; ; p++, q++) { + *q = *p; + if (p->key == NULL) + break; + + q->data = NULL; /* In case the provider used it */ + q->return_size = 0; + } + + return params; +} + +typedef union align_block_un { + OSSL_UNION_ALIGN; +} ALIGN_BLOCK; + +#define ALIGN_SIZE sizeof(ALIGN_BLOCK) + +static void *allocate_params_space(OSSL_PARAM *params) +{ + unsigned char *data = NULL; + size_t space; + OSSL_PARAM *p; + + for (space = 0, p = params; p->key != NULL; p++) + space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE; + + data = OPENSSL_zalloc(space); + + for (space = 0, p = params; p->key != NULL; p++) { + p->data = data + space; + space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE; + } + + return data; +} + +void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) +{ + void *provkey = NULL; + size_t i, j; + + /* + * If there is an underlying legacy key and it has changed, invalidate + * the cache of provider keys. + */ + if (pk->pkey.ptr != NULL) { + /* + * If there is no dirty counter, this key can't be used with + * providers. + */ + if (pk->ameth->dirty_cnt == NULL) + return NULL; + + if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy) + evp_keymgmt_clear_pkey_cache(pk); + } + + /* + * See if we have exported to this provider already. + * If we have, return immediately. + */ + for (i = 0; + i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL; + i++) { + if (keymgmt == pk->pkeys[i].keymgmt) + return pk->pkeys[i].provkey; + } + + if (pk->pkey.ptr != NULL) { + /* There is a legacy key, try to export that one to the provider */ + + /* If the legacy key doesn't have an export function, give up */ + if (pk->ameth->export_to == NULL) + return NULL; + + /* Otherwise, simply use it */ + provkey = pk->ameth->export_to(pk, keymgmt); + + /* Synchronize the dirty count, but only if we exported successfully */ + if (provkey != NULL) + pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk); + + } else { + /* + * Here, there is no legacy key, so we look at the already cached + * provider keys, and import from the first that supports it + * (i.e. use its export function), and export the imported data to + * the new provider. + */ + + /* + * If the given keymgmt doesn't have an import function, give up + */ + if (keymgmt->importkey == NULL) + return NULL; + + for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) { + if (pk->pkeys[j].keymgmt->exportkey != NULL) { + const OSSL_PARAM *paramdefs = NULL; + OSSL_PARAM *params = NULL; + void *data = NULL; + void *provctx = + ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + paramdefs = pk->pkeys[j].keymgmt->exportkey_types(); + /* + * All params have 'data' set to NULL. In that case, + * the exportkey call should just fill in 'return_size' + * in all applicable params. + */ + params = paramdefs_to_params(paramdefs); + /* Get 'return_size' filled */ + pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params); + + /* + * Allocate space and assign 'data' to point into the + * data block + */ + data = allocate_params_space(params); + + /* + * Call the exportkey function a second time, to get + * the data filled + */ + pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params); + + /* + * We should have all the data at this point, so import + * into the new provider and hope to get a key back. + */ + provkey = keymgmt->importkey(provctx, params); + OPENSSL_free(params); + OPENSSL_free(data); + + if (provkey != NULL) + break; + } + } + } + + /* + * TODO(3.0) Right now, we assume we have ample space. We will + * have to think about a cache aging scheme, though, if |i| indexes + * outside the array. + */ + j = ossl_assert(i < OSSL_NELEM(pk->pkeys)); + + if (provkey != NULL) { + EVP_KEYMGMT_up_ref(keymgmt); + pk->pkeys[i].keymgmt = keymgmt; + pk->pkeys[i].provkey = provkey; + } + return provkey; +} + +void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk) +{ + size_t i; + + if (pk != NULL) { + for (i = 0; + i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL; + i++) { + EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt; + void *provkey = pk->pkeys[i].provkey; + + pk->pkeys[i].keymgmt = NULL; + pk->pkeys[i].provkey = NULL; + keymgmt->freekey(provkey); + EVP_KEYMGMT_free(keymgmt); + } + } +} + + +/* internal functions */ +/* TODO(3.0) decide if these should be public or internal */ +void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->importdomparams(provctx, params); +} + +void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->gendomparams(provctx, params); +} + +void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams) +{ + keymgmt->freedomparams(provdomparams); +} + +int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams, OSSL_PARAM params[]) +{ + return keymgmt->exportdomparams(provdomparams, params); +} + +const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->importdomparam_types(); +} + +const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->exportdomparam_types(); +} + + +void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->importkey(provctx, params); +} + +void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->genkey(provctx, domparams, params); +} + +void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt, + void *id, size_t idlen) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->loadkey(provctx, id, idlen); +} + +void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + keymgmt->freekey(provkey); +} + +int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey, + OSSL_PARAM params[]) +{ + return keymgmt->exportkey(provkey, params); +} + +const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->importkey_types(); +} + +const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->exportkey_types(); +} diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c new file mode 100644 index 0000000..9723820 --- /dev/null +++ b/crypto/evp/keymgmt_meth.c @@ -0,0 +1,189 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/provider.h" +#include "internal/refcount.h" +#include "internal/evp_int.h" +#include "evp_locl.h" + + +static void *keymgmt_new(void) +{ + EVP_KEYMGMT *keymgmt = NULL; + + if ((keymgmt = OPENSSL_zalloc(sizeof(*keymgmt))) == NULL + || (keymgmt->lock = CRYPTO_THREAD_lock_new()) == NULL) { + EVP_KEYMGMT_free(keymgmt); + return NULL; + } + + keymgmt->refcnt = 1; + + return keymgmt; +} + +static void *keymgmt_from_dispatch(const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov) +{ + EVP_KEYMGMT *keymgmt = NULL; + + if ((keymgmt = keymgmt_new()) == NULL) + return NULL; + + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS: + if (keymgmt->importdomparams != NULL) + break; + keymgmt->importdomparams = + OSSL_get_OP_keymgmt_importdomparams(fns); + break; + case OSSL_FUNC_KEYMGMT_GENDOMPARAMS: + if (keymgmt->gendomparams != NULL) + break; + keymgmt->gendomparams = OSSL_get_OP_keymgmt_gendomparams(fns); + break; + case OSSL_FUNC_KEYMGMT_FREEDOMPARAMS: + if (keymgmt->freedomparams != NULL) + break; + keymgmt->freedomparams = OSSL_get_OP_keymgmt_freedomparams(fns); + break; + case OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS: + if (keymgmt->exportdomparams != NULL) + break; + keymgmt->exportdomparams = + OSSL_get_OP_keymgmt_exportdomparams(fns); + break; + case OSSL_FUNC_KEYMGMT_IMPORTDOMPARAM_TYPES: + if (keymgmt->importdomparam_types != NULL) + break; + keymgmt->importdomparam_types = + OSSL_get_OP_keymgmt_importdomparam_types(fns); + break; + case OSSL_FUNC_KEYMGMT_EXPORTDOMPARAM_TYPES: + if (keymgmt->exportdomparam_types != NULL) + break; + keymgmt->exportdomparam_types = + OSSL_get_OP_keymgmt_exportdomparam_types(fns); + break; + case OSSL_FUNC_KEYMGMT_IMPORTKEY: + if (keymgmt->importkey != NULL) + break; + keymgmt->importkey = OSSL_get_OP_keymgmt_importkey(fns); + break; + case OSSL_FUNC_KEYMGMT_GENKEY: + if (keymgmt->genkey != NULL) + break; + keymgmt->genkey = OSSL_get_OP_keymgmt_genkey(fns); + break; + case OSSL_FUNC_KEYMGMT_LOADKEY: + if (keymgmt->loadkey != NULL) + break; + keymgmt->loadkey = OSSL_get_OP_keymgmt_loadkey(fns); + break; + case OSSL_FUNC_KEYMGMT_FREEKEY: + if (keymgmt->freekey != NULL) + break; + keymgmt->freekey = OSSL_get_OP_keymgmt_freekey(fns); + break; + case OSSL_FUNC_KEYMGMT_EXPORTKEY: + if (keymgmt->exportkey != NULL) + break; + keymgmt->exportkey = OSSL_get_OP_keymgmt_exportkey(fns); + break; + case OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES: + if (keymgmt->importkey_types != NULL) + break; + keymgmt->importkey_types = + OSSL_get_OP_keymgmt_importkey_types(fns); + break; + case OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES: + if (keymgmt->exportkey_types != NULL) + break; + keymgmt->exportkey_types = + OSSL_get_OP_keymgmt_exportkey_types(fns); + break; + } + } + /* + * Try to check that the method is sensible. + * It makes no sense being able to free stuff if you can't create it. + * It makes no sense providing OSSL_PARAM descriptors for import and + * export if you can't import or export. + */ + if ((keymgmt->freedomparams != NULL + && (keymgmt->importdomparams == NULL + && keymgmt->gendomparams == NULL)) + || (keymgmt->freekey != NULL + && (keymgmt->importkey == NULL + && keymgmt->genkey == NULL + && keymgmt->loadkey == NULL)) + || (keymgmt->importdomparam_types != NULL + && keymgmt->importdomparams == NULL) + || (keymgmt->exportdomparam_types != NULL + && keymgmt->exportdomparams == NULL) + || (keymgmt->importkey_types != NULL + && keymgmt->importkey == NULL) + || (keymgmt->exportkey_types != NULL + && keymgmt->exportkey == NULL)) { + EVP_KEYMGMT_free(keymgmt); + EVPerr(0, EVP_R_INVALID_PROVIDER_FUNCTIONS); + return NULL; + } + keymgmt->prov = prov; + if (prov != NULL) + ossl_provider_up_ref(prov); + + return keymgmt; +} + +EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties) +{ + EVP_KEYMGMT *keymgmt = + evp_generic_fetch(ctx, OSSL_OP_KEYMGMT, algorithm, properties, + keymgmt_from_dispatch, + (int (*)(void *))EVP_KEYMGMT_up_ref, + (void (*)(void *))EVP_KEYMGMT_free); + + return keymgmt; +} + +int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt) +{ + int ref = 0; + + CRYPTO_UP_REF(&keymgmt->refcnt, &ref, keymgmt->lock); + return 1; +} + +void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt) +{ + int ref = 0; + + if (keymgmt == NULL) + return; + + CRYPTO_DOWN_REF(&keymgmt->refcnt, &ref, keymgmt->lock); + if (ref > 0) + return; + ossl_provider_free(keymgmt->prov); + CRYPTO_THREAD_lock_free(keymgmt->lock); + OPENSSL_free(keymgmt); +} + +const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->prov; +} + diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index c6ebfe6..653693e 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -613,6 +613,9 @@ void EVP_PKEY_free(EVP_PKEY *x) static void EVP_PKEY_free_it(EVP_PKEY *x) { /* internal function; x is never NULL */ + + evp_keymgmt_clear_pkey_cache(x); + if (x->ameth && x->ameth->pkey_free) { x->ameth->pkey_free(x); x->pkey.ptr = NULL; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 169b056..cc26f06 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1,3 +1,4 @@ + /* * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * @@ -106,8 +107,17 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { EVP_PKEY_CTX *ret; - const EVP_PKEY_METHOD *pmeth; + const EVP_PKEY_METHOD *pmeth = NULL; + + /* + * When using providers, the context is bound to the algo implementation + * later. + */ + if (pkey == NULL && e == NULL && id == -1) + goto common; + /* TODO(3.0) Legacy code should be removed when all is provider based */ + /* BEGIN legacy */ if (id == -1) { if (pkey == NULL) return 0; @@ -143,7 +153,9 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); return NULL; } + /* END legacy */ + common: ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { #ifndef OPENSSL_NO_ENGINE @@ -159,7 +171,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) if (pkey != NULL) EVP_PKEY_up_ref(pkey); - if (pmeth->init) { + if (pmeth != NULL && pmeth->init) { if (pmeth->init(ret) <= 0) { ret->pmeth = NULL; EVP_PKEY_CTX_free(ret); diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index 1f62063..674fa70 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -63,6 +63,14 @@ struct evp_pkey_asn1_method_st { int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); + + /* + * TODO: Make sure these functions are defined for key types that are + * implemented in providers. + */ + /* Exports to providers */ + size_t (*dirty_cnt) (const EVP_PKEY *pk); + void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); } /* EVP_PKEY_ASN1_METHOD */ ; DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 71833fa..50ed933 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -504,9 +504,9 @@ typedef struct { * method, as in, can it do arbitrary encryption.... */ struct evp_pkey_st { + /* == Legacy attributes == */ int type; int save_type; - CRYPTO_REF_COUNT references; const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *engine; ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ @@ -526,9 +526,30 @@ struct evp_pkey_st { ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ # endif } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + + /* == Common attributes == */ + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + int save_parameters; + + /* == Provider attributes == */ + /* + * To support transparent export/import between providers that + * support the methods for it, and still not having to do the + * export/import every time a key is used, we maintain a cache + * of imported key, indexed by provider address. + * pkeys[0] is *always* the "original" key. + */ + struct { + EVP_KEYMGMT *keymgmt; + void *provkey; + } pkeys[10]; + /* + * If there is a legacy key assigned to this structure, we keep + * a copy of that key's dirty count. + */ + size_t dirty_cnt_copy; } /* EVP_PKEY */ ; @@ -539,6 +560,36 @@ void openssl_add_all_kdfs_int(void); void evp_cleanup_int(void); void evp_app_cleanup_int(void); +/* KEYMGMT helper functions */ +void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); +void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk); + +/* KEYMGMT provider interface functions */ +void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]); +void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]); +void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams); +int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams, OSSL_PARAM params[]); +const OSSL_PARAM * +evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt); +const OSSL_PARAM * +evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt); + +void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]); +void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams, + const OSSL_PARAM params[]); +void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt, + void *id, size_t idlen); +void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey); +int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, + void *provkey, OSSL_PARAM params[]); +const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt); +const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt); + /* Pulling defines out of C source files */ #define EVP_RC4_KEY_SIZE 16 diff --git a/doc/internal/man3/evp_keymgmt_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_export_to_provider.pod new file mode 100644 index 0000000..72b766f --- /dev/null +++ b/doc/internal/man3/evp_keymgmt_export_to_provider.pod @@ -0,0 +1,56 @@ +=pod + +=head1 NAME + +evp_keymgmt_export_to_provider, +evp_keymgmt_clear_pkey_cache +- key material provider export for EVP + +=head1 SYNOPSIS + + #include "internal/evp_int.h" + + void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); + void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk); + +=head1 DESCRIPTION + +evp_keymgmt_export_to_provider() exports the key material from the +given key I to a provider via a B interface, if this +hasn't already been done. +It maintains a cache of provider key references in I to keep track +of all such exports. + +If I has an assigned legacy key, a check is done to see if any of +its key material has changed since last export, i.e. the legacy key's +is_dirty() method returns 1. +If it has, the cache of already exported keys is cleared, and a new +export is made with the new key material. + +evp_keymgmt_clear_pkey_cache() can be used to explicitly clear the +cache of provider key references. + +=head1 RETURN VALUES + +evp_keymgmt_export_to_provider() returns a pointer to the appropriate +provider side key (created or found again), or NULL on error. + +=head1 NOTES + +"Legacy key" is the term used for any key that has been assigned to an +B with EVP_PKEY_assign_RSA() and similar functions. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/internal/man3/evp_keymgmt_freekey.pod b/doc/internal/man3/evp_keymgmt_freekey.pod new file mode 100644 index 0000000..597c34b --- /dev/null +++ b/doc/internal/man3/evp_keymgmt_freekey.pod @@ -0,0 +1,109 @@ +=pod + +=head1 NAME + +evp_keymgmt_importdomparams, evp_keymgmt_gendomparams, +evp_keymgmt_freedomparams, +evp_keymgmt_exportdomparams, +evp_keymgmt_importdomparams_types, evp_keymgmt_exportdomparams_types, +evp_keymgmt_importkey, evp_keymgmt_genkey, evp_keymgmt_loadkey, +evp_keymgmt_freekey, +evp_keymgmt_exportkey, +evp_keymgmt_importkey_types, evp_keymgmt_exportkey_types +- internal KEYMGMT support functions + +=head1 SYNOPSIS + + #include "internal/evp_int.h" + + void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]); + void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]); + void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt, void *provdomparams); + int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams, OSSL_PARAM params[]); + const OSSL_PARAM *evp_keymgmt_importdomparams_types(const EVP_KEYMGMT *keymgmt); + const OSSL_PARAM *evp_keymgmt_exportdomparams_types(const EVP_KEYMGMT *keymgmt); + + void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]); + void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams, + const OSSL_PARAM params[]); + void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt, + void *id, size_t idlen); + void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey); + int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey, + OSSL_PARAM params[]); + const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt); + const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt); + +=head1 DESCRIPTION + +All these functions are helpers to call the provider's corresponding +function. + +evp_keymgmt_importdomparams() calls the method's importdomparams() function. + +evp_keymgmt_gendomparams() calls the method's gendomparams() function. + +evp_keymgmt_freedomparams() calls the method's freedomparams() function. + +evp_keymgmt_exportdomparams() calls the method's exportdomparams() +function. + +evp_keymgmt_importdomparams_types() calls the method's +importdomparams_types() function. + +evp_keymgmt_exportdomparams_types() calls the method's +exportdomparams_types() function. + +evp_keymgmt_importkey() calls the method's importkey() +function. + +evp_keymgmt_genkey() calls the method's genkey() function. + +evp_keymgmt_loadkey() calls the method's loadkey() function. + +evp_keymgmt_freekey() calls the method's freekey() function. + +evp_keymgmt_exportkey() calls the method's exportkey() +function. + +evp_keymgmt_importkey_types() calls the method's importkey_types() function. + +evp_keymgmt_exportkey_types() calls the method's exportkey_types() function. + +=head1 RETURN VALUES + +evp_keymgmt_importdomparams(), evp_keymgmt_gendomparams() return a pointer +to a provider owned set of domparams parameters, or NULL on error. + +evp_keymgmt_importkey(), evp_keymgmt_genkey(), evp_keymgmt_loadkey() return +a pointer to a provider owned key, or NULL on error. + +evp_keymgmt_exportdomparams() and evp_keymgmt_exportkey() return 1 on success, +or 0 on error. + +evp_keymgmt_importdomparams_types(), evp_keymgmt_exportdomparams_types() +return parameter descriptor for importing and exporting domparams +parameters, or NULL if there are no such descriptors. + +evp_keymgmt_importkey_types() and evp_keymgmt_exportkey_types() +return parameter descriptor for importing and exporting keys, or NULL +if there are no such descriptors. + +=head1 HISTORY + +The functions described here were all added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod new file mode 100644 index 0000000..ab209da --- /dev/null +++ b/doc/man3/EVP_KEYMGMT.pod @@ -0,0 +1,84 @@ +=pod + +=head1 NAME + +EVP_KEYMGMT, +EVP_KEYMGMT_fetch, +EVP_KEYMGMT_up_ref, +EVP_KEYMGMT_free, +EVP_KEYMGMT_provider +- EVP key management routines + +=head1 SYNOPSIS + + #include + + typedef struct evp_keymgmt_st EVP_KEYMGMT; + + EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); + int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); + void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); + const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); + +=head1 DESCRIPTION + +B is a method object that represents key management +implementations for different cryptographic algorithms. +This method object provides functionality to have providers import key +material from the outside, as well as export key material to the +outside. +Most of the functionality can only be used internally and has no +public interface, this object is simply passed into other functions +when needed. + +EVP_KEYMGMT_fetch() looks for an algorithm within the provider that +has been loaded into the B given by I, having the +name given by I and the properties given by I. + +EVP_KEYMGMT_up_ref() increments the reference count for the given +B I. + +EVP_KEYMGMT_free() decrements the reference count for the given +B I, and when the count reaches zero, frees it. + +EVP_KEYMGMT_provider() returns the provider that has this particular +implementation. + +=head1 NOTES + +EVP_KEYMGMT_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this. + +=head1 RETURN VALUES + +EVP_KEYMGMT_fetch() returns a pointer to the key management +implementation represented by an EVP_KEYMGMT object, or NULL on +error. + +EVP_KEYMGMT_up_ref() returns 1 on success, or 0 on error. + +EVP_KEYMGMT_free() doesn't return any value. + +EVP_KEYMGMT_provider() returns a pointer to a provider object, or NULL +on error. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 1d89c38..ed44749 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -361,6 +361,16 @@ public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. They are called by L, and L respectively. + size_t (*dirty) (const EVP_PKEY *pk); + void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); + +dirty_cnt() returns the internal key's dirty count. +This can be used to synchronise different copies of the same keys. + +The export_to() method exports the key material from the given key to +a provider, through the L interface, if that provider +supports importing key material. + =head2 Functions EVP_PKEY_asn1_new() creates and returns a new B diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index c589243..f45b8f1 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -229,9 +229,80 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx, const OSSL_PARAM params[])) +/*- + * Key management + * + * Key domain parameter references can be created in several manners: + * - by importing the domain parameter material via an OSSL_PARAM array. + * - by generating key domain parameters, given input via an OSSL_PARAM + * array. + * + * Key references can be created in several manners: + * - by importing the key material via an OSSL_PARAM array. + * - by generating a key, given optional domain parameters and + * additional keygen parameters. + * If domain parameters are given, they must have been generated using + * the domain parameter generator functions. + * If the domain parameters comes from a different provider, results + * are undefined. + * THE CALLER MUST ENSURE THAT CORRECT DOMAIN PARAMETERS ARE USED. + * - by loading an internal key, given a binary blob that forms an identity. + * THE CALLER MUST ENSURE THAT A CORRECT IDENTITY IS USED. + */ + +# define OSSL_OP_KEYMGMT 10 + +/* Key domain parameter creation and destruction */ +# define OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS 1 +# define OSSL_FUNC_KEYMGMT_GENDOMPARAMS 2 +# define OSSL_FUNC_KEYMGMT_FREEDOMPARAMS 3 +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_importdomparams, + (void *provctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_gendomparams, + (void *provctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void, OP_keymgmt_freedomparams, (void *domparams)) + +/* Key domain parameter export */ +# define OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS 4 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_exportdomparams, + (void *domparams, OSSL_PARAM params[])) + +/* Key domain parameter discovery */ +# define OSSL_FUNC_KEYMGMT_IMPORTDOMPARAM_TYPES 5 +# define OSSL_FUNC_KEYMGMT_EXPORTDOMPARAM_TYPES 6 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importdomparam_types, + (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportdomparam_types, + (void)) + +/* Key creation and destruction */ +# define OSSL_FUNC_KEYMGMT_IMPORTKEY 10 +# define OSSL_FUNC_KEYMGMT_GENKEY 11 +# define OSSL_FUNC_KEYMGMT_LOADKEY 12 +# define OSSL_FUNC_KEYMGMT_FREEKEY 13 +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_importkey, + (void *provctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_genkey, + (void *provctx, + void *domparams, const OSSL_PARAM genkeyparams[])) +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_loadkey, + (void *provctx, void *id, size_t idlen)) +OSSL_CORE_MAKE_FUNC(void, OP_keymgmt_freekey, (void *key)) + +/* Key export */ +# define OSSL_FUNC_KEYMGMT_EXPORTKEY 14 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_exportkey, + (void *key, OSSL_PARAM params[])) + +/* Key discovery */ +# define OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES 15 +# define OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES 16 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importkey_types, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportkey_types, (void)) + /* Key Exchange */ -# define OSSL_OP_KEYEXCH 3 +# define OSSL_OP_KEYEXCH 11 # define OSSL_FUNC_KEYEXCH_NEWCTX 1 # define OSSL_FUNC_KEYEXCH_INIT 2 diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 377b4b1..d014a2e 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1411,6 +1411,12 @@ int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); size_t EVP_PKEY_meth_get_count(void); const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); +const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); + EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 76a9bee..7eec053 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -101,6 +101,8 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +typedef struct evp_keymgmt_st EVP_KEYMGMT; + typedef struct evp_kdf_st EVP_KDF; typedef struct evp_kdf_ctx_st EVP_KDF_CTX; diff --git a/util/libcrypto.num b/util/libcrypto.num index 648aed9..1992504 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4685,3 +4685,7 @@ EVP_KEYEXCH_up_ref 4790 3_0_0 EXIST::FUNCTION: EVP_KEYEXCH_fetch 4791 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_dh_pad 4792 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_set_params 4793 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_fetch 4794 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_up_ref 4795 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_free 4796 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_provider 4797 3_0_0 EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index f63319d..3307e3e 100644 --- a/util/private.num +++ b/util/private.num @@ -24,6 +24,7 @@ CRYPTO_EX_new datatype DTLS_timer_cb datatype EVP_KDF datatype EVP_KDF_CTX datatype +EVP_KEYMGMT datatype EVP_MAC datatype EVP_MAC_CTX datatype EVP_PKEY_gen_cb datatype From builds at travis-ci.org Mon Jul 22 04:47:37 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 04:47:37 +0000 Subject: Still Failing: openssl/openssl#26718 (master - fa9faf0) In-Reply-To: Message-ID: <5d353fe840a14_43fc7d43798f4124831@49583aae-2635-4ffb-8105-2f3ce1b0de1e.mail> Build Update for openssl/openssl ------------------------------------- Build: #26718 Status: Still Failing Duration: 21 mins and 15 secs Commit: fa9faf0 (master) Author: Richard Levitte Message: Add an internal API to access the KEYMGMT provider functions Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9312) View the changeset: https://github.com/openssl/openssl/compare/7312ef3fc4a7...fa9faf010460 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561916218?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Mon Jul 22 05:40:21 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Mon, 22 Jul 2019 05:40:21 +0000 Subject: [openssl] master update Message-ID: <1563774021.045072.22787.nullmailer@dev.openssl.org> The branch master has been updated via a8f1aabd4b44db668bca638c111598b2e0688cc4 (commit) via 9b977675adfd46405e11ee53f18953d7e782d4de (commit) via 227d426554e8dcbb7e3f4f2b5e86112359ca104a (commit) from fa9faf010460f5fe0722a65f9d496221c2f41f7b (commit) - Log ----------------------------------------------------------------- commit a8f1aabd4b44db668bca638c111598b2e0688cc4 Author: Dr. Matthias St. Pierre Date: Fri Jul 12 12:42:39 2019 +0200 x509: publish X509_PUBKEY_dup Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9353) commit 9b977675adfd46405e11ee53f18953d7e782d4de Author: Dr. Matthias St. Pierre Date: Fri Jul 12 12:00:58 2019 +0200 x509: add missing X509 dup functions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9353) commit 227d426554e8dcbb7e3f4f2b5e86112359ca104a Author: Dr. Matthias St. Pierre Date: Fri Jul 12 11:59:42 2019 +0200 x509: sort X509 dup functions alphabetically Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9353) ----------------------------------------------------------------------- Summary of changes: crypto/crmf/crmf_lib.c | 3 --- crypto/x509/x_pubkey.c | 1 + doc/man3/X509_PUBKEY_new.pod | 6 ++++-- doc/man3/X509_dup.pod | 11 ++++++++--- include/openssl/x509.h | 7 ++++--- util/libcrypto.num | 1 + 6 files changed, 18 insertions(+), 11 deletions(-) diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index e777a34..e519c50 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -200,10 +200,7 @@ OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, /* * id-regCtrl-protocolEncrKey Control (section 6.6) * - * For some reason X509_PUBKEY_dup() is not implemented in OpenSSL X509 - * TODO: check whether that should go elsewhere */ -static IMPLEMENT_ASN1_DUP_FUNCTION(X509_PUBKEY) IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey, X509_PUBKEY, regCtrl) /*- diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index eb5ea27..d81f538 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -56,6 +56,7 @@ ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) +IMPLEMENT_ASN1_DUP_FUNCTION(X509_PUBKEY) /* TODO should better be called X509_PUBKEY_set1 */ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod index 2d65be6..551031b 100644 --- a/doc/man3/X509_PUBKEY_new.pod +++ b/doc/man3/X509_PUBKEY_new.pod @@ -2,8 +2,9 @@ =head1 NAME -X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, -X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, +X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, +X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, +d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions @@ -13,6 +14,7 @@ X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions X509_PUBKEY *X509_PUBKEY_new(void); void X509_PUBKEY_free(X509_PUBKEY *a); + X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a); int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 526a6d6..19fb7a7 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -118,8 +118,8 @@ OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OSSL_CMP_ITAV_free, OSSL_CMP_MSG_dup, -OSSL_CMP_MSG_it, OSSL_CMP_MSG_free, +OSSL_CMP_MSG_it, OSSL_CMP_PKIHEADER_free, OSSL_CMP_PKIHEADER_it, OSSL_CMP_PKIHEADER_new, @@ -199,10 +199,10 @@ POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, -PROFESSION_INFO_free, -PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, +PROFESSION_INFO_free, +PROFESSION_INFO_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, @@ -246,10 +246,13 @@ X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, +X509_CERT_AUX_dup, X509_CERT_AUX_free, X509_CERT_AUX_new, +X509_CINF_dup, X509_CINF_free, X509_CINF_new, +X509_CRL_INFO_dup, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, @@ -264,6 +267,7 @@ X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, +X509_REQ_INFO_dup, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, @@ -272,6 +276,7 @@ X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, +X509_SIG_dup, X509_SIG_free, X509_SIG_new, X509_VAL_free, diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 6e4d1e7..d2466f2 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -466,12 +466,13 @@ int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); DECLARE_ASN1_DUP_FUNCTION(X509) +DECLARE_ASN1_DUP_FUNCTION(X509_ALGOR) DECLARE_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) -DECLARE_ASN1_DUP_FUNCTION(X509_EXTENSION) DECLARE_ASN1_DUP_FUNCTION(X509_CRL) -DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) +DECLARE_ASN1_DUP_FUNCTION(X509_EXTENSION) +DECLARE_ASN1_DUP_FUNCTION(X509_PUBKEY) DECLARE_ASN1_DUP_FUNCTION(X509_REQ) -DECLARE_ASN1_DUP_FUNCTION(X509_ALGOR) +DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, diff --git a/util/libcrypto.num b/util/libcrypto.num index 1992504..c062a99 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4689,3 +4689,4 @@ EVP_KEYMGMT_fetch 4794 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_up_ref 4795 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_free 4796 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_provider 4797 3_0_0 EXIST::FUNCTION: +X509_PUBKEY_dup 4798 3_0_0 EXIST::FUNCTION: From openssl at openssl.org Mon Jul 22 06:16:32 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jul 2019 06:16:32 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1563776192.356111.13930.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 38f6f99cdf Cygwin: enable the use of Dl_info and dladdr() 5800ba7610 test/enginetest.c: Make sure no config file is loaded 3cb45a5585 doc: fix some links f6800e37b7 util/find-doc-nits: fixups 76ca35e724 Fix no-dh a1c5cefaf4 Correct some OSSL_PARAM documentation Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:294: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:305: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:311: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:314: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:317: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:402: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:422: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:435: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:468: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:469: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_memdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strndup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OPENSSL_hexstr2buf': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:162: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:165: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:168: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:259: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7159: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From builds at travis-ci.org Mon Jul 22 06:05:18 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 06:05:18 +0000 Subject: Still Failing: openssl/openssl#26722 (master - a8f1aab) In-Reply-To: Message-ID: <5d35521e6279b_43fb8bc6319c45372c@0fa68f3b-cc2d-4dd9-8666-0c5e7dc17912.mail> Build Update for openssl/openssl ------------------------------------- Build: #26722 Status: Still Failing Duration: 24 mins and 26 secs Commit: a8f1aab (master) Author: Dr. Matthias St. Pierre Message: x509: publish X509_PUBKEY_dup Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9353) View the changeset: https://github.com/openssl/openssl/compare/fa9faf010460...a8f1aabd4b44 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/561932745?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 22 11:23:32 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Jul 2019 11:23:32 +0000 Subject: Build failed: openssl master.26158 Message-ID: <20190722112332.1.7DB7DEA0B7CE32CA@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Mon Jul 22 11:38:26 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 22 Jul 2019 11:38:26 +0000 Subject: [openssl] master update Message-ID: <1563795506.860410.12465.nullmailer@dev.openssl.org> The branch master has been updated via 1372560f64c9a7cfad1979fa8c41bee335a04373 (commit) from a8f1aabd4b44db668bca638c111598b2e0688cc4 (commit) - Log ----------------------------------------------------------------- commit 1372560f64c9a7cfad1979fa8c41bee335a04373 Author: Bernd Edlinger Date: Sat Jul 20 11:22:46 2019 +0200 Allocate DRBG additional data pool from non-secure memory The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9423) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/rand_int.h | 3 ++- crypto/rand/drbg_lib.c | 6 +++--- crypto/rand/rand_crng_test.c | 4 ++-- crypto/rand/rand_lcl.h | 1 + crypto/rand/rand_lib.c | 31 +++++++++++++++++++++++-------- 5 files changed, 31 insertions(+), 14 deletions(-) diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index d964a1d..c5d0c20 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -58,7 +58,8 @@ void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, /* * RAND_POOL functions */ -RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len); +RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len); RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, size_t entropy); void rand_pool_free(RAND_POOL *pool); diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index c1b9b3b..825e90d 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -265,7 +265,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, return 0; memset(&data, 0, sizeof(data)); - pool = rand_pool_new(0, min_len, max_len); + pool = rand_pool_new(0, 0, min_len, max_len); if (pool == NULL) return 0; @@ -295,7 +295,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - OPENSSL_secure_clear_free(out, outlen); + OPENSSL_clear_free(out, outlen); } /* @@ -909,7 +909,7 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) if (drbg->adin_pool == NULL) { if (drbg->type == 0) goto err; - drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen); + drbg->adin_pool = rand_pool_new(0, 0, 0, drbg->max_adinlen); if (drbg->adin_pool == NULL) goto err; } diff --git a/crypto/rand/rand_crng_test.c b/crypto/rand/rand_crng_test.c index 44e077e..a014f93 100644 --- a/crypto/rand/rand_crng_test.c +++ b/crypto/rand/rand_crng_test.c @@ -45,7 +45,7 @@ static void *rand_crng_ossl_ctx_new(OPENSSL_CTX *ctx) return NULL; if ((crngt_glob->crngt_pool - = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) { + = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) { OPENSSL_free(crngt_glob); return NULL; } @@ -110,7 +110,7 @@ size_t rand_crngt_get_entropy(RAND_DRBG *drbg, if (crngt_glob == NULL) return 0; - if ((pool = rand_pool_new(entropy, min_len, max_len)) == NULL) + if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL) return 0; while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) { diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 416237a..1a77c89 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -180,6 +180,7 @@ struct rand_pool_st { size_t len; /* current number of random bytes contained in the pool */ int attached; /* true pool was attached to existing buffer */ + int secure; /* 1: allocated on the secure heap, 0: otherwise */ size_t min_len; /* minimum number of random bytes requested */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */ diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 7768ade..9c99cc9 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -149,7 +149,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, pool = drbg->seed_pool; pool->entropy_requested = entropy; } else { - pool = rand_pool_new(entropy, min_len, max_len); + pool = rand_pool_new(entropy, drbg->secure, min_len, max_len); if (pool == NULL) return 0; } @@ -203,8 +203,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - if (drbg->seed_pool == NULL) - OPENSSL_secure_clear_free(out, outlen); + if (drbg->seed_pool == NULL) { + if (drbg->secure) + OPENSSL_secure_clear_free(out, outlen); + else + OPENSSL_clear_free(out, outlen); + } } /* @@ -331,7 +335,7 @@ int RAND_poll(void) RAND_POOL *pool = NULL; /* fill random pool and seed the current legacy RNG */ - pool = rand_pool_new(RAND_DRBG_STRENGTH, + pool = rand_pool_new(RAND_DRBG_STRENGTH, 1, (RAND_DRBG_STRENGTH + 7) / 8, RAND_POOL_MAX_LENGTH); if (pool == NULL) @@ -360,7 +364,8 @@ int RAND_poll(void) * Allocate memory and initialize a new random pool */ -RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) +RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); @@ -373,13 +378,18 @@ RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? RAND_POOL_MAX_LENGTH : max_len; - pool->buffer = OPENSSL_secure_zalloc(pool->max_len); + if (secure) + pool->buffer = OPENSSL_secure_zalloc(pool->max_len); + else + pool->buffer = OPENSSL_zalloc(pool->max_len); + if (pool->buffer == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); goto err; } pool->entropy_requested = entropy_requested; + pool->secure = secure; return pool; @@ -434,8 +444,13 @@ void rand_pool_free(RAND_POOL *pool) * to rand_pool_attach() as `const unsigned char*`. * (see corresponding comment in rand_pool_attach()). */ - if (!pool->attached) - OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + if (!pool->attached) { + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + else + OPENSSL_clear_free(pool->buffer, pool->max_len); + } + OPENSSL_free(pool); } From builds at travis-ci.org Mon Jul 22 11:57:25 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 11:57:25 +0000 Subject: Still Failing: openssl/openssl#26739 (master - 1372560) In-Reply-To: Message-ID: <5d35a4a4db3d9_43fb2520f81081504ba@14f96c1b-168e-4368-b8f4-27575b53aac9.mail> Build Update for openssl/openssl ------------------------------------- Build: #26739 Status: Still Failing Duration: 18 mins and 11 secs Commit: 1372560 (master) Author: Bernd Edlinger Message: Allocate DRBG additional data pool from non-secure memory The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9423) View the changeset: https://github.com/openssl/openssl/compare/a8f1aabd4b44...1372560f64c9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562054776?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 22 13:20:10 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jul 2019 13:20:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1563801610.152956.13802.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 38f6f99cdf Cygwin: enable the use of Dl_info and dladdr() 5800ba7610 test/enginetest.c: Make sure no config file is loaded 3cb45a5585 doc: fix some links f6800e37b7 util/find-doc-nits: fixups 76ca35e724 Fix no-dh a1c5cefaf4 Correct some OSSL_PARAM documentation Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 226 wallclock secs ( 1.59 usr 0.31 sys + 221.69 cusr 17.38 csys = 240.97 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 22 14:07:24 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jul 2019 14:07:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1563804444.096435.6990.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 38f6f99cdf Cygwin: enable the use of Dl_info and dladdr() 5800ba7610 test/enginetest.c: Make sure no config file is loaded 3cb45a5585 doc: fix some links f6800e37b7 util/find-doc-nits: fixups 76ca35e724 Fix no-dh a1c5cefaf4 Correct some OSSL_PARAM documentation Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 215 wallclock secs ( 1.66 usr 0.30 sys + 210.32 cusr 16.88 csys = 229.16 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From tmraz at fedoraproject.org Mon Jul 22 14:26:20 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Mon, 22 Jul 2019 14:26:20 +0000 Subject: [openssl] master update Message-ID: <1563805580.039194.30589.nullmailer@dev.openssl.org> The branch master has been updated via a80278b071426c7262c07d3b29100573b94df16d (commit) via 46160e6fb957a3f4141c13cba75d03c05b240968 (commit) via 56c3a135b239f4c8ccfdbbb1668880d4c39d5b87 (commit) from 1372560f64c9a7cfad1979fa8c41bee335a04373 (commit) - Log ----------------------------------------------------------------- commit a80278b071426c7262c07d3b29100573b94df16d Author: Rich Salz Date: Tue Jul 16 19:55:44 2019 -0400 Include deprecated SYS_F_xxx codes Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9072) commit 46160e6fb957a3f4141c13cba75d03c05b240968 Author: Rich Salz Date: Tue Jul 16 12:54:24 2019 -0400 Deprecate SYSerr, add new FUNCerr macro Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9072) commit 56c3a135b239f4c8ccfdbbb1668880d4c39d5b87 Author: Rich Salz Date: Tue Jun 11 15:42:42 2019 -0400 Add ERR_put_func_error, and use it. Change SYSerr to have the function name; remove SYS_F_xxx defines Add a test and documentation. Use get_last_socket_err, which removes some ifdef's in OpenSSL code. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9072) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +++ apps/apps.c | 4 +-- crypto/bio/b_addr.c | 16 +++++------ crypto/bio/b_sock.c | 15 +++++------ crypto/bio/b_sock2.c | 24 ++++++++--------- crypto/bio/bss_acpt.c | 2 +- crypto/bio/bss_conn.c | 6 ++--- crypto/bio/bss_file.c | 8 +++--- crypto/conf/conf_def.c | 2 +- crypto/err/err.c | 7 +++++ crypto/err/openssl.ec | 1 + crypto/store/loader_file.c | 2 +- doc/man3/ERR_put_error.pod | 9 ++++++- engines/e_devcrypto.c | 16 +++++------ include/openssl/err.h | 66 ++++++++++++++++++++++++++-------------------- ssl/ssl_cert.c | 2 +- ssl/ssl_lib.c | 2 +- test/errtest.c | 19 +++++++++++++ util/libcrypto.num | 1 + 19 files changed, 123 insertions(+), 83 deletions(-) diff --git a/CHANGES b/CHANGES index 6b9e7c4..e517ace 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Added a new FUNCerr() macro that takes a function name. + The macro SYSerr() is deprecated. + [Rich Salz] + *) {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been deprecated. [Rich Salz] diff --git a/apps/apps.c b/apps/apps.c index 8921c18..43af5ad 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1388,8 +1388,8 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) #ifndef OPENSSL_NO_POSIX_IO BIO_get_fp(in, &dbfp); if (fstat(fileno(dbfp), &dbst) == -1) { - SYSerr(SYS_F_FSTAT, errno); - ERR_add_error_data(3, "fstat('", dbfile, "')"); + FUNCerr("fstat", errno); + ERR_add_error_data(1, dbfile); ERR_print_errors(bio_err); goto err; } diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index d7fcf2f..e2354e3 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -207,7 +207,7 @@ static int addr_strings(const BIO_ADDR *ap, int numeric, flags)) != 0) { # ifdef EAI_SYSTEM if (ret == EAI_SYSTEM) { - SYSerr(SYS_F_GETNAMEINFO, get_last_socket_error()); + FUNCerr("getnameinfo", get_last_socket_error()); BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB); } else # endif @@ -700,7 +700,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { # ifdef EAI_SYSTEM case EAI_SYSTEM: - SYSerr(SYS_F_GETADDRINFO, get_last_socket_error()); + FUNCerr("getaddrinfo", get_last_socket_error()); BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB); break; # endif @@ -804,12 +804,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, */ # if defined(OPENSSL_SYS_VXWORKS) /* h_errno doesn't exist on VxWorks */ - SYSerr(SYS_F_GETHOSTBYNAME, 1000 ); + FUNCerr("gethostbyname", 1000 ); # else - SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno); + FUNCerr("gethostbyname", 1000 + h_errno); # endif #else - SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError()); + FUNCerr("gethostbyname", get_last_socket_error()); #endif ret = 0; goto err; @@ -855,11 +855,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, se = getservbyname(service, proto); if (se == NULL) { -#ifndef OPENSSL_SYS_WINDOWS - SYSerr(SYS_F_GETSERVBYNAME, errno); -#else - SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError()); -#endif + FUNCerr("getservbyname", get_last_socket_error()); goto err; } } else { diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 9877b3d..46a2ff7 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -120,8 +120,6 @@ int BIO_sock_init(void) static struct WSAData wsa_state; if (!wsa_init_done) { - int err; - wsa_init_done = 1; memset(&wsa_state, 0, sizeof(wsa_state)); /* @@ -131,8 +129,7 @@ int BIO_sock_init(void) * probed at run-time with DSO_global_lookup. */ if (WSAStartup(0x0202, &wsa_state) != 0) { - err = WSAGetLastError(); - SYSerr(SYS_F_WSASTARTUP, err); + FUNCerr("wsastartup", get_last_socket_error()); BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); return -1; } @@ -192,7 +189,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg) i = ioctlsocket(fd, type, ARG); # endif /* __DJGPP__ */ if (i < 0) - SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error()); + FUNCerr("ioctlsocket", get_last_socket_error()); return i; } @@ -243,7 +240,7 @@ int BIO_accept(int sock, char **ip_port) ret = -2; goto end; } - SYSerr(SYS_F_ACCEPT, get_last_socket_error()); + FUNCerr("accept", get_last_socket_error()); BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR); goto end; } @@ -308,7 +305,7 @@ int BIO_socket_nbio(int s, int mode) l = fcntl(s, F_GETFL, 0); if (l == -1) { - SYSerr(SYS_F_FCNTL, get_last_sys_error()); + FUNCerr("fcntl", get_last_sys_error()); ret = -1; } else { # if defined(O_NONBLOCK) @@ -326,7 +323,7 @@ int BIO_socket_nbio(int s, int mode) ret = fcntl(s, F_SETFL, l); if (ret < 0) { - SYSerr(SYS_F_FCNTL, get_last_sys_error()); + FUNCerr("fcntl", get_last_sys_error()); } } # else @@ -349,7 +346,7 @@ int BIO_sock_info(int sock, ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr), &addr_len); if (ret == -1) { - SYSerr(SYS_F_GETSOCKNAME, get_last_socket_error()); + FUNCerr("getsockname", get_last_socket_error()); BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_ERROR); return 0; } diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c index 7e04d78..ee26951 100644 --- a/crypto/bio/b_sock2.c +++ b/crypto/bio/b_sock2.c @@ -46,7 +46,7 @@ int BIO_socket(int domain, int socktype, int protocol, int options) sock = socket(domain, socktype, protocol); if (sock == -1) { - SYSerr(SYS_F_SOCKET, get_last_socket_error()); + FUNCerr("socket", get_last_socket_error()); BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET); return INVALID_SOCKET; } @@ -89,7 +89,7 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options) if (options & BIO_SOCK_KEEPALIVE) { if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (const void *)&on, sizeof(on)) != 0) { - SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); + FUNCerr("setsockopt", get_last_socket_error()); BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE); return 0; } @@ -98,7 +98,7 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options) if (options & BIO_SOCK_NODELAY) { if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const void *)&on, sizeof(on)) != 0) { - SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); + FUNCerr("setsockopt", get_last_socket_error()); BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY); return 0; } @@ -107,7 +107,7 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options) if (connect(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) == -1) { if (!BIO_sock_should_retry(-1)) { - SYSerr(SYS_F_CONNECT, get_last_socket_error()); + FUNCerr("connect", get_last_socket_error()); BIOerr(BIO_F_BIO_CONNECT, BIO_R_CONNECT_ERROR); } return 0; @@ -150,7 +150,7 @@ int BIO_bind(int sock, const BIO_ADDR *addr, int options) if (options & BIO_SOCK_REUSEADDR) { if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (const void *)&on, sizeof(on)) != 0) { - SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); + FUNCerr("setsockopt", get_last_socket_error()); BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_REUSEADDR); return 0; } @@ -158,7 +158,7 @@ int BIO_bind(int sock, const BIO_ADDR *addr, int options) # endif if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) { - SYSerr(SYS_F_BIND, get_last_socket_error()); + FUNCerr("bind", get_last_socket_error()); BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_BIND_SOCKET); return 0; } @@ -217,7 +217,7 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) if (getsockopt(sock, SOL_SOCKET, SO_TYPE, (void *)&socktype, &socktype_len) != 0 || socktype_len != sizeof(socktype)) { - SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error()); + FUNCerr("getsockopt", get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE); return 0; } @@ -228,7 +228,7 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) if (options & BIO_SOCK_KEEPALIVE) { if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (const void *)&on, sizeof(on)) != 0) { - SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); + FUNCerr("setsockopt", get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE); return 0; } @@ -237,7 +237,7 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) if (options & BIO_SOCK_NODELAY) { if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (const void *)&on, sizeof(on)) != 0) { - SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); + FUNCerr("setsockopt", get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY); return 0; } @@ -252,7 +252,7 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) on = options & BIO_SOCK_V6_ONLY ? 1 : 0; if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (const void *)&on, sizeof(on)) != 0) { - SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); + FUNCerr("setsockopt", get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY); return 0; } @@ -263,7 +263,7 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) return 0; if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) { - SYSerr(SYS_F_LISTEN, get_last_socket_error()); + FUNCerr("listen", get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_LISTEN_SOCKET); return 0; } @@ -290,7 +290,7 @@ int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options) BIO_ADDR_sockaddr_noconst(addr), &len); if (accepted_sock == -1) { if (!BIO_sock_should_retry(accepted_sock)) { - SYSerr(SYS_F_ACCEPT, get_last_socket_error()); + FUNCerr("accept", get_last_socket_error()); BIOerr(BIO_F_BIO_ACCEPT_EX, BIO_R_ACCEPT_ERROR); } return INVALID_SOCKET; diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 8955aa8..c47b750 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -226,7 +226,7 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c) BIO_ADDRINFO_socktype(c->addr_iter), BIO_ADDRINFO_protocol(c->addr_iter), 0); if (ret == (int)INVALID_SOCKET) { - SYSerr(SYS_F_SOCKET, get_last_socket_error()); + FUNCerr("socket", get_last_socket_error()); ERR_add_error_data(4, "hostname=", c->param_addr, " service=", c->param_serv); diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 818b2ee..330c64f 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -138,7 +138,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) BIO_ADDRINFO_socktype(c->addr_iter), BIO_ADDRINFO_protocol(c->addr_iter), 0); if (ret == (int)INVALID_SOCKET) { - SYSerr(SYS_F_SOCKET, get_last_socket_error()); + FUNCerr("socket", get_last_socket_error()); ERR_add_error_data(4, "hostname=", c->param_hostname, " service=", c->param_service); @@ -170,7 +170,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) ERR_clear_error(); break; } else { - SYSerr(SYS_F_CONNECT, get_last_socket_error()); + FUNCerr("connect", get_last_socket_error()); ERR_add_error_data(4, "hostname=", c->param_hostname, " service=", c->param_service); @@ -186,7 +186,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) i = BIO_sock_error(b->num); if (i) { BIO_clear_retry_flags(b); - SYSerr(SYS_F_CONNECT, i); + FUNCerr("connect", i); ERR_add_error_data(4, "hostname=", c->param_hostname, " service=", c->param_service); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 0e07632..5a0b248 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -69,7 +69,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) fp_flags |= BIO_FP_TEXT; if (file == NULL) { - SYSerr(SYS_F_FOPEN, get_last_sys_error()); + FUNCerr("fopen", get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); if (errno == ENOENT # ifdef ENXIO @@ -149,7 +149,7 @@ static int file_read(BIO *b, char *out, int outl) if (ret == 0 && (b->flags & BIO_FLAGS_UPLINK_INTERNAL ? UP_ferror((FILE *)b->ptr) : ferror((FILE *)b->ptr))) { - SYSerr(SYS_F_FREAD, get_last_sys_error()); + FUNCerr("fread", get_last_sys_error()); BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); ret = -1; } @@ -288,7 +288,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) # endif fp = openssl_fopen(ptr, p); if (fp == NULL) { - SYSerr(SYS_F_FOPEN, get_last_sys_error()); + FUNCerr("fopen", get_last_sys_error()); ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB); ret = 0; @@ -316,7 +316,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) st = b->flags & BIO_FLAGS_UPLINK_INTERNAL ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr); if (st == EOF) { - SYSerr(SYS_F_FFLUSH, get_last_sys_error()); + FUNCerr("fflush", get_last_sys_error()); ERR_add_error_data(1, "fflush()"); BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB); ret = 0; diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 277e4d6..d6cd315 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -673,7 +673,7 @@ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, BIO *next; if (stat(include, &st) < 0) { - SYSerr(SYS_F_STAT, errno); + FUNCerr("stat", errno); ERR_add_error_data(1, include); /* missing include file is not fatal error */ return NULL; diff --git a/crypto/err/err.c b/crypto/err/err.c index c161dc2..71b1049 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -372,6 +372,13 @@ void err_free_strings_int(void) /********************************************************/ +void ERR_put_func_error(int lib, const char *func, int reason, + const char *file, int line) +{ + ERR_put_error(lib, 0, reason, file, line); + ERR_add_error_data(2, "calling function ", func); +} + void ERR_put_error(int lib, int func, int reason, const char *file, int line) { ERR_STATE *es; diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 04e76df..925ed65 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -3,6 +3,7 @@ # The INPUT HEADER is scanned for declarations # LIBNAME INPUT HEADER ERROR-TABLE FILE L ERR NONE NONE +L FUNC NONE NONE L BN include/openssl/bn.h crypto/bn/bn_err.c L RSA include/openssl/rsa.h crypto/rsa/rsa_err.c L DH include/openssl/dh.h crypto/dh/dh_err.c diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 5a70499..ab59fab 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -824,7 +824,7 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, } if (stat(path_data[i].path, &st) < 0) { - SYSerr(SYS_F_STAT, errno); + FUNCerr("stat", errno); ERR_add_error_data(1, path_data[i].path); } else { path = path_data[i].path; diff --git a/doc/man3/ERR_put_error.pod b/doc/man3/ERR_put_error.pod index 31a0e76..c2913d5 100644 --- a/doc/man3/ERR_put_error.pod +++ b/doc/man3/ERR_put_error.pod @@ -2,13 +2,16 @@ =head1 NAME -ERR_put_error, ERR_add_error_data, ERR_add_error_vdata - record an error +ERR_put_error, ERR_put_func_error, +ERR_add_error_data, ERR_add_error_vdata - record an error =head1 SYNOPSIS #include void ERR_put_error(int lib, int func, int reason, const char *file, int line); + void ERR_put_func_error(int lib, const char *func, int reason, + const char *file, int line); void ERR_add_error_data(int num, ...); void ERR_add_error_vdata(int num, va_list arg); @@ -20,6 +23,10 @@ signals that the error of reason code B occurred in function B of library B, in line number B of B. This function is usually called by a macro. +ERR_put_func_err() is similar except that the B is a string naming +a function external to OpenSSL, usually provided by the platform on which +OpenSSL and the application is running. + ERR_add_error_data() associates the concatenation of its B string arguments with the error code added last. ERR_add_error_vdata() is similar except the argument is a B. diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index f51b501..aa5c1a6 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -72,7 +72,7 @@ void engine_load_devcrypto_int(void); static int clean_devcrypto_session(struct session_op *sess) { if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } memset(sess, 0, sizeof(struct session_op)); @@ -208,7 +208,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE; cipher_ctx->blocksize = cipher_d->blocksize; if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) { - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } @@ -260,7 +260,7 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #endif if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) { - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } @@ -704,7 +704,7 @@ static int digest_init(EVP_MD_CTX *ctx) memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess)); digest_ctx->sess.mac = digest_d->devcryptoid; if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) { - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } return 1; @@ -743,7 +743,7 @@ static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) return 1; } - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } @@ -758,7 +758,7 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_size(ctx)); } else if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } @@ -777,14 +777,14 @@ static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) return 1; if (!digest_init(to)) { - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } cphash.src_ses = digest_from->sess.ses; cphash.dst_ses = digest_to->sess.ses; if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) { - SYSerr(SYS_F_IOCTL, errno); + FUNCerr("ioctl", errno); return 0; } return 1; diff --git a/include/openssl/err.h b/include/openssl/err.h index 2e92b38..3fa30ab 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -26,9 +26,11 @@ extern "C" { #endif # ifndef OPENSSL_NO_ERR -# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) +# define ERR_PUT_func_error(l,f,r,fn,ln) ERR_put_func_error(l,f,r,fn,ln) # else -# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) +# define ERR_PUT_func_error(l,f,r,fn,ln) ERR_put_func_error(l,f,r,NULL,0) # endif # include @@ -103,7 +105,10 @@ typedef struct err_state_st { # define ERR_LIB_USER 128 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# if ! OPENSSL_API_3 +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,0,(r),OPENSSL_FILE,OPENSSL_LINE) +#endif +# define FUNCerr(f,r) ERR_PUT_func_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,0,(r),OPENSSL_FILE,OPENSSL_LINE) # define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,0,(r),OPENSSL_FILE,OPENSSL_LINE) # define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,0,(r),OPENSSL_FILE,OPENSSL_LINE) @@ -154,32 +159,33 @@ typedef struct err_state_st { # define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) # define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) -/* OS functions */ -# define SYS_F_FOPEN 1 -# define SYS_F_CONNECT 2 -# define SYS_F_GETSERVBYNAME 3 -# define SYS_F_SOCKET 4 -# define SYS_F_IOCTLSOCKET 5 -# define SYS_F_BIND 6 -# define SYS_F_LISTEN 7 -# define SYS_F_ACCEPT 8 -# define SYS_F_WSASTARTUP 9/* Winsock stuff */ -# define SYS_F_OPENDIR 10 -# define SYS_F_FREAD 11 -# define SYS_F_GETADDRINFO 12 -# define SYS_F_GETNAMEINFO 13 -# define SYS_F_SETSOCKOPT 14 -# define SYS_F_GETSOCKOPT 15 -# define SYS_F_GETSOCKNAME 16 -# define SYS_F_GETHOSTBYNAME 17 -# define SYS_F_FFLUSH 18 -# define SYS_F_OPEN 19 -# define SYS_F_CLOSE 20 -# define SYS_F_IOCTL 21 -# define SYS_F_STAT 22 -# define SYS_F_FCNTL 23 -# define SYS_F_FSTAT 24 -# define SYS_F_SENDFILE 25 +# if !OPENSSL_API_3 +# define SYS_F_FOPEN 0 +# define SYS_F_CONNECT 0 +# define SYS_F_GETSERVBYNAME 0 +# define SYS_F_SOCKET 0 +# define SYS_F_IOCTLSOCKET 0 +# define SYS_F_BIND 0 +# define SYS_F_LISTEN 0 +# define SYS_F_ACCEPT 0 +# define SYS_F_WSASTARTUP 0 +# define SYS_F_OPENDIR 0 +# define SYS_F_FREAD 0 +# define SYS_F_GETADDRINFO 0 +# define SYS_F_GETNAMEINFO 0 +# define SYS_F_SETSOCKOPT 0 +# define SYS_F_GETSOCKOPT 0 +# define SYS_F_GETSOCKNAME 0 +# define SYS_F_GETHOSTBYNAME 0 +# define SYS_F_FFLUSH 0 +# define SYS_F_OPEN 0 +# define SYS_F_CLOSE 0 +# define SYS_F_IOCTL 0 +# define SYS_F_STAT 0 +# define SYS_F_FCNTL 0 +# define SYS_F_FSTAT 0 +# define SYS_F_SENDFILE 0 +# endif /* reasons */ # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ @@ -229,6 +235,8 @@ typedef struct ERR_string_data_st { DEFINE_LHASH_OF(ERR_STRING_DATA); void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_put_func_error(int lib, const char *func, int reason, + const char *file, int line); void ERR_set_error_data(char *data, int flags); unsigned long ERR_get_error(void); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 5538e4d..3afa5e5 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -766,7 +766,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } if (errno) { - SYSerr(SYS_F_OPENDIR, get_last_sys_error()); + FUNCerr("readdir", get_last_sys_error()); ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); goto err; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c88368e..a943414 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2075,7 +2075,7 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) else #endif #ifdef OPENSSL_NO_KTLS - SYSerr(SYS_F_SENDFILE, get_last_sys_error()); + FUNCerr("sendfile", get_last_sys_error()); #else SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED); #endif diff --git a/test/errtest.c b/test/errtest.c index df222da..88ff860 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -44,9 +44,28 @@ static int vdata_appends(void) return TEST_str_eq(data, "hello world"); } +/* Test that setting a platform error sets the right values. */ +static int platform_error(void) +{ + const char *file = __FILE__, *f, *data; + const int line = __LINE__; + int l; + unsigned long e; + + ERR_put_func_error(ERR_LIB_SYS, "exit", ERR_R_INTERNAL_ERROR, file, line); + if (!TEST_ulong_ne(e = ERR_get_error_line_data(&f, &l, &data, NULL), 0) + || !TEST_int_eq(ERR_GET_REASON(e), ERR_R_INTERNAL_ERROR) + || !TEST_int_eq(l, line) + || !TEST_str_eq(f, file) + || !TEST_str_eq(data, "calling function exit")) + return 0; + return 1; +} + int setup_tests(void) { ADD_TEST(preserves_system_error); ADD_TEST(vdata_appends); + ADD_TEST(platform_error); return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index c062a99..e18fdca 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4690,3 +4690,4 @@ EVP_KEYMGMT_up_ref 4795 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_free 4796 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_provider 4797 3_0_0 EXIST::FUNCTION: X509_PUBKEY_dup 4798 3_0_0 EXIST::FUNCTION: +ERR_put_func_error 4799 3_0_0 EXIST::FUNCTION: From levitte at openssl.org Mon Jul 22 14:42:28 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 22 Jul 2019 14:42:28 +0000 Subject: [openssl] master update Message-ID: <1563806548.903119.14164.nullmailer@dev.openssl.org> The branch master has been updated via d4c69c69d171edb17b4d609c15891a9599809ed0 (commit) via 2cafb1dff3ef13c470c4d2d7b1d8a1f7142d8813 (commit) via e4c0ec6278f1fbfc50fcdd09769f65ca80866f6b (commit) from a80278b071426c7262c07d3b29100573b94df16d (commit) - Log ----------------------------------------------------------------- commit d4c69c69d171edb17b4d609c15891a9599809ed0 Author: Richard Levitte Date: Thu Jul 18 15:07:13 2019 +0200 Documentation: add provider-base(7), describing the base functions The base functions are the first tables of function pointers that libcrypto and the provider pass to each other, thereby providing a baseline with which they can communicate further with each other. This also contains an example for a ficticious provider, providing an implement of a fictitious algorithm for a fictitious operation. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9409) commit 2cafb1dff3ef13c470c4d2d7b1d8a1f7142d8813 Author: Richard Levitte Date: Thu Jul 18 12:24:55 2019 +0200 Documentation: Move the description of the fetching functions Now that the general descriptions have moved from doc/man3/EVP_MD_fetch.pod to doc/man7/provider.pod, the description of the fetching functions themselves can be moved to other pages where related functions are already described. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9409) commit e4c0ec6278f1fbfc50fcdd09769f65ca80866f6b Author: Richard Levitte Date: Thu Jul 18 12:23:23 2019 +0200 Documentation: Add provider(7), for general description of providers This includes an enumeration of the providers supplied with OpenSSL, and what implementations they offer. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9409) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_DigestInit.pod | 25 ++- doc/man3/EVP_EncryptInit.pod | 23 ++- doc/man3/EVP_KEYEXCH_free.pod | 18 +- doc/man3/EVP_MD_fetch.pod | 249 ----------------------- doc/man7/provider-base.pod | 464 ++++++++++++++++++++++++++++++++++++++++++ doc/man7/provider.pod | 401 ++++++++++++++++++++++++++++++++++++ 6 files changed, 921 insertions(+), 259 deletions(-) delete mode 100644 doc/man3/EVP_MD_fetch.pod create mode 100644 doc/man7/provider-base.pod create mode 100644 doc/man7/provider.pod diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index bc10fa3..6f36f0a 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -2,6 +2,7 @@ =head1 NAME +EVP_MD_fetch, EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, @@ -18,6 +19,8 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines #include + EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); EVP_MD_CTX *EVP_MD_CTX_new(void); int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); @@ -75,6 +78,14 @@ and should be used instead of the cipher-specific functions. =over 4 +=item EVP_MD_fetch() + +Fetches the digest implementation for the given B from any +provider offering it, within the criteria given by the B. +See L for further information. + +The returned value must eventually be freed with L. + =item EVP_MD_CTX_new() Allocates and returns a digest context. @@ -123,9 +134,12 @@ If B is NULL the default implementation of digest B is used. =item EVP_DigestInit_ex() -Sets up digest context B to use a digest B from ENGINE B. -B will typically be supplied by a function such as EVP_sha1(). If -B is NULL then the default implementation of digest B is used. +Sets up digest context B to use a digest B. +B is typically supplied by a function such as EVP_sha1(), or a +value explicitly fetched with EVP_MD_fetch(). + +If B is non-NULL, its implementation of the digest B is used if +there is one, and if not, the default implementation is used. =item EVP_DigestUpdate() @@ -343,6 +357,10 @@ disabled with this flag. =over 4 +=item EVP_MD_fetch() + +Returns a pointer to a B for success or NULL for failure. + =item EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex() @@ -487,6 +505,7 @@ L, L, L, L +L =head1 HISTORY diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 3c2e36b..e4fb0c4 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -2,6 +2,7 @@ =head1 NAME +EVP_CIPHER_fetch, EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, @@ -54,6 +55,8 @@ EVP_enc_null #include + EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); @@ -123,6 +126,14 @@ EVP_enc_null The EVP cipher routines are a high level interface to certain symmetric ciphers. +EVP_CIPHER_fetch() fetches the cipher implementation for the given +B from any provider offering it, within the criteria given +by the B. +See L for further information. + +The returned value must eventually be freed with +L. + EVP_CIPHER_CTX_new() creates a cipher context. EVP_CIPHER_CTX_free() clears all information from a cipher context @@ -132,10 +143,11 @@ cipher are complete so sensitive information does not remain in memory. EVP_EncryptInit_ex() sets up cipher context B for encryption -with cipher B from ENGINE B. B must be created -before calling this function. B is normally supplied -by a function such as EVP_aes_256_cbc(). If B is NULL then the -default implementation is used. B is the symmetric key to use +with cipher B. B is typically supplied by a function such +as EVP_aes_256_cbc(), or a value explicitly fetched with +EVP_CIPHER_fetch(). If B is non-NULL, its implementation of the +cipher B is used if there is one, and if not, the default +implementation is used. B is the symmetric key to use and B is the IV to use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. It is possible to set all parameters to NULL except B in an initial call and supply @@ -280,6 +292,9 @@ buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length(). =head1 RETURN VALUES +EVP_CIPHER_fetch() returns a pointer to a B for success +and B for failure. + EVP_CIPHER_CTX_new() returns a pointer to a newly created B for success and B for failure. diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index d10d768..912434d 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -2,21 +2,30 @@ =head1 NAME -EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref +EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref - Functions to manage EVP_KEYEXCH algorithm objects =head1 SYNOPSIS #include + EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); =head1 DESCRIPTION +EVP_KEYEXCH_fetch() fetches the key exchange implementation for the given +B from any provider offering it, within the criteria given +by the B. +See L for further information. + +The returned value must eventually be freed with EVP_KEYEXCH_free(). + EVP_KEYEXCH_free() decrements the reference count for the B structure. Typically this structure will have been obtained from an earlier call -to L. If the reference count drops to 0 then the +to EVP_KEYEXCH_fetch(). If the reference count drops to 0 then the structure is freed. EVP_KEYEXCH_up_ref() increments the reference count for an B @@ -24,11 +33,14 @@ structure. =head1 RETURN VALUES +EVP_KEYEXCH_fetch() returns a pointer to a B for success +or B for failure. + EVP_KEYEXCH_up_ref() returns 1 for success or 0 otherwise. =head1 SEE ALSO -L +L =head1 HISTORY diff --git a/doc/man3/EVP_MD_fetch.pod b/doc/man3/EVP_MD_fetch.pod deleted file mode 100644 index 98e4c84..0000000 --- a/doc/man3/EVP_MD_fetch.pod +++ /dev/null @@ -1,249 +0,0 @@ -=pod - -=head1 NAME - -EVP_MD_fetch, EVP_CIPHER_fetch, EVP_KEYEXCH_fetch -- Functions to explicitly fetch algorithm implementations - -=head1 SYNOPSIS - - #include - - EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, - const char *properties); - EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, - const char *properties); - EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, - const char *properties); - -=head1 DESCRIPTION - -Cryptographic algorithms are represented by different OpenSSL objects depending -on what type of algorithm it is. The following cryptographic algorithm types are -supported. - -=over 4 - -=item B - -Represents a digest algorithm. - -=item B - -Represents a symmetric cipher algorithm. - -=item B - -Represents a Message Authentication Code algorithm. - -=item B - -Represents a Key Derivation Function algorithm. - -=item B - -Represents a Key Exchange algorithm. - -=back - -The algorithm objects may or may not have an associated algorithm -implementation. -Cryptographic algorithms are implemented by providers. -Any algorithm may be supported by zero or more providers. -In order to use an algorithm an implementation must first be obtained. -This can happen in one of three ways, i.e. implicit fetch, explicit fetch or -user defined. - -=over 4 - -=item Implicit Fetch - -With implicit fetch an application can use functions such as L, -L or L to obtain an algorithm object with -no associated implementation. -When used in a function like L or L -the actual implementation to be used will be fetched implicitly using default -search criteria. -Typically, this will return an implementation of the appropriate algorithm from -the default provider unless the default search criteria have been changed and/or -different providers have been loaded. - -Implicit fetching can also occur with functions such as -L where a NULL algorithm parameter is supplied. -In this case an algorithm implementation is implicitly fetched using default -search criteria and an algorithm name that is consistent with the type of -EVP_PKEY being used. - -=item Explicit Fetch - -With explicit fetch an application uses one of the "fetch" functions to obtain -an algorithm object with an associated implementation. -An implementation with the given name that satisfies the search criteria -specified in the B parameter combined with the default search -criteria will be looked for within the available providers and returned. -See L for information on default search criteria -and L for information about providers. - -=item User defined - -Using the user defined approach an application constructs its own algorithm -object. -See L and L for details. - -=back - -Having obtained an algorithm implementation as an algorithm object it can then -be used to perform cryptographic operations. -For example to calculate the digest of input data with an B algorithm -object you can use functions such as L, -L and L. - -The fetch functions will look for an algorithm within the providers that -have been loaded into the B given in the B parameter. -This parameter may be NULL in which case the default B will be -used. -See L and L for further details. - -The B parameter gives the name of the algorithm to be looked up. -Different algorithms can be made available by loading different providers. - -The built-in default provider digest algorithm implementation names are: SHA1, -SHA224, SHA256, SHA384, SHA512, SHA512-224, SHA512-256, SHA3-224, SHA3-256, -SHA3-384, SHA3-512, SHAKE128, SHAKE256, SM3, BLAKE2b512, BLAKE2s256 and -MD5-SHA1. - -The built-in default provider cipher algorithm implementation names are: -AES-256-ECB, AES-192-ECB, AES-128-ECB, AES-256-CBC, AES-192-CBC, AES-128-CBC, -AES-256-OFB, AES-192-OFB, AES-128-OFB, AES-256-CFB, AES-192-CFB, AES-128-CFB, -AES-256-CFB1, AES-192-CFB1, AES-128-CFB1, AES-256-CFB8, AES-192-CFB8, -AES-128-CFB8, AES-256-CTR, AES-192-CTR, AES-128-CTR, id-aes256-GCM, -id-aes192-GCM and id-aes128-GCM. - -Additional algorithm implementations may be obtained by loading the "legacy" -provider. - -The legacy provider digest algorithms are: RIPEMD160, MD2, MD4, MD5, MDC2 and -whirlpool. - -The B parameter specifies the search criteria that will be used to -look for an algorithm implementation. Properties are given as a comma delimited -string of name value pairs. In order for an implementation to match, all the -properties in the query string must match those defined for that implementation. -Any properties defined by an implementation but not given in the query string -are ignored. All algorithm implementations in the default provider have the -property "default=yes". All algorithm implementations in the legacy provider have -the property "legacy=yes". All algorithm implementations in the FIPS provider -have the property "fips=yes". In the event that more than one implementation -of the given algorithm name matches the specified properties then an unspecified -one of those implementations may be returned. The B parameter may be -NULL in which case any implementation from the available providers with the -given algorithm name will be returned. - -The return value from a call to EVP_MD_fetch() must be freed by the caller using -L. -Note that EVP_MD objects are reference counted. See L. - -The return value from a call to EVP_CIPHER_fetch() must be freed by the caller -using L. -Note that EVP_CIPHER objects are reference counted. -See L. - -=head1 NOTES - -Where an application that previously used implicit fetch is converted to use -explicit fetch care should be taken with the L function. -Specifically, this function returns the EVP_MD object originally passed to -EVP_DigestInit_ex() (or other similar function). With implicit fetch the -returned EVP_MD object is guaranteed to be available throughout the application -lifetime. However, with explicit fetch EVP_MD objects are reference counted. -EVP_MD_CTX_md does not increment the reference count and so the returned EVP_MD -object may not be accessible beyond the lifetime of the EVP_MD_CTX it is -associated with. - -=head1 RETURN VALUES - -EVP_MD_fetch() returns a pointer to the algorithm implementation represented by -an EVP_MD object, or NULL on error. - -=head1 EXAMPLES - -Fetch any available implementation of SHA256 in the default context: - - EVP_MD *md = EVP_MD_fetch(NULL, "SHA256", NULL); - ... - EVP_MD_meth_free(md); - -Fetch any available implementation of AES-128-CBC in the default context: - - EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL); - ... - EVP_CIPHER_meth_free(cipher); - -Fetch an implementation of SHA256 from the default provider in the default -context: - - EVP_MD *md = EVP_MD_fetch(NULL, "SHA256", "default=yes"); - ... - EVP_MD_meth_free(md); - -Fetch an implementation of SHA256 that is not from the default provider in the -default context: - - EVP_MD *md = EVP_MD_fetch(NULL, "SHA256", "default=no"); - ... - EVP_MD_meth_free(md); - -Fetch an implementation of SHA256 from the default provider in the specified -context: - - EVP_MD *md = EVP_MD_fetch(ctx, "SHA256", "default=yes"); - ... - EVP_MD_meth_free(md); - -Load the legacy provider into the default context and then fetch an -implementation of whirlpool from it: - - /* This only needs to be done once - usually at application start up */ - OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); - - EVP_MD *md = EVP_MD_fetch(NULL, "whirlpool", "legacy=yes"); - ... - EVP_MD_meth_free(md); - -Note that in the above example the property string "legacy=yes" is optional -since, assuming no other providers have been loaded, the only implementation of -the "whirlpool" algorithm is in the "legacy" provider. Also note that the -default provider should be explicitly loaded if it is required in addition to -other providers: - - /* This only needs to be done once - usually at application start up */ - OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); - OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default"); - - EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL); - EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA256", NULL); - ... - EVP_MD_meth_free(md_whirlpool); - EVP_MD_meth_free(md_sha256); - -=head1 SEE ALSO - -L, L, L, -L, L, L, -L, L, L, -L, L - -=head1 HISTORY - -The functions described here were added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod new file mode 100644 index 0000000..e8e5d28 --- /dev/null +++ b/doc/man7/provider-base.pod @@ -0,0 +1,464 @@ +=pod + +=head1 NAME + +provider-base +- The basic OpenSSL library E-E provider functions + +=head1 SYNOPSIS + + #include + + /* + * None of these are actual functions, but are displayed like this for + * the function signatures for functions that are offered as function + * pointers in OSSL_DISPATCH arrays. + */ + + /* Functions offered by libcrypto to the providers */ + const OSSL_ITEM *core_get_param_types(const OSSL_PROVIDER *prov); + int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); + int core_thread_start(const OSSL_PROVIDER *prov, + OSSL_thread_stop_handler_fn handfn); + void core_put_error(const OSSL_PROVIDER *prov, + uint32_t reason, const char *file, int line); + void core_add_error_vdata(const OSSL_PROVIDER *prov, + int num, va_list args); + OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov); + + /* + * Some OpenSSL functionality is directly offered to providers via + * dispatch + */ + void *CRYPTO_malloc(size_t num, const char *file, int line); + void *CRYPTO_zalloc(size_t num, const char *file, int line); + void *CRYPTO_memdup(const void *str, size_t siz, + const char *file, int line); + char *CRYPTO_strdup(const char *str, const char *file, int line); + char *CRYPTO_strndup(const char *str, size_t s, + const char *file, int line); + void CRYPTO_free(void *ptr, const char *file, int line); + void CRYPTO_clear_free(void *ptr, size_t num, + const char *file, int line); + void *CRYPTO_realloc(void *addr, size_t num, + const char *file, int line); + void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + void *CRYPTO_secure_malloc(size_t num, const char *file, int line); + void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); + void CRYPTO_secure_free(void *ptr, const char *file, int line); + void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); + int CRYPTO_secure_allocated(const void *ptr); + void OPENSSL_cleanse(void *ptr, size_t len); + unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); + + /* Functions offered by the provider to libcrypto */ + void provider_teardown(void *provctx); + const OSSL_ITEM *provider_get_param_types(void *provctx); + int provider_get_params(void *provctx, OSSL_PARAM params[]); + const OSSL_ALGORITHM *provider_query_operation(void *provctx, + int operation_id, + const int *no_store); + const OSSL_ITEM *provider_get_reason_strings(void *provctx); + +=head1 DESCRIPTION + +All "functions" mentioned here are passed as function pointers between +F and the provider in B arrays, in the call +of the provider initialization function. See L +for a description of the initialization function. + +All these "functions" have a corresponding function type definition +named B, and a helper function to retrieve the +function pointer from a B element named +B. +For example, the "function" core_get_param_types() has these: + + typedef OSSL_ITEM * + (OSSL_core_get_param_types_fn)(const OSSL_PROVIDER *prov); + static ossl_inline OSSL_NAME_core_get_param_types_fn + OSSL_get_core_get_param_types(const OSSL_DISPATCH *opf); + +B arrays are indexed by numbers that are provided as +macros in L, as follows: + +For I (the B array passed from F to the +provider): + + core_get_param_types OSSL_FUNC_CORE_GET_PARAM_TYPES + core_get_params OSSL_FUNC_CORE_GET_PARAMS + core_thread_start OSSL_FUNC_CORE_THREAD_START + core_put_error OSSL_FUNC_CORE_PUT_ERROR + core_add_error_vdata OSSL_FUNC_CORE_ADD_ERROR_VDATA + core_get_library_context OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT + CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC + CRYPTO_zalloc OSSL_FUNC_CRYPTO_ZALLOC + CRYPTO_memdup OSSL_FUNC_CRYPTO_MEMDUP + CRYPTO_strdup OSSL_FUNC_CRYPTO_STRDUP + CRYPTO_strndup OSSL_FUNC_CRYPTO_STRNDUP + CRYPTO_free OSSL_FUNC_CRYPTO_FREE + CRYPTO_clear_free OSSL_FUNC_CRYPTO_CLEAR_FREE + CRYPTO_realloc OSSL_FUNC_CRYPTO_REALLOC + CRYPTO_clear_realloc OSSL_FUNC_CRYPTO_CLEAR_REALLOC + CRYPTO_secure_malloc OSSL_FUNC_CRYPTO_SECURE_MALLOC + CRYPTO_secure_zalloc OSSL_FUNC_CRYPTO_SECURE_ZALLOC + CRYPTO_secure_free OSSL_FUNC_CRYPTO_SECURE_FREE + CRYPTO_secure_clear_free OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE + CRYPTO_secure_allocated OSSL_FUNC_CRYPTO_SECURE_ALLOCATED + OPENSSL_cleanse OSSL_FUNC_OPENSSL_CLEANSE + OPENSSL_hexstr2buf OSSL_FUNC_OPENSSL_HEXSTR2BUF + +For I<*out> (the B array passed from the provider to +F): + + provider_teardown OSSL_FUNC_PROVIDER_TEARDOWN + provider_get_param_types OSSL_FUNC_PROVIDER_GET_PARAM_TYPES + provider_get_params OSSL_FUNC_PROVIDER_GET_PARAMS + provider_query_operation OSSL_FUNC_PROVIDER_QUERY_OPERATION + provider_get_reason_strings OSSL_FUNC_PROVIDER_GET_REASON_STRINGS + +=head2 Core functions + +core_get_param_types() returns a constant array of descriptor +B, for parameters that core_get_params() can handle. + +core_get_params() retrieves I parameters from the core. +See L below for a description of currently known +parameters. + +=for comment core_thread_start() TBA + +core_put_error() is used to report an error back to the core, with +reference to the provider object I. +The I is a number defined by the provider and used to index +the reason strings table that's returned by +provider_get_reason_strings(). +I and I may also be passed to indicate exactly where the +error occured or was reported. +This corresponds to the OpenSSL function L. + +core_add_error_vdata() is used to add additional text data to an +error already reported with core_put_error(). +It takes I strings in a B and concatenates them. +Provider authors will have to write the corresponding variadic +argument function. + +core_get_library_context() retrieves the library context in which the +B object I is stored. +This may sometimes be useful if the provider wishes to store a +reference to its context in the same library context. + +CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(), +CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(), +CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(), +CRYPTO_secure_zalloc(), CRYPTO_secure_free(), +CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(), +OPENSSL_cleanse(), and OPENSSL_hexstr2buf() correspond exactly to the +public functions with the same name. +As a matter of fact, the pointers in the B array are +direct pointers to those public functions. + +=head2 Provider functions + +provider_teardown() is called when a provider is shut down and removed +from the core's provider store. +It must free the passed I. + +provider_get_param_types() should return a constant array of +descriptor B, for parameters that provider_get_params() +can handle. + +provider_get_params() should process the B array +I, setting the values of the parameters it understands. + +provider_query_operation() should return a constant B +that corresponds to the given I. +It should indicate if the core may store a reference to this array by +setting I<*no_store> to 0 (core may store a reference) or 1 (core may +not store a reference). + +provider_get_reason_strings() should return a constant B +array that provides reason strings for reason codes the provider may +use when reporting errors using core_put_error(). + +None of these functions are mandatory, but a provider is fairly +useless without at least provider_query_operation(), and +provider_get_param_types() is fairly useless if not accompanied by +provider_get_params(). + +=head2 Core parameters + +core_get_params() understands the following known parameters: + +=over 4 + +=item "openssl-version" + +This is a B type of parameter, pointing at the +OpenSSL libraries' full version string, i.e. the string expanded from +the macro B. + +=item "provider-name" + +This is a B type of parameter, pointing at the +OpenSSL libraries' idea of what the calling provider is called. + +=back + +Additionally, provider specific configuration parameters from the +config file are available, in dotted name form. +The dotted name form is a concatenation of section names and final +config command name separated by periods. + +For example, let's say we have the following config example: + + openssl_conf = openssl_init + + [openssl_init] + providers = providers_sect + + [providers_sect] + foo = foo_sect + + [foo_sect] + activate = 1 + data1 = 2 + data2 = str + more = foo_more + + [foo_more] + data3 = foo,bar + +The provider will have these additional parameters available: + +=over 4 + +=item "activate" + +pointing at the string "1" + +=item "data1" + +pointing at the string "2" + +=item "data2" + +pointing at the string "str" + +=item "more.data3" + +pointing at the string "foo,bar" + +=back + +For more information on handling parameters, see L as +L. + +=head1 EXAMPLES + +This is an example of a simple provider made available as a +dynamically loadable module. +It implements the fictitious algorithm C for the fictitious +operation C. + + #include + #include + #include + + /* Errors used in this provider */ + #define E_MALLOC 1 + + static const OSSL_ITEM reasons[] = { + { E_MALLOC, "memory allocation failure" }. + { 0, NULL } /* Termination */ + }; + + /* + * To ensure we get the function signature right, forward declare + * them using function types provided by openssl/core_numbers.h + */ + OSSL_OP_bar_newctx_fn foo_newctx; + OSSL_OP_bar_freectx_fn foo_freectx; + OSSL_OP_bar_init_fn foo_init; + OSSL_OP_bar_update_fn foo_update; + OSSL_OP_bar_final_fn foo_final; + + OSSL_provider_query_operation_fn p_query; + OSSL_provider_get_reason_strings_fn p_reasons; + OSSL_provider_teardown_fn p_teardown; + + OSSL_provider_init_fn OSSL_provider_init; + + OSSL_core_put_error *c_put_error = NULL; + + /* Provider context */ + struct prov_ctx_st { + OSSL_PROVIDER *prov; + } + + /* operation context for the algorithm FOO */ + struct foo_ctx_st { + struct prov_ctx_st *provctx; + int b; + }; + + static void *foo_newctx(void *provctx) + { + struct foo_ctx_st *fooctx = malloc(sizeof(*fooctx)); + + if (fooctx != NULL) + fooctx->provctx = provctx; + else + c_put_error(provctx->prov, E_MALLOC, __FILE__, __LINE__); + return fooctx; + } + + static void foo_freectx(void *fooctx) + { + free(fooctx); + } + + static int foo_init(void *vfooctx) + { + struct foo_ctx_st *fooctx = vfooctx; + + fooctx->b = 0x33; + } + + static int foo_update(void *vfooctx, unsigned char *in, size_t inl) + { + struct foo_ctx_st *fooctx = vfooctx; + + /* did you expect something serious? */ + if (inl == 0) + return 1; + for (; inl-- > 0; in++) + *in ^= fooctx->b; + return 1; + } + + static int foo_final(void *vfooctx) + { + struct foo_ctx_st *fooctx = vfooctx; + + fooctx->b = 0x66; + } + + static const OSSL_DISPATCH foo_fns[] = { + { OSSL_FUNC_BAR_NEWCTX, (void (*)(void))foo_newctx }, + { OSSL_FUNC_BAR_FREECTX, (void (*)(void))foo_freectx }, + { OSSL_FUNC_BAR_INIT, (void (*)(void))foo_init }, + { OSSL_FUNC_BAR_UPDATE, (void (*)(void))foo_update }, + { OSSL_FUNC_BAR_FINAL, (void (*)(void))foo_final }, + { 0, NULL } + }; + + static const OSSL_ALGORITHM bars[] = { + { "FOO", "provider=chumbawamba", foo_fns }, + { NULL, NULL, NULL } + }; + + static const OSSL_ALGORITHM *p_query(void *provctx, int operation_id, + int *no_store) + { + switch (operation_id) { + case OSSL_OP_BAR: + return bars; + } + return NULL; + } + + static const OSSL_ITEM *p_reasons(void *provctx) + { + return reasons; + } + + static void p_teardown(void *provctx) + { + free(provctx); + } + + static const OSSL_DISPATCH prov_fns[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, + { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (void (*)(void))p_reasons }, + { 0, NULL } + }; + + int OSSL_provider_init(const OSSL_PROVIDER *provider, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) + { + struct prov_ctx_st *pctx = NULL; + + for (; in->function_id != 0; in++) + switch (in->function_id) { + case OSSL_FUNC_CORE_PUT_ERROR: + c_put_error = OSSL_get_core_put_error(in); + break; + } + + *out = prov_fns; + + if ((pctx = malloc(sizeof(*pctx))) == NULL) { + /* + * ALEA IACTA EST, if the core retrieves the reason table + * regardless, that string will be displayed, otherwise not. + */ + c_put_error(provider, E_MALLOC, __FILE__, __LINE__); + return 0; + } + return 1; + } + +This relies on a few things existing in F: + + #define OSSL_OP_BAR 4711 + + #define OSSL_FUNC_BAR_NEWCTX 1 + typedef void *(OSSL_OP_bar_newctx_fn)(void *provctx); + static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf) + { return (OSSL_OP_bar_newctx_fn *)opf->function; } + + #define OSSL_FUNC_BAR_FREECTX 2 + typedef void (OSSL_OP_bar_freectx_fn)(void *ctx); + static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf) + { return (OSSL_OP_bar_freectx_fn *)opf->function; } + + #define OSSL_FUNC_BAR_INIT 3 + typedef void *(OSSL_OP_bar_init_fn)(void *ctx); + static ossl_inline OSSL_get_bar_init(const OSSL_DISPATCH *opf) + { return (OSSL_OP_bar_init_fn *)opf->function; } + + #define OSSL_FUNC_BAR_UPDATE 4 + typedef void *(OSSL_OP_bar_update_fn)(void *ctx, + unsigned char *in, size_t inl); + static ossl_inline OSSL_get_bar_update(const OSSL_DISPATCH *opf) + { return (OSSL_OP_bar_update_fn *)opf->function; } + + #define OSSL_FUNC_BAR_FINAL 5 + typedef void *(OSSL_OP_bar_final_fn)(void *ctx); + static ossl_inline OSSL_get_bar_final(const OSSL_DISPATCH *opf) + { return (OSSL_OP_bar_final_fn *)opf->function; } + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod new file mode 100644 index 0000000..d9010dc --- /dev/null +++ b/doc/man7/provider.pod @@ -0,0 +1,401 @@ +=pod + +=head1 NAME + +provider - OpenSSL operation implementation providers + +=head1 SYNOPSIS + +=for comment generic + +#include + +=head1 DESCRIPTION + +=head2 General + +A I, in OpenSSL terms, is a unit of code that provides one +or more implementations for various operations for diverse algorithms +that one might want to perform. + +An I is something one wants to do, such as encryption and +decryption, key derivation, MAC calculation, signing and verification, +etc. + +An I is a named method to perform an operation. +Very often, the algorithms revolve around cryptographic operations, +but may also revolve around other types of operation, such as managing +certain types of objects. + +=head2 Provider + +I + +A I offers an initialization function, as a set of base +functions in the form of an B array, and by extension, +a set of Bs (see L). +It may be a dynamically loadable module, or may be built-in, in +OpenSSL libraries or in the application. +If it's a dynamically loadable module, the initialization function +must be named C and must be exported. +If it's built-in, the initialization function may have any name. + +The initialization function must have the following signature: + + int NAME(const OSSL_PROVIDER *provider, + const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, + void **provctx); + +I is the OpenSSL library object for the provider, and works +as a handle for everything the OpenSSL libraries need to know about +the provider. +For the provider itself, it may hold some interesting information, +and is also passed to some of the functions given in the dispatch +array I. + +I is a dispatch array of base functions offered by the OpenSSL +libraries, and the available functions are further described in +L. + +I<*out> must be assigned a dispatch array of base functions that the +provider offers to the OpenSSL libraries. +The functions that may be offered are further described in +L, and they are the central means of communication +between the OpenSSL libraries and the provider. + +I<*provctx> should be assigned a provider specific context to allow +the provider multiple simultaneous uses. +This pointer will be passed to various operation functions offered by +the provider. + +One of the functions the provider offers to the OpenSSL libraries is +the central mechanism for the OpenSSL libraries to get access to +operation implementations for diverse algorithms. +Its referred to with the number B +and has the following signature: + + const OSSL_ALGORITHM *provider_query_operation(void *provctx, + int operation_id, + const int *no_store); + +I is the provider specific context that was passed back by +the initialization function. + +I is an operation identity (see L below). + +I is a flag back to the OpenSSL libraries which, when +non-zero, signifies that the OpenSSL libraries will not store a +reference to the returned data in their internal store of +implementations. + +The returned B is the foundation of any OpenSSL +library API that uses providers for their implementation, most +commonly in the I type of functions +(see L below). + +=head2 Operations + +I + +Operations are referred to with numbers, via macros with names +starting with C. + +With each operation comes a set of defined function types that a +provider may or may not offer, depending on its needs. + +Currently available operations are: + +=over 4 + +=item Digests + +In the OpenSSL libraries, the corresponding method object is +B. +The number for this operation is B. +The functions the provider can offer are described in +L + +=item Symmetric ciphers + +In the OpenSSL libraries, the corresponding method object is +B. +The number for this operation is B. +The functions the provider can offer are described in +L + +=begin comment NOT AVAILABLE YET + +=item Message Authentication Code (MAC) + +In the OpenSSL libraries, the corresponding method object is +B. +The number for this operation is B. +The functions the provider can offer are described in +L + +=end comment + +=begin comment NOT AVAILABLE YET + +=item Key Derivation Function (KDF) + +In the OpenSSL libraries, the corresponding method object is +B. +The number for this operation is B. +The functions the provider can offer are described in +L + +=end comment + +=item Key Exchange + +In the OpenSSL libraries, the corresponding method object is +B. +The number for this operation is B. +The functions the provider can offer are described in +L + +=back + +=head2 Fetching algorithms + +=head3 Explicit fetch + +I + +Users of the OpenSSL libraries never query the provider directly for +its diverse implementations and dispatch tables. +Instead, the diverse OpenSSL APIs often have fetching functions that +do the work, and they return an appropriate method object back to the +user. +These functions usually have the name C, where +C is the name of the API, for example L. + +These fetching functions follow a fairly common pattern, where three +arguments are passed: + +=over 4 + +=item The library context + +See L for a more detailed description. +This may be NULL to signify the default (global) library context, or a +context created by the user. +Only providers loaded in this library context (see +L) will be considered by the fetching +function. + +=item An identifier + +This is most commonly an algorithm name (this is the case for all EVP +methods), but may also be called something else. + +=for comment For example, an OSSL_STORE implementation would use the +URI scheme as an identifier. + +=item A property query string + +See L for a more detailed description. +This is used to select more exactly which providers will get to offer +an implementation. + +=back + +The method object that is fetched can then be used with diverse other +functions that use them, for example L. + +=head2 Implicit fetch + +I + +OpenSSL has a number of functions that return a method object with no +associated implementation, such as L, +L or L, which are present for +compatibility with OpenSSL before version 3.0. + +When they are used with functions like L or +L, the actual implementation to be used is +fetched implicitly using default search criteria. + +Implicit fetching can also occur with functions such as +L where a NULL algorithm parameter is +supplied. +In this case an algorithm implementation is implicitly fetched using +default search criteria and an algorithm name that is consistent with +the type of EVP_PKEY being used. + +=head1 OPENSSL PROVIDERS + +OpenSSL comes with a set of providers. +All the algorithm names mentioned can be used as an algorithm +identifier to the appropriate fetching function. + +=head2 Default provider + +The default provider is built in as part of the F library. +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "default=yes" +can be used as a search criterion for these implementations. + +It currently offers the following named algorithms: + +=over 4 + +=item Digests + +SHA1, SHA224, SHA256, SHA384, SHA512, SHA512-224, SHA512-256, +SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, SM3, +BLAKE2b512, BLAKE2s256, KMAC128, KMAC256, MD5, MD5-SHA1 + +=item Symmetric ciphers + +AES-256-ECB, AES-192-ECB, AES-128-ECB, AES-256-CBC, AES-192-CBC, +AES-128-CBC, AES-256-OFB, AES-192-OFB, AES-128-OFB, AES-256-CFB, +AES-192-CFB, AES-128-CFB, AES-256-CFB1, AES-192-CFB1, AES-128-CFB1, +AES-256-CFB8, AES-192-CFB8, AES-128-CFB8, AES-256-CTR, AES-192-CTR, +AES-128-CTR, id-aes256-GCM, id-aes192-GCM, id-aes128-GCM + +=item Key Exchange + +dhKeyAgreement + +=back + +=head2 FIPS provider + +The FIPS provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see L). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "fips=yes" can +be used as a search criterion for these implementations. + +It currently offers the following FIPS approved named algorithms: + +=over 4 + +=item Digests + +SHA1, SHA224, SHA256, SHA384, SHA512, SHA512-224, SHA512-256, +SHA3-224, SHA3-256, SHA3-384, SHA3-512, KMAC128, KMAC256 + +=item Symmetric ciphers + +AES-256-ECB, AES-192-ECB, AES-128-ECB, AES-256-CBC, AES-192-CBC, +AES-128-CBC, AES-256-CTR, AES-192-CTR, AES-128-CTR + +=back + +=head2 Legacy provider + +The legacy provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see L). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "legacy=yes" can be +used as a search criterion for these implementations. + +It currently offers the following named algorithms: + +=over 4 + +=item Digest algorithms: + +RIPEMD160, MD2, MD4, MDC2, whirlpool. + +=back + +=head1 EXAMPLES + +=head2 Fetching + +Fetch any available implementation of SHA256 in the default context: + + EVP_MD *md = EVP_MD_fetch(NULL, "SHA256", NULL); + ... + EVP_MD_meth_free(md); + +Fetch any available implementation of AES-128-CBC in the default context: + + EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL); + ... + EVP_CIPHER_meth_free(cipher); + +Fetch an implementation of SHA256 from the default provider in the default +context: + + EVP_MD *md = EVP_MD_fetch(NULL, "SHA256", "default=yes"); + ... + EVP_MD_meth_free(md); + +Fetch an implementation of SHA256 that is not from the default provider in the +default context: + + EVP_MD *md = EVP_MD_fetch(NULL, "SHA256", "default=no"); + ... + EVP_MD_meth_free(md); + +Fetch an implementation of SHA256 from the default provider in the specified +context: + + EVP_MD *md = EVP_MD_fetch(ctx, "SHA256", "default=yes"); + ... + EVP_MD_meth_free(md); + +Load the legacy provider into the default context and then fetch an +implementation of whirlpool from it: + + /* This only needs to be done once - usually at application start up */ + OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); + + EVP_MD *md = EVP_MD_fetch(NULL, "whirlpool", "legacy=yes"); + ... + EVP_MD_meth_free(md); + +Note that in the above example the property string "legacy=yes" is optional +since, assuming no other providers have been loaded, the only implementation of +the "whirlpool" algorithm is in the "legacy" provider. Also note that the +default provider should be explicitly loaded if it is required in addition to +other providers: + + /* This only needs to be done once - usually at application start up */ + OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); + OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default"); + + EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL); + EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA256", NULL); + ... + EVP_MD_meth_free(md_whirlpool); + EVP_MD_meth_free(md_sha256); + + +=head1 SEE ALSO + +L, L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut From builds at travis-ci.org Mon Jul 22 14:53:51 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 14:53:51 +0000 Subject: Still Failing: openssl/openssl#26743 (master - a80278b) In-Reply-To: Message-ID: <5d35cdff41252_43fef4ff0eb18424947@c40710b9-7dad-4abc-b238-44f2bce6b899.mail> Build Update for openssl/openssl ------------------------------------- Build: #26743 Status: Still Failing Duration: 26 mins and 52 secs Commit: a80278b (master) Author: Rich Salz Message: Include deprecated SYS_F_xxx codes Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9072) View the changeset: https://github.com/openssl/openssl/compare/1372560f64c9...a80278b07142 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562129924?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 22 15:31:30 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 15:31:30 +0000 Subject: Still Failing: openssl/openssl#26748 (master - d4c69c6) In-Reply-To: Message-ID: <5d35d6d14b085_43fb64ec79c7024143e@083f1ea6-b043-4028-b0c4-e67057ed1f88.mail> Build Update for openssl/openssl ------------------------------------- Build: #26748 Status: Still Failing Duration: 19 mins and 14 secs Commit: d4c69c6 (master) Author: Richard Levitte Message: Documentation: add provider-base(7), describing the base functions The base functions are the first tables of function pointers that libcrypto and the provider pass to each other, thereby providing a baseline with which they can communicate further with each other. This also contains an example for a ficticious provider, providing an implement of a fictitious algorithm for a fictitious operation. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9409) View the changeset: https://github.com/openssl/openssl/compare/a80278b07142...d4c69c69d171 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562138458?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Mon Jul 22 18:09:27 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 22 Jul 2019 18:09:27 +0000 Subject: [openssl] master update Message-ID: <1563818967.462859.21100.nullmailer@dev.openssl.org> The branch master has been updated via a38c878c2e5e05016bc9faa8d0828eb96efba1c2 (commit) from d4c69c69d171edb17b4d609c15891a9599809ed0 (commit) - Log ----------------------------------------------------------------- commit a38c878c2e5e05016bc9faa8d0828eb96efba1c2 Author: Bernd Edlinger Date: Wed Jul 10 15:52:36 2019 +0200 Change DH parameters to generate the order q subgroup instead of 2q This avoids leaking bit 0 of the private key. Reviewed-by: Viktor Dukhovni Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9363) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++ apps/dhparam.c | 6 ++++- crypto/dh/dh_check.c | 36 +++++++------------------- crypto/dh/dh_gen.c | 54 ++++++++++++++++++-------------------- crypto/dh/dh_key.c | 15 ++++++++--- doc/man1/dhparam.pod | 7 ++--- include/openssl/dh.h | 2 +- test/dhtest.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++- 8 files changed, 135 insertions(+), 64 deletions(-) diff --git a/CHANGES b/CHANGES index e517ace..0ad7ac8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,12 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Changed DH parameters to generate the order q subgroup instead of 2q. + Previously generated DH parameters are still accepted by DH_check + but DH_generate_key works around that by clearing bit 0 of the + private key for those. This avoids leaking bit 0 of the private key. + [Bernd Edlinger] + *) Added a new FUNCerr() macro that takes a function name. The macro SYSerr() is deprecated. [Rich Salz] diff --git a/apps/dhparam.c b/apps/dhparam.c index b13a34a..7cd69b9 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -37,7 +37,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT, - OPT_DSAPARAM, OPT_C, OPT_2, OPT_5, + OPT_DSAPARAM, OPT_C, OPT_2, OPT_3, OPT_5, OPT_R_ENUM } OPTION_CHOICE; @@ -55,6 +55,7 @@ const OPTIONS dhparam_options[] = { OPT_R_OPTIONS, {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, + {"3", OPT_3, '-', "Generate parameters using 3 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, # ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', @@ -125,6 +126,9 @@ int dhparam_main(int argc, char **argv) case OPT_2: g = 2; break; + case OPT_3: + g = 3; + break; case OPT_5: g = 5; break; diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 8be2b91..aff7e37 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,8 @@ int DH_check_params_ex(const DH *dh) { int errflags = 0; - (void)DH_check_params(dh, &errflags); + if (!DH_check_params(dh, &errflags)) + return 0; if ((errflags & DH_CHECK_P_NOT_PRIME) != 0) DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME); @@ -67,18 +68,14 @@ int DH_check_params(const DH *dh, int *ret) /*- * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. + * g is a suitable generator. */ int DH_check_ex(const DH *dh) { int errflags = 0; - (void)DH_check(dh, &errflags); + if (!DH_check(dh, &errflags)) + return 0; if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0) DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR); @@ -102,10 +99,11 @@ int DH_check(const DH *dh, int *ret) { int ok = 0, r; BN_CTX *ctx = NULL; - BN_ULONG l; BIGNUM *t1 = NULL, *t2 = NULL; - *ret = 0; + if (!DH_check_params(dh, ret)) + return 0; + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -139,21 +137,7 @@ int DH_check(const DH *dh, int *ret) *ret |= DH_CHECK_INVALID_Q_VALUE; if (dh->j && BN_cmp(dh->j, t1)) *ret |= DH_CHECK_INVALID_J_VALUE; - - } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) - goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) - goto err; - if ((l != 3) && (l != 7)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; + } r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 1e5c7ca..bbf774f 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,30 +30,29 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, /*- * We generate DH parameters as follows - * find a prime q which is prime_len/2 bits long. - * p=(2*q)+1 or (p-1)/2 = q - * For this case, g is a generator if - * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. - * Since the factors of p-1 are q and 2, we just need to check - * g^2 mod p != 1 and g^q mod p != 1. + * find a prime p which is prime_len bits long, + * where q=(p-1)/2 is also prime. + * In the following we assume that g is not 0, 1 or p-1, since it + * would generate only trivial subgroups. + * For this case, g is a generator of the order-q subgroup if + * g^q mod p == 1. + * Or in terms of the Legendre symbol: (g/p) == 1. * * Having said all that, * there is another special case method for the generators 2, 3 and 5. - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 <<<<< does not work for safe primes. - * for 5, p mod 10 == 3 or 7 + * Using the quadratic reciprocity law it is possible to solve + * (g/p) == 1 for the special values 2, 3, 5: + * (2/p) == 1 if p mod 8 == 1 or 7. + * (3/p) == 1 if p mod 12 == 1 or 11. + * (5/p) == 1 if p mod 5 == 1 or 4. + * See for instance: https://en.wikipedia.org/wiki/Legendre_symbol * - * Thanks to Phil Karn for the pointers about the - * special generators and for answering some of my questions. - * - * I've implemented the second simple method :-). - * Since DH should be using a safe prime (both p and q are prime), - * this generator function can take a very very long time to run. - */ -/* - * Actually there is no reason to insist that 'generator' be a generator. - * It's just as OK (and in some sense better) to use a generator of the - * order-q subgroup. + * Since all safe primes > 7 must satisfy p mod 12 == 11 + * and all safe primes > 11 must satisfy p mod 5 != 1 + * we can further improve the condition for g = 2, 3 and 5: + * for 2, p mod 24 == 23 + * for 3, p mod 12 == 11 + * for 5, p mod 60 == 59 */ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -84,17 +83,14 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, if (generator == DH_GENERATOR_2) { if (!BN_set_word(t1, 24)) goto err; - if (!BN_set_word(t2, 11)) + if (!BN_set_word(t2, 23)) goto err; g = 2; } else if (generator == DH_GENERATOR_5) { - if (!BN_set_word(t1, 10)) + if (!BN_set_word(t1, 60)) goto err; - if (!BN_set_word(t2, 3)) + if (!BN_set_word(t2, 59)) goto err; - /* - * BN_set_word(t3,7); just have to miss out on these ones :-( - */ g = 5; } else { /* @@ -102,9 +98,9 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, * not: since we are using safe primes, it will generate either an * order-q or an order-2q group, which both is OK */ - if (!BN_set_word(t1, 2)) + if (!BN_set_word(t1, 12)) goto err; - if (!BN_set_word(t2, 1)) + if (!BN_set_word(t2, 11)) goto err; g = generator; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 6b3a124..4df993e 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -125,6 +125,15 @@ static int generate_key(DH *dh) l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto err; + /* + * We handle just one known case where g is a quadratic non-residue: + * for g = 2: p % 8 == 3 + */ + if (BN_is_word(dh->g, DH_GENERATOR_2) && !BN_is_bit_set(dh->p, 2)) { + /* clear bit 0, since it won't be a secret anyway */ + if (!BN_clear_bit(priv_key, 0)) + goto err; + } } } @@ -136,11 +145,11 @@ static int generate_key(DH *dh) BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) { - BN_free(prk); + BN_clear_free(prk); goto err; } /* We MUST free prk before any further use of priv_key */ - BN_free(prk); + BN_clear_free(prk); } dh->pub_key = pub_key; diff --git a/doc/man1/dhparam.pod b/doc/man1/dhparam.pod index 67a3894..dd871b3 100644 --- a/doc/man1/dhparam.pod +++ b/doc/man1/dhparam.pod @@ -19,6 +19,7 @@ B [B<-text>] [B<-C>] [B<-2>] +[B<-3>] [B<-5>] [B<-rand file...>] [B<-writerand file>] @@ -77,9 +78,9 @@ avoid small-subgroup attacks that may be possible otherwise. Performs numerous checks to see if the supplied parameters are valid and displays a warning if not. -=item B<-2>, B<-5> +=item B<-2>, B<-3>, B<-5> -The generator to use, either 2 or 5. If present then the +The generator to use, either 2, 3 or 5. If present then the input file is ignored and parameters are generated instead. If not present but B is present, parameters are generated with the default generator 2. @@ -156,7 +157,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/dh.h b/include/openssl/dh.h index e96c811..7c509b4 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -65,7 +65,7 @@ extern "C" { DECLARE_ASN1_ITEM(DHparams) # define DH_GENERATOR_2 2 -/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_3 3 # define DH_GENERATOR_5 5 /* DH_check error codes */ diff --git a/test/dhtest.c b/test/dhtest.c index 7b2edec..f80d5b3 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "testutil.h" #ifndef OPENSSL_NO_DH @@ -62,6 +63,17 @@ static int dh_test(void) || !TEST_true(DH_set0_pqg(dh, p, q, g))) goto err1; + if (!DH_check(dh, &i)) + goto err2; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) + goto err2; + /* test the combined getter for p, q, and g */ DH_get0_pqg(dh, &p2, &q2, &g2); if (!TEST_ptr_eq(p2, p) @@ -130,7 +142,8 @@ static int dh_test(void) if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) - || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) goto err3; DH_get0_pqg(a, &ap, NULL, &ag); @@ -609,6 +622,63 @@ static int rfc5114_test(void) TEST_error("Test failed RFC5114 set %d\n", i + 1); return 0; } + +static int rfc7919_test(void) +{ + DH *a = NULL, *b = NULL; + const BIGNUM *apub_key = NULL, *bpub_key = NULL; + unsigned char *abuf = NULL; + unsigned char *bbuf = NULL; + int i, alen, blen, aout, bout; + int ret = 0; + + if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048))) + goto err; + + if (!DH_check(a, &i)) + goto err; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) + goto err; + + if (!DH_generate_key(a)) + goto err; + DH_get0_key(a, &apub_key, NULL); + + /* now create another copy of the DH group for the peer */ + if (!TEST_ptr(b = DH_new_by_nid(NID_ffdhe2048))) + goto err; + + if (!DH_generate_key(b)) + goto err; + DH_get0_key(b, &bpub_key, NULL); + + alen = DH_size(a); + if (!TEST_ptr(abuf = OPENSSL_malloc(alen)) + || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1)) + goto err; + + blen = DH_size(b); + if (!TEST_ptr(bbuf = OPENSSL_malloc(blen)) + || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1)) + goto err; + + if (!TEST_true(aout >= 20) + || !TEST_mem_eq(abuf, aout, bbuf, bout)) + goto err; + + ret = 1; + + err: + OPENSSL_free(abuf); + OPENSSL_free(bbuf); + DH_free(a); + DH_free(b); + return ret; +} #endif @@ -619,6 +689,7 @@ int setup_tests(void) #else ADD_TEST(dh_test); ADD_TEST(rfc5114_test); + ADD_TEST(rfc7919_test); #endif return 1; } From bernd.edlinger at hotmail.de Mon Jul 22 18:14:17 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 22 Jul 2019 18:14:17 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1563819257.831029.25634.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0bc650d58a58a8b4af97639b952eac3558bb982e (commit) from aa8b244e5c22193078e3e80fad1f5b27bf62c73b (commit) - Log ----------------------------------------------------------------- commit 0bc650d58a58a8b4af97639b952eac3558bb982e Author: Bernd Edlinger Date: Sun Jul 21 10:41:39 2019 +0200 Use trusty for travis builds this works around build failures due to clang error: unknown warning option '-Wno-extended-offsetof' [extended tests] Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9425) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index c3e035e..0a50db1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +dist: trusty language: c addons: From builds at travis-ci.org Mon Jul 22 18:32:09 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 18:32:09 +0000 Subject: Fixed: openssl/openssl#26762 (OpenSSL_1_0_2-stable - 0bc650d) In-Reply-To: Message-ID: <5d360128bc62d_43fbc6a749f44231699@c2c57b6c-e598-4e4b-8b5d-eebe0c83db63.mail> Build Update for openssl/openssl ------------------------------------- Build: #26762 Status: Fixed Duration: 9 mins and 20 secs Commit: 0bc650d (OpenSSL_1_0_2-stable) Author: Bernd Edlinger Message: Use trusty for travis builds this works around build failures due to clang error: unknown warning option '-Wno-extended-offsetof' [extended tests] Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9425) View the changeset: https://github.com/openssl/openssl/compare/aa8b244e5c22...0bc650d58a58 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562218775?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 22 18:35:28 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 18:35:28 +0000 Subject: Still Failing: openssl/openssl#26761 (master - a38c878) In-Reply-To: Message-ID: <5d3601ee30a0d_43fdc25a3d3ec1115ed@19d5698d-8032-42a6-8dac-1316d2ba5864.mail> Build Update for openssl/openssl ------------------------------------- Build: #26761 Status: Still Failing Duration: 20 mins and 18 secs Commit: a38c878 (master) Author: Bernd Edlinger Message: Change DH parameters to generate the order q subgroup instead of 2q This avoids leaking bit 0 of the private key. Reviewed-by: Viktor Dukhovni Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9363) View the changeset: https://github.com/openssl/openssl/compare/d4c69c69d171...a38c878c2e5e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562216876?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 22 19:10:06 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Jul 2019 19:10:06 +0000 Subject: Build failed: openssl master.26179 Message-ID: <20190722191006.1.2030D2E1019575D7@appveyor.com> An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Mon Jul 22 19:23:38 2019 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Mon, 22 Jul 2019 19:23:38 +0000 Subject: [openssl] master update Message-ID: <1563823418.899014.10987.nullmailer@dev.openssl.org> The branch master has been updated via 29ce3458d8474870805dd1439cf857d19519bfb1 (commit) from a38c878c2e5e05016bc9faa8d0828eb96efba1c2 (commit) - Log ----------------------------------------------------------------- commit 29ce3458d8474870805dd1439cf857d19519bfb1 Author: Patrick Steuer Date: Fri Jul 19 16:41:46 2019 +0200 Remove superfluous call to OPENSSL_cpuid_setup Signed-off-by: Patrick Steuer Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9417) ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_all.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index d06768a..e1f09ac 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -12,9 +12,6 @@ void ENGINE_load_builtin_engines(void) { - /* Some ENGINEs need this */ - OPENSSL_cpuid_setup(); - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } From no-reply at appveyor.com Mon Jul 22 19:39:24 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Jul 2019 19:39:24 +0000 Subject: Build completed: openssl master.26180 Message-ID: <20190722193924.1.2EF008681558A7C0@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jul 22 19:44:59 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 22 Jul 2019 19:44:59 +0000 Subject: Still Failing: openssl/openssl#26764 (master - 29ce345) In-Reply-To: Message-ID: <5d36123a95d2b_43fb8bc6357e0233161@0fa68f3b-cc2d-4dd9-8666-0c5e7dc17912.mail> Build Update for openssl/openssl ------------------------------------- Build: #26764 Status: Still Failing Duration: 20 mins and 39 secs Commit: 29ce345 (master) Author: Patrick Steuer Message: Remove superfluous call to OPENSSL_cpuid_setup Signed-off-by: Patrick Steuer Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9417) View the changeset: https://github.com/openssl/openssl/compare/a38c878c2e5e...29ce3458d847 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562248098?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 23 01:19:03 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 01:19:03 +0000 Subject: Build failed: openssl master.26196 Message-ID: <20190723011903.1.A2C5C0DED2866096@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 23 02:09:20 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 02:09:20 +0000 Subject: Build completed: openssl master.26197 Message-ID: <20190723020920.1.55B5CE591BCBCA9F@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 23 02:30:32 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jul 2019 02:30:32 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1563849032.103482.11208.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 29ce3458d8 Remove superfluous call to OPENSSL_cpuid_setup a38c878c2e Change DH parameters to generate the order q subgroup instead of 2q d4c69c69d1 Documentation: add provider-base(7), describing the base functions 2cafb1dff3 Documentation: Move the description of the fetching functions e4c0ec6278 Documentation: Add provider(7), for general description of providers a80278b071 Include deprecated SYS_F_xxx codes 46160e6fb9 Deprecate SYSerr, add new FUNCerr macro 56c3a135b2 Add ERR_put_func_error, and use it. 1372560f64 Allocate DRBG additional data pool from non-secure memory a8f1aabd4b x509: publish X509_PUBKEY_dup 9b977675ad x509: add missing X509 dup functions 227d426554 x509: sort X509 dup functions alphabetically fa9faf0104 Add an internal API to access the KEYMGMT provider functions 4cae07fef3 Add evp_keymgmt_clear_pkey_cache() and use it d0ea49a820 Adapt int_ctx_new() to use with providers 70a1f7b4d7 Add evp_keymgmt_export_to_provider(), for key transfer between providers a94a3e0d91 Add basic EVP_KEYMGMT API and libcrypto <-> provider interface 7312ef3fc4 Add param builder free function. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1647, 244 wallclock secs ( 2.89 usr 0.35 sys + 232.54 cusr 19.16 csys = 254.94 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Tue Jul 23 04:32:42 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jul 2019 04:32:42 +0000 Subject: [openssl] master update Message-ID: <1563856362.904609.22479.nullmailer@dev.openssl.org> The branch master has been updated via da2addc515d547b0d724a4fc730c4345ed713221 (commit) from 29ce3458d8474870805dd1439cf857d19519bfb1 (commit) - Log ----------------------------------------------------------------- commit da2addc515d547b0d724a4fc730c4345ed713221 Author: Richard Levitte Date: Mon Jul 22 10:46:10 2019 +0200 provider-keymgmt(7): Document the KEYMGMT interface Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9429) ----------------------------------------------------------------------- Summary of changes: doc/man7/provider-keymgmt.pod | 178 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 doc/man7/provider-keymgmt.pod diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod new file mode 100644 index 0000000..ed3deaa --- /dev/null +++ b/doc/man7/provider-keymgmt.pod @@ -0,0 +1,178 @@ +=pod + +=head1 NAME + +provider-keymgmt - The KEYMGMT library E-E provider functions + +=head1 SYNOPSIS + + #include + + /* + * None of these are actual functions, but are displayed like this for + * the function signatures for functions that are offered as function + * pointers in OSSL_DISPATCH arrays. + */ + + /* Key domain parameter creation and destruction */ + void *OP_keymgmt_importdomparams(void *provctx, const OSSL_PARAM params[]); + void *OP_keymgmt_gendomparams(void *provctx, const OSSL_PARAM params[]); + void OP_keymgmt_freedomparams(void *domparams); + + /* Key domain parameter export */ + int OP_keymgmt_exportdomparams(void *domparams, OSSL_PARAM params[]); + + /* Key domain parameter discovery */ + const OSSL_PARAM *OP_keymgmt_importdomparam_types(void); + const OSSL_PARAM *OP_keymgmt_exportdomparam_types(void); + + /* Key creation and destruction */ + void *OP_keymgmt_importkey(void *provctx, const OSSL_PARAM params[]); + void *OP_keymgmt_genkey(void *provctx, + void *domparams, const OSSL_PARAM genkeyparams[]); + void *OP_keymgmt_loadkey(void *provctx, void *id, size_t idlen); + void OP_keymgmt_freekey(void *key); + + /* Key export */ + int OP_keymgmt_exportkey(void *key, OSSL_PARAM params[]); + + /* Key discovery */ + const OSSL_PARAM *OP_keymgmt_importkey_types(void); + const OSSL_PARAM *OP_keymgmt_exportkey_types(void); + +=head1 DESCRIPTION + +The KEYMGMT operation doesn't have much public visibility in OpenSSL +libraries, it's rather an internal operation that's designed to work +in tandem with operations that use private/public key pairs. + +Because the KEYMGMT operation shares knowledge with the operations it +works with in tandem, they must belong to the same provider. +The OpenSSL libraries will ensure that they do. + +The primary responsibility of the KEYMGMT operation is to hold the +provider side domain parameters and keys for the OpenSSL library +EVP_PKEY structure. + +All "functions" mentioned here are passed as function pointers between +F and the provider in B arrays via +B arrays that are returned by the provider's +provider_query_operation() function +(see L). + +All these "functions" have a corresponding function type definition +named B, and a helper function to retrieve the +function pointer from a B element named +B. +For example, the "function" OP_keymgmt_importdomparams() has these: + + typedef void * + (OSSL_OP_keymgmt_importdomparams_fn)(void *provctx, + const OSSL_PARAM params[]); + static ossl_inline OSSL_NAME_keymgmt_importdomparams_fn + OSSL_get_OP_keymgmt_importdomparams(const OSSL_DISPATCH *opf); + +B arrays are indexed by numbers that are provided as +macros in L, as follows: + + OP_keymgmt_importdomparams OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS + OP_keymgmt_gendomparams OSSL_FUNC_KEYMGMT_GENDOMPARAMS + OP_keymgmt_freedomparams OSSL_FUNC_KEYMGMT_FREEDOMPARAMS + OP_keymgmt_exportdomparams OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS + OP_keymgmt_importdomparam_types OSSL_FUNC_KEYMGMT_IMPORTDOMPARAM_TYPES + OP_keymgmt_exportdomparam_types OSSL_FUNC_KEYMGMT_EXPORTDOMPARAM_TYPES + + OP_keymgmt_importkey OSSL_FUNC_KEYMGMT_IMPORTKEY + OP_keymgmt_genkey OSSL_FUNC_KEYMGMT_GENKEY + OP_keymgmt_loadkey OSSL_FUNC_KEYMGMT_LOADKEY + OP_keymgmt_freekey OSSL_FUNC_KEYMGMT_FREEKEY + OP_keymgmt_exportkey OSSL_FUNC_KEYMGMT_EXPORTKEY + OP_keymgmt_importkey_types OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES + OP_keymgmt_exportkey_types OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES + +=head2 Domain Parameter Functions + +OP_keymgmt_importdomparams() should create a provider side structure +for domain parameters, with values taken from the passed B +array I. + +OP_keymgmt_gendomparams() should generate domain parameters and create +a provider side structure for them. +Values of the passed B array I should be used as +input for parameter generation. + +OP_keymgmt_freedomparams() should free the passed provider side domain +parameter structure I. + +OP_keymgmt_exportdomparams() should extract values from the passed +provider side domain parameter structure I into the passed +B I. +Only the values specified in I should be extracted. + +OP_keymgmt_importdomparam_types() should return a constant array of +descriptor B, for parameters that OP_keymgmt_importdomparams() +can handle. + +=for comment There should be one corresponding to OP_keymgmt_gendomparams() +as well... + +OP_keymgmt_exportdomparam_types() should return a constant array of +descriptor B, for parameters that can be exported with +OP_keymgmt_exportdomparams(). + +=head2 Key functions + +OP_keymgmt_importkey() should create a provider side structure +for keys, with values taken from the passed B array +I. + +OP_keymgmt_genkey() should generate keys and create a provider side +structure for them. +Values from the passed domain parameters I as well as from +the passed B array I should be used as input for +key generation. + +OP_keymgmt_loadkey() should return a provider side key structure with +a key loaded from a location known only to the provider, identitified +with the identity I of size I. +This identity is internal to the provider and is retrieved from the +provider through other means. + +=for comment Right now, OP_keymgmt_loadkey is useless, but will be +useful as soon as we have a OSSL_STORE interface + +OP_keymgmt_freekey() should free the passed I. + +OP_keymgmt_exportkey() should extract values from the passed +provider side key I into the passed B I. +Only the values specified in I should be extracted. + +OP_keymgmt_importkey_types() should return a constant array of +descriptor B, for parameters that OP_keymgmt_importkey() +can handle. + +=for comment There should be one corresponding to OP_keymgmt_genkey() +as well... + +OP_keymgmt_exportkey_types() should return a constant array of +descriptor B, for parameters that can be exported with +OP_keymgmt_exportkeys(). + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The KEYMGMT interface was introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut From levitte at openssl.org Tue Jul 23 04:38:38 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jul 2019 04:38:38 +0000 Subject: [openssl] master update Message-ID: <1563856718.089464.23238.nullmailer@dev.openssl.org> The branch master has been updated via b8441adb593392e224eccc95495e9a7451d04821 (commit) via c540f00f383754fa490be76c2c3398ccd4d2a869 (commit) via 3d96a51c09296cb5c283efb5681105a7691e6fbc (commit) via 84d167f6eb1c3cb3cf9092122349967f717c56ca (commit) via a883c02faa2549c98256577fd881af17b95444cf (commit) via b37066fdf731dc186f87d816c59ea412418f3d9d (commit) via 1d2622d4f357a7994cf6fdc3fdba27317a6a6597 (commit) via c750bc08516f1273751ba03fa533e3eb2418b92d (commit) via 6b9e37246d5fd8e701b825c71fa1a018916af33c (commit) from da2addc515d547b0d724a4fc730c4345ed713221 (commit) - Log ----------------------------------------------------------------- commit b8441adb593392e224eccc95495e9a7451d04821 Author: Richard Levitte Date: Sat Jul 13 07:04:01 2019 +0200 Re-implement the cipher and digest listings for 'openssl list' They now display both legacy and provided algorithms. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit c540f00f383754fa490be76c2c3398ccd4d2a869 Author: Richard Levitte Date: Sat Jul 13 07:02:54 2019 +0200 Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit 3d96a51c09296cb5c283efb5681105a7691e6fbc Author: Richard Levitte Date: Sat Jul 13 06:53:44 2019 +0200 Add internal function evp_generic_do_all() This function is used to traverse all algorithm implementations for a given operation type, and execute the given function for each of them. For each algorithm implementation, a method is created and passed to the given function, and then freed after that function's return. If the caller wishes to keep the method for longer, they must call the appropriate up_ref function on the method, and they must also make sure to free the passed methods at some point. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit 84d167f6eb1c3cb3cf9092122349967f717c56ca Author: Richard Levitte Date: Wed Jul 10 23:14:03 2019 +0200 Refactor ossl_method_construct() in terms of ossl_algorithm_do_all() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit a883c02faa2549c98256577fd881af17b95444cf Author: Richard Levitte Date: Wed Jul 10 23:11:27 2019 +0200 Add internal function ossl_algorithm_do_all() This function is used to traverse all the implementations provided by one provider, or all implementation for a specific operation across all loaded providers, or both, and execute a given function for each occurence. This will be used by ossl_method_construct(), but also by information processing functions. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit b37066fdf731dc186f87d816c59ea412418f3d9d Author: Richard Levitte Date: Wed Jul 10 23:00:22 2019 +0200 Add OSSL_PROVIDER_name() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit 1d2622d4f357a7994cf6fdc3fdba27317a6a6597 Author: Richard Levitte Date: Wed Jul 10 22:59:07 2019 +0200 Add EVP_MD_provider() and EVP_CIPHER_provider() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit c750bc08516f1273751ba03fa533e3eb2418b92d Author: Richard Levitte Date: Wed Jul 10 22:24:00 2019 +0200 Re-implement EVP_MD_name() and EVP_CIPHER_name() as functions They will do the same as usual for non-provider algorithms implementations, but can handle provider implementations as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) commit 6b9e37246d5fd8e701b825c71fa1a018916af33c Author: Richard Levitte Date: Wed Jul 10 22:22:16 2019 +0200 Add a mechnism to save the name of fetched methods This will be useful for information display, as well as for code that want to check the name of an algorithm. This can eventually replace all NID checks. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) ----------------------------------------------------------------------- Summary of changes: apps/list.c | 97 +++++++++++++++++++++++++++-- crypto/build.info | 3 +- crypto/core_algorithm.c | 75 ++++++++++++++++++++++ crypto/core_fetch.c | 78 ++++++++++------------- crypto/evp/cmeth_lib.c | 1 + crypto/evp/digest.c | 17 ++++- crypto/evp/evp_enc.c | 18 +++++- crypto/evp/evp_fetch.c | 46 +++++++++++++- crypto/evp/evp_lib.c | 33 ++++++++++ crypto/evp/evp_locl.h | 13 +++- crypto/evp/exchange.c | 10 ++- crypto/evp/keymgmt_meth.c | 9 ++- crypto/include/internal/evp_int.h | 2 + crypto/provider.c | 5 ++ doc/internal/man3/ossl_algorithm_do_all.pod | 63 +++++++++++++++++++ doc/man1/list.pod | 4 ++ doc/man3/EVP_DigestInit.pod | 36 +++++++++-- doc/man3/EVP_EncryptInit.pod | 24 ++++++- doc/man3/OSSL_PROVIDER.pod | 6 +- include/internal/core.h | 7 +++ include/openssl/core_numbers.h | 3 + include/openssl/evp.h | 14 ++++- include/openssl/provider.h | 3 + util/libcrypto.num | 7 +++ util/private.num | 1 + 25 files changed, 503 insertions(+), 72 deletions(-) create mode 100644 crypto/core_algorithm.c create mode 100644 doc/internal/man3/ossl_algorithm_do_all.pod diff --git a/apps/list.c b/apps/list.c index 8e4f005..5f05fb9 100644 --- a/apps/list.c +++ b/apps/list.c @@ -10,6 +10,8 @@ #include #include #include +#include +#include #include "apps.h" #include "progs.h" #include "opt.h" @@ -18,28 +20,111 @@ static void list_cipher_fn(const EVP_CIPHER *c, const char *from, const char *to, void *arg) { if (c != NULL) { - BIO_printf(arg, "%s\n", EVP_CIPHER_name(c)); + BIO_printf(arg, " %s\n", EVP_CIPHER_name(c)); } else { if (from == NULL) from = ""; if (to == NULL) to = ""; - BIO_printf(arg, "%s => %s\n", from, to); + BIO_printf(arg, " %s => %s\n", from, to); + } +} + +DEFINE_STACK_OF(EVP_CIPHER) +static int cipher_cmp(const EVP_CIPHER * const *a, + const EVP_CIPHER * const *b) +{ + int ret = strcasecmp(EVP_CIPHER_name(*a), EVP_CIPHER_name(*b)); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(EVP_CIPHER_provider(*a)), + OSSL_PROVIDER_name(EVP_CIPHER_provider(*b))); + + return ret; +} + +static void collect_ciphers(EVP_CIPHER *cipher, void *stack) +{ + STACK_OF(EVP_CIPHER) *cipher_stack = stack; + + sk_EVP_CIPHER_push(cipher_stack, cipher); + EVP_CIPHER_up_ref(cipher); +} + +static void list_ciphers(void) +{ + STACK_OF(EVP_CIPHER) *ciphers = sk_EVP_CIPHER_new(cipher_cmp); + int i; + + BIO_printf(bio_out, "Legacy:\n"); + EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out); + + BIO_printf(bio_out, "Provided:\n"); + EVP_CIPHER_do_all_ex(NULL, collect_ciphers, ciphers); + sk_EVP_CIPHER_sort(ciphers); + for (i = 0; i < sk_EVP_CIPHER_num(ciphers); i++) { + const EVP_CIPHER *c = sk_EVP_CIPHER_value(ciphers, i); + + BIO_printf(bio_out, " %s", EVP_CIPHER_name(c)); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_name(EVP_CIPHER_provider(c))); } + sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_meth_free); } static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) { if (m != NULL) { - BIO_printf(arg, "%s\n", EVP_MD_name(m)); + BIO_printf(arg, " %s\n", EVP_MD_name(m)); } else { if (from == NULL) from = ""; if (to == NULL) to = ""; - BIO_printf((BIO *)arg, "%s => %s\n", from, to); + BIO_printf((BIO *)arg, " %s => %s\n", from, to); + } +} + +DEFINE_STACK_OF(EVP_MD) +static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b) +{ + int ret = strcasecmp(EVP_MD_name(*a), EVP_MD_name(*b)); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(EVP_MD_provider(*a)), + OSSL_PROVIDER_name(EVP_MD_provider(*b))); + + return ret; +} + +static void collect_digests(EVP_MD *md, void *stack) +{ + STACK_OF(EVP_MD) *digest_stack = stack; + + sk_EVP_MD_push(digest_stack, md); + EVP_MD_up_ref(md); +} + +static void list_digests(void) +{ + STACK_OF(EVP_MD) *digests = sk_EVP_MD_new(md_cmp); + int i; + + BIO_printf(bio_out, "Legacy:\n"); + EVP_MD_do_all_sorted(list_md_fn, bio_out); + + BIO_printf(bio_out, "Provided:\n"); + EVP_MD_do_all_ex(NULL, collect_digests, digests); + sk_EVP_MD_sort(digests); + for (i = 0; i < sk_EVP_MD_num(digests); i++) { + const EVP_MD *c = sk_EVP_MD_value(digests, i); + + BIO_printf(bio_out, " %s", EVP_MD_name(c)); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_name(EVP_MD_provider(c))); } + sk_EVP_MD_pop_free(digests, EVP_MD_meth_free); } static void list_mac_fn(const EVP_MAC *m, @@ -450,7 +535,7 @@ opthelp: list_type(FT_md, one); break; case OPT_DIGEST_ALGORITHMS: - EVP_MD_do_all_sorted(list_md_fn, bio_out); + list_digests(); break; case OPT_MAC_ALGORITHMS: EVP_MAC_do_all_sorted(list_mac_fn, bio_out); @@ -459,7 +544,7 @@ opthelp: list_type(FT_cipher, one); break; case OPT_CIPHER_ALGORITHMS: - EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out); + list_ciphers(); break; case OPT_PK_ALGORITHMS: list_pkey(); diff --git a/crypto/build.info b/crypto/build.info index 088ec87..3f9eb52 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -59,7 +59,8 @@ IF[{- !$disabled{asm} && $config{processor} ne '386' -}] ENDIF # The Core -$CORE_COMMON=provider_core.c provider_predefined.c core_fetch.c core_namemap.c +$CORE_COMMON=provider_core.c provider_predefined.c \ + core_fetch.c core_algorithm.c core_namemap.c SOURCE[../libcrypto]=$CORE_COMMON provider_conf.c SOURCE[../providers/fips]=$CORE_COMMON diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c new file mode 100644 index 0000000..f88a045 --- /dev/null +++ b/crypto/core_algorithm.c @@ -0,0 +1,75 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/core.h" +#include "internal/property.h" +#include "internal/provider.h" + +struct algorithm_data_st { + OPENSSL_CTX *libctx; + int operation_id; /* May be zero for finding them all */ + void (*fn)(OSSL_PROVIDER *, const OSSL_ALGORITHM *, int no_store, + void *data); + void *data; +}; + +static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) +{ + struct algorithm_data_st *data = cbdata; + int no_store = 0; /* Assume caching is ok */ + int first_operation = 1; + int last_operation = OSSL_OP__HIGHEST; + int cur_operation; + int ok = 0; + + if (data->operation_id != 0) + first_operation = last_operation = data->operation_id; + + for (cur_operation = first_operation; + cur_operation <= last_operation; + cur_operation++) { + const OSSL_ALGORITHM *map = + ossl_provider_query_operation(provider, data->operation_id, + &no_store); + + if (map == NULL) + break; + + ok = 1; /* As long as we've found *something* */ + while (map->algorithm_name != NULL) { + const OSSL_ALGORITHM *thismap = map++; + + data->fn(provider, thismap, no_store, data->data); + } + } + + return ok; +} + +void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + void *data) +{ + struct algorithm_data_st cbdata; + + cbdata.libctx = libctx; + cbdata.operation_id = operation_id; + cbdata.fn = fn; + cbdata.data = data; + + if (provider == NULL) + ossl_provider_forall_loaded(libctx, algorithm_do_this, &cbdata); + else + algorithm_do_this(provider, &cbdata); +} diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index 56a3c5c..c1c8158 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -24,55 +24,45 @@ struct construct_data_st { void *mcm_data; }; -static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) +static void ossl_method_construct_this(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *cbdata) { struct construct_data_st *data = cbdata; - int no_store = 0; /* Assume caching is ok */ - const OSSL_ALGORITHM *map = - ossl_provider_query_operation(provider, data->operation_id, &no_store); - - if (map == NULL) - return 0; - - while (map->algorithm_name != NULL) { - const OSSL_ALGORITHM *thismap = map++; - void *method = NULL; - - if ((method = data->mcm->construct(thismap->algorithm_name, - thismap->implementation, provider, - data->mcm_data)) == NULL) - continue; + void *method = NULL; + if ((method = data->mcm->construct(algo->algorithm_name, + algo->implementation, provider, + data->mcm_data)) == NULL) + return; + + /* + * Note regarding putting the method in stores: + * + * we don't need to care if it actually got in or not here. + * If it didn't get in, it will simply not be available when + * ossl_method_construct() tries to get it from the store. + * + * It is *expected* that the put function increments the refcnt + * of the passed method. + */ + + if (data->force_store || !no_store) { /* - * Note regarding putting the method in stores: - * - * we don't need to care if it actually got in or not here. - * If it didn't get in, it will simply not be available when - * ossl_method_construct() tries to get it from the store. - * - * It is *expected* that the put function increments the refcnt - * of the passed method. + * If we haven't been told not to store, + * add to the global store */ - - if (data->force_store || !no_store) { - /* - * If we haven't been told not to store, - * add to the global store - */ - data->mcm->put(data->libctx, NULL, method, data->operation_id, - thismap->algorithm_name, - thismap->property_definition, data->mcm_data); - } - - data->mcm->put(data->libctx, data->store, method, data->operation_id, - thismap->algorithm_name, thismap->property_definition, - data->mcm_data); - - /* refcnt-- because we're dropping the reference */ - data->mcm->destruct(method, data->mcm_data); + data->mcm->put(data->libctx, NULL, method, data->operation_id, + algo->algorithm_name, + algo->property_definition, data->mcm_data); } - return 1; + data->mcm->put(data->libctx, data->store, method, data->operation_id, + algo->algorithm_name, algo->property_definition, + data->mcm_data); + + /* refcnt-- because we're dropping the reference */ + data->mcm->destruct(method, data->mcm_data); } void *ossl_method_construct(OPENSSL_CTX *libctx, int operation_id, @@ -99,8 +89,8 @@ void *ossl_method_construct(OPENSSL_CTX *libctx, int operation_id, cbdata.force_store = force_store; cbdata.mcm = mcm; cbdata.mcm_data = mcm_data; - ossl_provider_forall_loaded(libctx, ossl_method_construct_this, - &cbdata); + ossl_algorithm_do_all(libctx, operation_id, NULL, + ossl_method_construct_this, &cbdata); method = mcm->get(libctx, cbdata.store, operation_id, name, propquery, mcm_data); diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 40aca34..51c9b6e 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -55,6 +55,7 @@ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) if (i > 0) return; ossl_provider_free(cipher->prov); + OPENSSL_free(cipher->name); CRYPTO_THREAD_lock_free(cipher->lock); OPENSSL_free(cipher); } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 65b12e3..78e8756 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -577,15 +577,19 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) return 0; } -static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, +static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_MD *md = NULL; int fncnt = 0; /* EVP_MD_fetch() will set the legacy NID if available */ - if ((md = EVP_MD_meth_new(NID_undef, NID_undef)) == NULL) + if ((md = EVP_MD_meth_new(NID_undef, NID_undef)) == NULL + || (md->name = OPENSSL_strdup(name)) == NULL) { + EVP_MD_meth_free(md); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; + } for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -697,3 +701,12 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, return md; } + +void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_MD *mac, void *arg), + void *arg) +{ + evp_generic_do_all(libctx, OSSL_OP_DIGEST, + (void (*)(void *, void *))fn, arg, + evp_md_from_dispatch, evp_md_free); +} diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index c1f7e77..0873bae 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1127,7 +1127,8 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 1; } -static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns, +static void *evp_cipher_from_dispatch(const char *name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_CIPHER *cipher = NULL; @@ -1137,8 +1138,12 @@ static void *evp_cipher_from_dispatch(const OSSL_DISPATCH *fns, * The legacy NID is set by EVP_CIPHER_fetch() if the name exists in * the object database. */ - if ((cipher = EVP_CIPHER_meth_new(0, 0, 0)) == NULL) + if ((cipher = EVP_CIPHER_meth_new(0, 0, 0)) == NULL + || (cipher->name = OPENSSL_strdup(name)) == NULL) { + EVP_CIPHER_meth_free(cipher); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; + } for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -1258,3 +1263,12 @@ EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, return cipher; } + +void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *mac, void *arg), + void *arg) +{ + evp_generic_do_all(libctx, OSSL_OP_CIPHER, + (void (*)(void *, void *))fn, arg, + evp_cipher_from_dispatch, evp_cipher_free); +} diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 0c25f0d..5c100dd 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -40,7 +40,8 @@ struct method_data_st { OPENSSL_CTX *libctx; const char *name; OSSL_METHOD_CONSTRUCT_METHOD *mcm; - void *(*method_from_dispatch)(const OSSL_DISPATCH *, OSSL_PROVIDER *); + void *(*method_from_dispatch)(const char *, const OSSL_DISPATCH *, + OSSL_PROVIDER *); int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); }; @@ -143,7 +144,7 @@ static void *construct_method(const char *name, const OSSL_DISPATCH *fns, { struct method_data_st *methdata = data; - return methdata->method_from_dispatch(fns, prov); + return methdata->method_from_dispatch(name, fns, prov); } static void destruct_method(void *method, void *data) @@ -155,7 +156,8 @@ static void destruct_method(void *method, void *data) void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, const char *name, const char *properties, - void *(*new_method)(const OSSL_DISPATCH *fns, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*up_ref_method)(void *), void (*free_method)(void *)) @@ -234,3 +236,41 @@ int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR); return 0; } + +struct do_all_data_st { + void (*user_fn)(void *method, void *arg); + void *user_arg; + void *(*new_method)(const char *name, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov); + void (*free_method)(void *); +}; + +static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, + int no_store, void *vdata) +{ + struct do_all_data_st *data = vdata; + void *method = data->new_method(algo->algorithm_name, + algo->implementation, provider); + + if (method != NULL) { + data->user_fn(method, data->user_arg); + data->free_method(method); + } +} + +void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, + void (*user_fn)(void *method, void *arg), + void *user_arg, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov), + void (*free_method)(void *)) +{ + struct do_all_data_st data; + + data.new_method = new_method; + data.free_method = free_method; + data.user_fn = user_fn; + data.user_arg = user_arg; + ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data); +} diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 47bbb2b..0825c10 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -415,6 +415,22 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) return ctx->cipher->nid; } +const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) +{ + if (cipher->prov != NULL) + return cipher->name; +#ifndef FIPS_MODE + return OBJ_nid2sn(EVP_CIPHER_nid(cipher)); +#else + return NULL; +#endif +} + +const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher) +{ + return cipher->prov; +} + int EVP_CIPHER_mode(const EVP_CIPHER *cipher) { int ok, v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; @@ -426,6 +442,22 @@ int EVP_CIPHER_mode(const EVP_CIPHER *cipher) return ok != 0 ? v : 0; } +const char *EVP_MD_name(const EVP_MD *md) +{ + if (md->prov != NULL) + return md->name; +#ifndef FIPS_MODE + return OBJ_nid2sn(EVP_MD_nid(md)); +#else + return NULL; +#endif +} + +const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md) +{ + return md->prov; +} + int EVP_MD_block_size(const EVP_MD *md) { if (md == NULL) { @@ -513,6 +545,7 @@ void EVP_MD_meth_free(EVP_MD *md) if (i > 0) return; ossl_provider_free(md->prov); + OPENSSL_free(md->name); CRYPTO_THREAD_lock_free(md->lock); OPENSSL_free(md); } diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 740c159..ce46163 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -65,7 +65,7 @@ struct evp_kdf_ctx_st { struct evp_keymgmt_st { int id; /* libcrypto internal */ - const char *name; + char *name; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; @@ -89,6 +89,7 @@ struct evp_keymgmt_st { } /* EVP_KEYMGMT */ ; struct evp_keyexch_st { + char *name; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; @@ -133,10 +134,18 @@ int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, const char *algorithm, const char *properties, - void *(*new_method)(const OSSL_DISPATCH *fns, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*up_ref_method)(void *), void (*free_method)(void *)); +void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, + void (*user_fn)(void *method, void *arg), + void *user_arg, + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov), + void (*free_method)(void *)); /* Helper functions to avoid duplicating code */ diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 208bb98..d8afcbd 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -31,14 +31,19 @@ static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov) return exchange; } -static void *evp_keyexch_from_dispatch(const OSSL_DISPATCH *fns, +static void *evp_keyexch_from_dispatch(const char *name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_KEYEXCH *exchange = NULL; int fncnt = 0; - if ((exchange = evp_keyexch_new(prov)) == NULL) + if ((exchange = evp_keyexch_new(prov)) == NULL + || (exchange->name = OPENSSL_strdup(name)) == NULL) { + EVP_KEYEXCH_free(exchange); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; + } for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -108,6 +113,7 @@ void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange) if (i > 0) return; ossl_provider_free(exchange->prov); + OPENSSL_free(exchange->name); CRYPTO_THREAD_lock_free(exchange->lock); OPENSSL_free(exchange); } diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 9723820..67c33eb 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -24,6 +24,7 @@ static void *keymgmt_new(void) if ((keymgmt = OPENSSL_zalloc(sizeof(*keymgmt))) == NULL || (keymgmt->lock = CRYPTO_THREAD_lock_new()) == NULL) { EVP_KEYMGMT_free(keymgmt); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } @@ -32,13 +33,16 @@ static void *keymgmt_new(void) return keymgmt; } -static void *keymgmt_from_dispatch(const OSSL_DISPATCH *fns, +static void *keymgmt_from_dispatch(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_KEYMGMT *keymgmt = NULL; - if ((keymgmt = keymgmt_new()) == NULL) + if ((keymgmt = keymgmt_new()) == NULL + || (keymgmt->name = OPENSSL_strdup(name)) == NULL) { + EVP_KEYMGMT_free(keymgmt); return NULL; + } for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -178,6 +182,7 @@ void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt) if (ref > 0) return; ossl_provider_free(keymgmt->prov); + OPENSSL_free(keymgmt->name); CRYPTO_THREAD_lock_free(keymgmt->lock); OPENSSL_free(keymgmt); } diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 50ed933..9d87898 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -201,6 +201,7 @@ struct evp_md_st { /* New structure members */ /* TODO(3.0): Remove above comment when legacy has gone */ + char *name; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; @@ -251,6 +252,7 @@ struct evp_cipher_st { /* New structure members */ /* TODO(3.0): Remove above comment when legacy has gone */ + char *name; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; diff --git a/crypto/provider.c b/crypto/provider.c index 4e21bfe..8c9c6da 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -68,3 +68,8 @@ int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, return 1; } + +const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov) +{ + return ossl_provider_name(prov); +} diff --git a/doc/internal/man3/ossl_algorithm_do_all.pod b/doc/internal/man3/ossl_algorithm_do_all.pod new file mode 100644 index 0000000..6ef85a7 --- /dev/null +++ b/doc/internal/man3/ossl_algorithm_do_all.pod @@ -0,0 +1,63 @@ +=pod + +=head1 NAME + +ossl_algorithm_do_all - generic algorithm implementation iterator + +=head1 SYNOPSIS + + void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + void *data) + +=head1 DESCRIPTION + +ossl_algorithm_do_all() looks up every algorithm it can find, given a +library context I, an operation identity I and a +provider I. +I may be NULL to signify that the default library context should +be used. +I may be zero to signify that all kinds of operations +will be looked up. +I may be NULL to signify that all loaded providers will be +queried. + +For each implementation found, the function I is called with the +I for the implementation, the algorithm descriptor I, +the flag I indicating whether the algorithm descriptor may +be remembered or not, and the caller I that was passed to +ossl_algorithm_do_all(). + +=head1 RETURN VALUES + +ossl_algorithm_do_all() doesn't return any value. + +=head1 NOTES + +The function described here are mainly useful for discovery, and +possibly display of what has been discovered, for example an +application that wants to display the loaded providers and what they +may offer, but also for constructors, such as +L. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use this +file except in compliance with the License. You can obtain a copy in the file +LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man1/list.pod b/doc/man1/list.pod index 901a266..1e4d7cd 100644 --- a/doc/man1/list.pod +++ b/doc/man1/list.pod @@ -53,6 +53,8 @@ as input to the L or L commands. Display a list of message digest algorithms. If a line is of the form C bar> then B is an alias for the official algorithm name, B. +If a line is of the form C, then B is provided by the provider +B. =item B<-mac-algorithms> @@ -70,6 +72,8 @@ to the L or L commands. Display a list of cipher algorithms. If a line is of the form C bar> then B is an alias for the official algorithm name, B. +If a line is of the form C, then B is provided by the provider +B. =item B<-public-key-algorithms> diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 6f36f0a..226bc46 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -8,12 +8,16 @@ EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_param EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_name, EVP_MD_provider, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_name, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, -EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines +EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_do_all_ex +- EVP digest routines =head1 SYNOPSIS @@ -45,6 +49,8 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); + const char *EVP_MD_name(const EVP_MD *md); + const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); int EVP_MD_type(const EVP_MD *md); int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); @@ -52,6 +58,7 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); + const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx); int EVP_MD_CTX_size(const EVP_MD *ctx); int EVP_MD_CTX_block_size(const EVP_MD *ctx); int EVP_MD_CTX_type(const EVP_MD *ctx); @@ -71,6 +78,10 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); + void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_MD *mac, void *arg), + void *arg); + =head1 DESCRIPTION The EVP digest routines are a high level interface to message digests, @@ -184,6 +195,16 @@ automatically cleaned up. Similar to EVP_MD_CTX_copy_ex() except the destination B does not have to be initialized. +=item EVP_MD_name(), +EVP_MD_CTX_name() + +Return the name of the given message digest. + +=item EVP_MD_provider() + +Returns an B pointer to the provider that implements the given +B. + =item EVP_MD_size(), EVP_MD_CTX_size() @@ -266,6 +287,13 @@ by the caller. A NULL B pointer is also allowed to clear the B. In such case, freeing the cleared B or not depends on how the B is created. +=item EVP_MD_do_all_ex() + +Traverses all messages digests implemented by all activated providers +in the given library context I, and for each of the implementations, +calls the given function I with the implementation method and the given +I as argument. + =back =head1 PARAMS @@ -433,9 +461,9 @@ implementations of digests to be specified. If digest contexts are not cleaned up after use, memory leaks will occur. -EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), -EVP_get_digestbynid() and EVP_get_digestbyobj() are defined as -macros. +EVP_MD_CTX_name(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), +EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined +as macros. EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration or control. diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index e4fb0c4..43ed7f9 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -26,6 +26,8 @@ EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, +EVP_CIPHER_name, +EVP_CIPHER_provider, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, @@ -34,6 +36,7 @@ EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_name, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, @@ -46,7 +49,8 @@ EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, -EVP_enc_null +EVP_enc_null, +EVP_CIPHER_do_all_ex - EVP cipher routines =head1 SYNOPSIS @@ -101,6 +105,8 @@ EVP_enc_null const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); int EVP_CIPHER_nid(const EVP_CIPHER *e); + const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); + const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); int EVP_CIPHER_block_size(const EVP_CIPHER *e); int EVP_CIPHER_key_length(const EVP_CIPHER *e); int EVP_CIPHER_iv_length(const EVP_CIPHER *e); @@ -110,6 +116,7 @@ EVP_enc_null const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); + const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); @@ -121,6 +128,10 @@ EVP_enc_null int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *cipher, void *arg), + void *arg); + =head1 DESCRIPTION The EVP cipher routines are a high level interface to certain @@ -255,6 +266,12 @@ IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and identifier or does not have ASN1 support this function will return B. +EVP_CIPHER_name() and EVP_CIPHER_CTX_name() return the name of the passed +cipher or context. + +EVP_CIPHER_provider() returns an B pointer to the provider +that implements the given B. + EVP_CIPHER_CTX_cipher() returns the B structure when passed an B structure. @@ -290,6 +307,11 @@ based on the cipher context. The EVP_CIPHER can provide its own random key generation routine to support keys of a specific form. B must point to a buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length(). +EVP_CIPHER_do_all_ex() traverses all ciphers implemented by all activated +providers in the given library context I, and for each of the +implementations, calls the given function I with the implementation method +and the given I as argument. + =head1 RETURN VALUES EVP_CIPHER_fetch() returns a pointer to a B for success diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 9fe2e18..fec6706 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -4,7 +4,7 @@ OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, OSSL_PROVIDER_get_param_types, OSSL_PROVIDER_get_params, -OSSL_PROVIDER_add_builtin - provider routines +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines =head1 SYNOPSIS @@ -21,6 +21,8 @@ OSSL_PROVIDER_add_builtin - provider routines int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, ossl_provider_init_fn *init_fn); + const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + =head1 DESCRIPTION B is a type that holds internal information about @@ -59,6 +61,8 @@ The caller must prepare the B array before calling this function, and the variables acting as buffers for this parameter array should be filled with data when it returns successfully. +OSSL_PROVIDER_name() returns the name of the given provider. + =head1 RETURN VALUES OSSL_PROVIDER_add() returns 1 on success, or 0 on error. diff --git a/include/internal/core.h b/include/internal/core.h index 3f0cdfa..bd2f9a0 100644 --- a/include/internal/core.h +++ b/include/internal/core.h @@ -51,4 +51,11 @@ void *ossl_method_construct(OPENSSL_CTX *ctx, int operation_id, int force_cache, OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data); +void ossl_algorithm_do_all(OPENSSL_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + void *data); + #endif diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index f45b8f1..905094d 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -324,6 +324,9 @@ OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_params, (void *ctx, OSSL_PARAM params[])) +/* Highest known operation number */ +# define OSSL_OP__HIGHEST 3 + # ifdef __cplusplus } # endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d014a2e..24ad23f 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -449,7 +449,8 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, int EVP_MD_type(const EVP_MD *md); # define EVP_MD_nid(e) EVP_MD_type(e) -# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +const char *EVP_MD_name(const EVP_MD *md); +const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); @@ -461,6 +462,7 @@ int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count)); +# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) @@ -469,7 +471,8 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); int EVP_CIPHER_nid(const EVP_CIPHER *cipher); -# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); +const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); @@ -496,6 +499,7 @@ void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_cipher(c)) # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) # if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) @@ -991,6 +995,9 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, const char *from, const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *cipher, void *arg), + void *arg); void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, const char *from, const char *to, void *x), @@ -998,6 +1005,9 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *ciph, const char *from, const char *to, void *x), void *arg); +void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_MD *md, void *arg), + void *arg); /* MAC stuff */ diff --git a/include/openssl/provider.h b/include/openssl/provider.h index c7f6664..722e83b 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -27,6 +27,9 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, OSSL_provider_init_fn *init_fn); +/* Information */ +const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + # ifdef __cplusplus } # endif diff --git a/util/libcrypto.num b/util/libcrypto.num index e18fdca..b0a7f81 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4691,3 +4691,10 @@ EVP_KEYMGMT_free 4796 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_provider 4797 3_0_0 EXIST::FUNCTION: X509_PUBKEY_dup 4798 3_0_0 EXIST::FUNCTION: ERR_put_func_error 4799 3_0_0 EXIST::FUNCTION: +EVP_MD_name 4800 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_name 4801 3_0_0 EXIST::FUNCTION: +EVP_MD_provider 4802 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_provider 4803 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_name 4804 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_do_all_ex 4805 3_0_0 EXIST::FUNCTION: +EVP_MD_do_all_ex 4806 3_0_0 EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index 3307e3e..1e76dfb 100644 --- a/util/private.num +++ b/util/private.num @@ -201,6 +201,7 @@ EVP_DigestVerifyUpdate define EVP_KDF_name define EVP_MAC_name define EVP_MD_CTX_block_size define +EVP_MD_CTX_name define EVP_MD_CTX_size define EVP_MD_CTX_type define EVP_OpenUpdate define From builds at travis-ci.org Tue Jul 23 04:55:29 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 04:55:29 +0000 Subject: Still Failing: openssl/openssl#26777 (master - da2addc) In-Reply-To: Message-ID: <5d3693414f3f9_43fa3f66ae56c1785f5@05debd11-dac2-4a1a-9fcd-8b2b60fc36e3.mail> Build Update for openssl/openssl ------------------------------------- Build: #26777 Status: Still Failing Duration: 22 mins and 11 secs Commit: da2addc (master) Author: Richard Levitte Message: provider-keymgmt(7): Document the KEYMGMT interface Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9429) View the changeset: https://github.com/openssl/openssl/compare/29ce3458d847...da2addc515d5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562408432?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 23 05:11:57 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 05:11:57 +0000 Subject: Still Failing: openssl/openssl#26778 (master - b8441ad) In-Reply-To: Message-ID: <5d36971d60257_43fe647ee4bd041479d@512d419e-ad31-48b6-bcac-72dadcd21ac1.mail> Build Update for openssl/openssl ------------------------------------- Build: #26778 Status: Still Failing Duration: 28 mins and 8 secs Commit: b8441ad (master) Author: Richard Levitte Message: Re-implement the cipher and digest listings for 'openssl list' They now display both legacy and provided algorithms. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9356) View the changeset: https://github.com/openssl/openssl/compare/da2addc515d5...b8441adb5933 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562409867?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jul 23 05:30:44 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jul 2019 05:30:44 +0000 Subject: [openssl] master update Message-ID: <1563859844.599891.15179.nullmailer@dev.openssl.org> The branch master has been updated via 261750134865150fe72298fd34dc7214c849b926 (commit) via 3efe19145ceaf27d27c45384269fa37aa4f4b57f (commit) from b8441adb593392e224eccc95495e9a7451d04821 (commit) - Log ----------------------------------------------------------------- commit 261750134865150fe72298fd34dc7214c849b926 Author: Richard Levitte Date: Thu Jul 11 12:19:33 2019 +0200 Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9346) commit 3efe19145ceaf27d27c45384269fa37aa4f4b57f Author: Richard Levitte Date: Thu Jul 11 12:18:42 2019 +0200 Describe OSSL_PARAM as a parameter descriptor This affects doc/man3/OSSL_PARAM.pod and doc/man7/openssl-core.h.pod Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9346) ----------------------------------------------------------------------- Summary of changes: crypto/provider.c | 2 +- crypto/provider_core.c | 12 ++++++------ doc/internal/man3/ossl_provider_new.pod | 10 +++++----- doc/man3/OSSL_PARAM.pod | 28 +++++++++++++++++++++++----- doc/man3/OSSL_PROVIDER.pod | 13 +++++-------- doc/man7/openssl-core.h.pod | 4 ++-- include/internal/provider.h | 2 +- include/openssl/core.h | 2 +- include/openssl/core_numbers.h | 4 ++-- include/openssl/provider.h | 2 +- providers/default/defltprov.c | 12 ++++++------ providers/fips/fipsprov.c | 12 ++++++------ test/p_test.c | 8 ++++---- 13 files changed, 63 insertions(+), 48 deletions(-) diff --git a/crypto/provider.c b/crypto/provider.c index 8c9c6da..f81260c 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -35,7 +35,7 @@ int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov) return 1; } -const OSSL_ITEM *OSSL_PROVIDER_get_param_types(const OSSL_PROVIDER *prov) +const OSSL_PARAM *OSSL_PROVIDER_get_param_types(const OSSL_PROVIDER *prov) { return ossl_provider_get_param_types(prov); } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index c16e91d..d96e214 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -680,7 +680,7 @@ void ossl_provider_teardown(const OSSL_PROVIDER *prov) prov->teardown(prov->provctx); } -const OSSL_ITEM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov) +const OSSL_PARAM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov) { return prov->get_param_types == NULL ? NULL : prov->get_param_types(prov->provctx); @@ -712,13 +712,13 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, * discovery. We do not expect that many providers will use this, but one * never knows. */ -static const OSSL_ITEM param_types[] = { - { OSSL_PARAM_UTF8_PTR, "openssl-version" }, - { OSSL_PARAM_UTF8_PTR, "provider-name" }, - { 0, NULL } +static const OSSL_PARAM param_types[] = { + OSSL_PARAM_DEFN("openssl-verstion", OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN("provider-name", OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_END }; -static const OSSL_ITEM *core_get_param_types(const OSSL_PROVIDER *prov) +static const OSSL_PARAM *core_get_param_types(const OSSL_PROVIDER *prov) { return param_types; } diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index cb40cb2..426d953 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -51,7 +51,7 @@ ossl_provider_get_params, ossl_provider_query_operation /* Thin wrappers around calls to the provider */ void ossl_provider_teardown(const OSSL_PROVIDER *prov); - const OSSL_ITEM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov); + const OSSL_PARAM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov); int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, @@ -174,7 +174,7 @@ the provider has one. ossl_provider_get_param_types() calls the provider's I function, if the provider has one. -It should return an array of I to describe all the +It should return an array of I to describe all the parameters that the provider has for the provider object. ossl_provider_get_params() calls the provider's parameter request @@ -235,9 +235,9 @@ is returned. ossl_provider_teardown() doesnt't return any value. -ossl_provider_get_param_types() returns a pointer to an I -array if this function is available in the provider, otherwise -NULL. +ossl_provider_get_param_types() returns a pointer to a constant +I array if this function is available in the provider, +otherwise NULL. ossl_provider_get_params() returns 1 on success, or 0 on error. If this function isn't available in the provider, 0 is returned. diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index 0f6358c..61ff378 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -27,27 +27,37 @@ A typical usage example could be an application that wants to set some parameters for an object, or wants to find out some parameters of an object. -Arrays of this type can be used for two purposes: +Arrays of this type can be used for the following purposes: =over 4 -=item * +=item * Setting parameters for some object -Setting parameters for some object. The caller sets up the C array and calls some function (the I) that has intimate knowledge about the object that can take the data from the C array and assign them in a suitable form for the internal structure of the object. -=item * +=item * Request parameters of some object -Request parameters of some object. The caller (the I) sets up the C array and calls some function (the I) that has intimate knowledge about the object, which can take the internal data of the object and copy (possibly convert) that to the memory prepared by the I and pointed at with the C C. +=item * Request parameter descriptors + +The caller gets an array of constant C, which describe +available parameters and some of their properties; name, data type and +expected data size. +For a detailed description of each field for this use, see the field +descriptions below. + +The caller may then use the information from this descriptor array to +build up its own C array to pass down to a I or +I. + =back =head2 C fields @@ -78,6 +88,11 @@ setting parameters) or shall (when requesting parameters) be stored, and C is its size in bytes. The organization of the data depends on the parameter type and flag. +When the C is used as a parameter descriptor, C +should be ignored. +If C is zero, it means that an arbitrary data size is +accepted, otherwise it specifies the maximum size allowed. + =item C When an array of C is used to request data, the @@ -86,6 +101,9 @@ parameter data. In case the C is too small for the data, the I must still set this field to indicate the minimum data size required. +When the C is used as a parameter descriptor, +C should be ignored. + =back B diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index fec6706..1453fcc 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -15,7 +15,7 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); - const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov); + const OSSL_PARAM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]); int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, @@ -50,11 +50,8 @@ For a provider added with OSSL_PROVIDER_add_builtin(), this simply runs its teardown function. OSSL_PROVIDER_get_param_types() is used to get a provider parameter -descriptor set as an B array. -Each element is a tuple of an B parameter type and a name -in form of a C string. -See L for more information on B and -parameter types. +descriptor set as a constant B array. +See L for more information. OSSL_PROVIDER_get_params() is used to get provider parameter values. The caller must prepare the B array before calling this @@ -72,8 +69,8 @@ success, or B on error. OSSL_PROVIDER_unload() returns 1 on success, or 0 on error. -OSSL_PROVIDER_get_param_types() returns a pointer to a constant array -of B, or NULL if none is provided. +OSSL_PROVIDER_get_param_types() returns a pointer to an array +of constant B, or NULL if none is provided. OSSL_PROVIDER_get_params() returns 1 on success, or 0 on error. diff --git a/doc/man7/openssl-core.h.pod b/doc/man7/openssl-core.h.pod index 7fd4dfb..737293d 100644 --- a/doc/man7/openssl-core.h.pod +++ b/doc/man7/openssl-core.h.pod @@ -69,8 +69,8 @@ It's normally passed in arrays, where the array is terminated with an element where all fields are zero (for non-pointers) or C (for pointers). -These arrays can be used both to set parameters for some object, and -to request parameters. +These arrays can be used to set parameters for some object, to request +parameters, and to describe parameters. C is further described in L diff --git a/include/internal/provider.h b/include/internal/provider.h index 493fbde..fbc60fc 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -62,7 +62,7 @@ const char *ossl_provider_module_path(const OSSL_PROVIDER *prov); /* Thin wrappers around calls to the provider */ void ossl_provider_teardown(const OSSL_PROVIDER *prov); -const OSSL_ITEM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov); +const OSSL_PARAM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov); int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, diff --git a/include/openssl/core.h b/include/openssl/core.h index e9bc489..43e9d0a 100644 --- a/include/openssl/core.h +++ b/include/openssl/core.h @@ -43,7 +43,7 @@ struct ossl_dispatch_st { * tables remain tables with function pointers only. * * This is used whenever we need to pass things like a table of error reason - * codes <-> reason string maps, parameter name <-> parameter type maps, ... + * codes <-> reason string maps, ... * * Usage determines which field works as key if any, rather than field order. * diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 905094d..21f4303 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -58,7 +58,7 @@ extern "C" { */ /* Functions provided by the Core to the provider, reserved numbers 1-1023 */ # define OSSL_FUNC_CORE_GET_PARAM_TYPES 1 -OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *, +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, core_get_param_types,(const OSSL_PROVIDER *prov)) # define OSSL_FUNC_CORE_GET_PARAMS 2 OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov, @@ -132,7 +132,7 @@ OSSL_CORE_MAKE_FUNC(unsigned char *, # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) # define OSSL_FUNC_PROVIDER_GET_PARAM_TYPES 1025 -OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *, +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, provider_get_param_types,(void *provctx)) # define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, diff --git a/include/openssl/provider.h b/include/openssl/provider.h index 722e83b..68d5d10 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -20,7 +20,7 @@ extern "C" { OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); -const OSSL_ITEM *OSSL_PROVIDER_get_param_types(const OSSL_PROVIDER *prov); +const OSSL_PARAM *OSSL_PROVIDER_get_param_types(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); /* Add a built in providers */ diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 18e3a5c..2c25bf7 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -20,14 +20,14 @@ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; static OSSL_core_get_params_fn *c_get_params = NULL; /* Parameters we provide to the core */ -static const OSSL_ITEM deflt_param_types[] = { - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION }, - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO }, - { 0, NULL } +static const OSSL_PARAM deflt_param_types[] = { + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_END }; -static const OSSL_ITEM *deflt_get_param_types(const OSSL_PROVIDER *prov) +static const OSSL_PARAM *deflt_get_param_types(const OSSL_PROVIDER *prov) { return deflt_param_types; } diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index c1fbe4a..50d3c4b 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -80,11 +80,11 @@ static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { /* Parameters we provide to the core */ -static const OSSL_ITEM fips_param_types[] = { - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION }, - { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO }, - { 0, NULL } +static const OSSL_PARAM fips_param_types[] = { + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_END }; /* TODO(3.0): To be removed */ @@ -149,7 +149,7 @@ static int dummy_evp_call(void *provctx) return ret; } -static const OSSL_ITEM *fips_get_param_types(const OSSL_PROVIDER *prov) +static const OSSL_PARAM *fips_get_param_types(const OSSL_PROVIDER *prov) { return fips_param_types; } diff --git a/test/p_test.c b/test/p_test.c index 904b75b..a730530 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -33,16 +33,16 @@ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; static OSSL_core_get_params_fn *c_get_params = NULL; /* Tell the core what params we provide and what type they are */ -static const OSSL_ITEM p_param_types[] = { - { OSSL_PARAM_UTF8_STRING, "greeting" }, - { 0, NULL } +static const OSSL_PARAM p_param_types[] = { + { "greeting", OSSL_PARAM_UTF8_STRING, NULL, 0, 0 }, + { NULL, 0, NULL, 0, 0 } }; /* This is a trick to ensure we define the provider functions correctly */ static OSSL_provider_get_param_types_fn p_get_param_types; static OSSL_provider_get_params_fn p_get_params; -static const OSSL_ITEM *p_get_param_types(void *_) +static const OSSL_PARAM *p_get_param_types(void *_) { return p_param_types; } From no-reply at appveyor.com Tue Jul 23 05:52:50 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 05:52:50 +0000 Subject: Build failed: openssl master.26203 Message-ID: <20190723055250.1.FADF2CF14227ED7C@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 23 05:53:04 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 05:53:04 +0000 Subject: Still Failing: openssl/openssl#26780 (master - 2617501) In-Reply-To: Message-ID: <5d36a0bf8c9d0_43f8bf8f781182255c0@e7cc9cc1-699b-4410-abc5-bec479bc4988.mail> Build Update for openssl/openssl ------------------------------------- Build: #26780 Status: Still Failing Duration: 21 mins and 43 secs Commit: 2617501 (master) Author: Richard Levitte Message: Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9346) View the changeset: https://github.com/openssl/openssl/compare/b8441adb5933...261750134865 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562420723?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 23 06:29:28 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jul 2019 06:29:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1563863368.491831.4071.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 29ce3458d8 Remove superfluous call to OPENSSL_cpuid_setup a38c878c2e Change DH parameters to generate the order q subgroup instead of 2q d4c69c69d1 Documentation: add provider-base(7), describing the base functions 2cafb1dff3 Documentation: Move the description of the fetching functions e4c0ec6278 Documentation: Add provider(7), for general description of providers a80278b071 Include deprecated SYS_F_xxx codes 46160e6fb9 Deprecate SYSerr, add new FUNCerr macro 56c3a135b2 Add ERR_put_func_error, and use it. 1372560f64 Allocate DRBG additional data pool from non-secure memory a8f1aabd4b x509: publish X509_PUBKEY_dup 9b977675ad x509: add missing X509 dup functions 227d426554 x509: sort X509 dup functions alphabetically fa9faf0104 Add an internal API to access the KEYMGMT provider functions 4cae07fef3 Add evp_keymgmt_clear_pkey_cache() and use it d0ea49a820 Adapt int_ctx_new() to use with providers 70a1f7b4d7 Add evp_keymgmt_export_to_provider(), for key transfer between providers a94a3e0d91 Add basic EVP_KEYMGMT API and libcrypto <-> provider interface 7312ef3fc4 Add param builder free function. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:294: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:305: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:311: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:314: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:317: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:402: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:407: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:422: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:435: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:447: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:468: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:469: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:471: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:476: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_memdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:481: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strdup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_strndup': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:511: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:517: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:522: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:527: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:532: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OPENSSL_hexstr2buf': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:537: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:542: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:64: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:71: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:152: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:157: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:162: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:165: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:168: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:259: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7175: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Tue Jul 23 06:42:49 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 06:42:49 +0000 Subject: Build completed: openssl master.26204 Message-ID: <20190723064249.1.66AB67EE510C725C@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Jul 23 06:55:10 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jul 2019 06:55:10 +0000 Subject: [openssl] master update Message-ID: <1563864910.505617.21332.nullmailer@dev.openssl.org> The branch master has been updated via 82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6 (commit) from 261750134865150fe72298fd34dc7214c849b926 (commit) - Log ----------------------------------------------------------------- commit 82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6 Author: Pauli Date: Tue Jul 23 16:54:52 2019 +1000 Avoid double clearing some BIGNUMs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9438) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 17293ed..5719a00 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -142,10 +142,12 @@ int BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } -static void bn_free_d(BIGNUM *a) +static void bn_free_d(BIGNUM *a, int clear) { if (BN_get_flags(a, BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); + OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0])); + else if (clear != 0) + OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0])); else OPENSSL_free(a->d); } @@ -155,10 +157,8 @@ void BN_clear_free(BIGNUM *a) { if (a == NULL) return; - if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - bn_free_d(a); - } + if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) + bn_free_d(a, 1); if (BN_get_flags(a, BN_FLG_MALLOCED)) { OPENSSL_cleanse(a, sizeof(*a)); OPENSSL_free(a); @@ -170,7 +170,7 @@ void BN_free(BIGNUM *a) if (a == NULL) return; if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a); + bn_free_d(a, 0); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); } @@ -248,10 +248,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *a = bn_expand_internal(b, words); if (!a) return NULL; - if (b->d) { - OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); - bn_free_d(b); - } + if (b->d != NULL) + bn_free_d(b, 1); b->d = a; b->dmax = words; } From pauli at openssl.org Tue Jul 23 06:55:52 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jul 2019 06:55:52 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563864952.158737.23012.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 8e747338593f3bafe9798226cddf4edf36bc2de9 (commit) from 12bd8f46311dda094e8b9f0be46d4053410894cb (commit) - Log ----------------------------------------------------------------- commit 8e747338593f3bafe9798226cddf4edf36bc2de9 Author: Pauli Date: Tue Jul 23 16:54:52 2019 +1000 Avoid double clearing some BIGNUMs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9438) (cherry picked from commit 82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index f93bbcf..279d9c2 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -142,10 +142,12 @@ int BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } -static void bn_free_d(BIGNUM *a) +static void bn_free_d(BIGNUM *a, int clear) { if (BN_get_flags(a, BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); + OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0])); + else if (clear != 0) + OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0])); else OPENSSL_free(a->d); } @@ -155,10 +157,8 @@ void BN_clear_free(BIGNUM *a) { if (a == NULL) return; - if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - bn_free_d(a); - } + if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) + bn_free_d(a, 1); if (BN_get_flags(a, BN_FLG_MALLOCED)) { OPENSSL_cleanse(a, sizeof(*a)); OPENSSL_free(a); @@ -170,7 +170,7 @@ void BN_free(BIGNUM *a) if (a == NULL) return; if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a); + bn_free_d(a, 0); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); } @@ -248,10 +248,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *a = bn_expand_internal(b, words); if (!a) return NULL; - if (b->d) { - OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); - bn_free_d(b); - } + if (b->d != NULL) + bn_free_d(b, 1); b->d = a; b->dmax = words; } From builds at travis-ci.org Tue Jul 23 07:14:23 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 07:14:23 +0000 Subject: Still Failing: openssl/openssl#26782 (master - 82925f9) In-Reply-To: Message-ID: <5d36b3cecd5da_43fe5f697dc24185375@5b5110fe-4464-408d-bfda-a131d0815725.mail> Build Update for openssl/openssl ------------------------------------- Build: #26782 Status: Still Failing Duration: 18 mins and 32 secs Commit: 82925f9 (master) Author: Pauli Message: Avoid double clearing some BIGNUMs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9438) View the changeset: https://github.com/openssl/openssl/compare/261750134865...82925f9dd049 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562440293?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 23 07:25:39 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 07:25:39 +0000 Subject: Errored: openssl/openssl#26783 (OpenSSL_1_1_1-stable - 8e74733) In-Reply-To: Message-ID: <5d36b672bd069_43fa3f66b644c200183@05debd11-dac2-4a1a-9fcd-8b2b60fc36e3.mail> Build Update for openssl/openssl ------------------------------------- Build: #26783 Status: Errored Duration: 23 mins and 17 secs Commit: 8e74733 (OpenSSL_1_1_1-stable) Author: Pauli Message: Avoid double clearing some BIGNUMs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9438) (cherry picked from commit 82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6) View the changeset: https://github.com/openssl/openssl/compare/12bd8f46311d...8e747338593f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562440416?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Jul 23 08:07:46 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jul 2019 08:07:46 +0000 Subject: [openssl] master update Message-ID: <1563869266.914571.15846.nullmailer@dev.openssl.org> The branch master has been updated via a6a66e4511eec0f4ecc2943117a42b3723eb2222 (commit) from 82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6 (commit) - Log ----------------------------------------------------------------- commit a6a66e4511eec0f4ecc2943117a42b3723eb2222 Author: Pauli Date: Tue Jul 23 18:07:19 2019 +1000 Make rand_pool buffers more dynamic in their sizing. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9428) ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 +++ crypto/err/openssl.txt | 1 + crypto/rand/rand_lcl.h | 19 +++++++++++++++++++ crypto/rand/rand_lib.c | 48 ++++++++++++++++++++++++++++++++++++++++++----- include/openssl/randerr.h | 1 + 5 files changed, 67 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 0ad7ac8..3507e35 100644 --- a/CHANGES +++ b/CHANGES @@ -19,6 +19,9 @@ The macro SYSerr() is deprecated. [Rich Salz] + *) Significantly reduce secure memory usage by the randomness pools. + [Paul Dale] + *) {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been deprecated. [Rich Salz] diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8aa62a6..b852fa2 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1177,6 +1177,7 @@ RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed +RAND_F_RAND_POOL_GROW:127: RAND_F_RAND_POOL_NEW:116:rand_pool_new RAND_F_RAND_WRITE_FILE:112:RAND_write_file RSA_F_CHECK_PADDING_MD:140:check_padding_md diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 1a77c89..e425d41 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -82,6 +82,24 @@ * 1.5 * (RAND_DRBG_STRENGTH / 8)) */ +/* + * Initial allocation minimum. + * + * There is a distinction between the secure and normal allocation minimums. + * Ideally, the secure allocation size should be a power of two. The normal + * allocation size doesn't have any such restriction. + * + * The secure value is based on 128 bits of secure material, which is 16 bytes. + * Typically, the DRBGs will set a minimum larger than this so optimal + * allocation ought to take place (for full quality seed material). + * + * The normal value has been chosed by noticing that the rand_drbg_get_nonce + * function is usually the largest of the built in allocation (twenty four + * bytes and then appending another sixteen bytes). This means the buffer ends + * with 40 bytes. The value of forty eight is comfortably above this which + * allows some slack in the platform specific values used. + */ +# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) /* DRBG status values */ typedef enum drbg_status_e { @@ -184,6 +202,7 @@ struct rand_pool_st { size_t min_len; /* minimum number of random bytes requested */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */ + size_t alloc_len; /* current number of bytes allocated */ size_t entropy; /* current entropy count in bits */ size_t entropy_requested; /* requested entropy count in bits */ }; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 9c99cc9..8b44b55 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -368,6 +368,7 @@ RAND_POOL *rand_pool_new(int entropy_requested, int secure, size_t min_len, size_t max_len) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); if (pool == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); @@ -377,11 +378,14 @@ RAND_POOL *rand_pool_new(int entropy_requested, int secure, pool->min_len = min_len; pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? RAND_POOL_MAX_LENGTH : max_len; + pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len; + if (pool->alloc_len > pool->max_len) + pool->alloc_len = pool->max_len; if (secure) - pool->buffer = OPENSSL_secure_zalloc(pool->max_len); + pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len); else - pool->buffer = OPENSSL_zalloc(pool->max_len); + pool->buffer = OPENSSL_zalloc(pool->alloc_len); if (pool->buffer == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); @@ -424,7 +428,7 @@ RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, pool->attached = 1; - pool->min_len = pool->max_len = pool->len; + pool->min_len = pool->max_len = pool->alloc_len = pool->len; pool->entropy = entropy; return pool; @@ -446,9 +450,9 @@ void rand_pool_free(RAND_POOL *pool) */ if (!pool->attached) { if (pool->secure) - OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); else - OPENSSL_clear_free(pool->buffer, pool->max_len); + OPENSSL_clear_free(pool->buffer, pool->alloc_len); } OPENSSL_free(pool); @@ -581,6 +585,36 @@ size_t rand_pool_bytes_remaining(RAND_POOL *pool) return pool->max_len - pool->len; } +static int rand_pool_grow(RAND_POOL *pool, size_t len) +{ + if (len > pool->alloc_len - pool->len) { + unsigned char *p; + const size_t limit = pool->max_len / 2; + size_t newlen = pool->alloc_len; + + do + newlen = newlen < limit ? newlen * 2 : pool->max_len; + while (len > newlen - pool->len); + + if (pool->secure) + p = OPENSSL_secure_zalloc(newlen); + else + p = OPENSSL_zalloc(newlen); + if (p == NULL) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(p, pool->buffer, pool->len); + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); + else + OPENSSL_clear_free(pool->buffer, pool->alloc_len); + pool->buffer = p; + pool->alloc_len = newlen; + } + return 1; +} + /* * Add random bytes to the random pool. * @@ -604,6 +638,8 @@ int rand_pool_add(RAND_POOL *pool, } if (len > 0) { + if (!rand_pool_grow(pool, len)) + return 0; memcpy(pool->buffer + pool->len, buffer, len); pool->len += len; pool->entropy += entropy; @@ -639,6 +675,8 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) return NULL; } + if (!rand_pool_grow(pool, len)) + return NULL; return pool->buffer + pool->len; } diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index ca5a5ed..cd7ae66 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -49,6 +49,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_POOL_ADD_END 0 # define RAND_F_RAND_POOL_ATTACH 0 # define RAND_F_RAND_POOL_BYTES_NEEDED 0 +# define RAND_F_RAND_POOL_GROW 0 # define RAND_F_RAND_POOL_NEW 0 # define RAND_F_RAND_WRITE_FILE 0 # endif From tmraz at fedoraproject.org Tue Jul 23 08:22:48 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 23 Jul 2019 08:22:48 +0000 Subject: [openssl] master update Message-ID: <1563870168.358670.26557.nullmailer@dev.openssl.org> The branch master has been updated via 584410227ab3afd3d296408ca096409cd677ee10 (commit) from a6a66e4511eec0f4ecc2943117a42b3723eb2222 (commit) - Log ----------------------------------------------------------------- commit 584410227ab3afd3d296408ca096409cd677ee10 Author: Rich Salz Date: Thu Jul 18 15:40:12 2019 -0400 Don't complain if function name doesn't match The "function" argument is now unused in the XXXerr defines, so mkerr doesn't need to check if the value/name match. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9413) ----------------------------------------------------------------------- Summary of changes: util/mkerr.pl | 4 ---- 1 file changed, 4 deletions(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index aae49ac..956b661 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -394,10 +394,6 @@ foreach my $file ( @source ) { $fnew{$2}++; } $ftrans{$3} = $func unless exists $ftrans{$3}; - if ( uc($func) ne $3 ) { - print STDERR "ERROR: mismatch $file:$linenr $func:$3\n"; - $errors++; - } print STDERR " Function $1 = $fcodes{$1}\n" if $debug; } From builds at travis-ci.org Tue Jul 23 08:28:26 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 08:28:26 +0000 Subject: Errored: openssl/openssl#26786 (master - a6a66e4) In-Reply-To: Message-ID: <5d36c529dd9b1_43faeb393d4501261f7@6b9507d5-12ac-4bf7-92a7-aff9264d04d5.mail> Build Update for openssl/openssl ------------------------------------- Build: #26786 Status: Errored Duration: 19 mins and 57 secs Commit: a6a66e4 (master) Author: Pauli Message: Make rand_pool buffers more dynamic in their sizing. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9428) View the changeset: https://github.com/openssl/openssl/compare/82925f9dd049...a6a66e4511ee View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562463731?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 23 08:44:52 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 08:44:52 +0000 Subject: Still Failing: openssl/openssl#26787 (master - 5844102) In-Reply-To: Message-ID: <5d36c904bea32_43fd0e227ac5c2480e7@162bab59-bebc-4ee1-b9bc-301da82cbd76.mail> Build Update for openssl/openssl ------------------------------------- Build: #26787 Status: Still Failing Duration: 20 mins and 38 secs Commit: 5844102 (master) Author: Rich Salz Message: Don't complain if function name doesn't match The "function" argument is now unused in the XXXerr defines, so mkerr doesn't need to check if the value/name match. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9413) View the changeset: https://github.com/openssl/openssl/compare/a6a66e4511ee...584410227ab3 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562468869?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Jul 23 09:25:58 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 23 Jul 2019 09:25:58 +0000 Subject: [openssl] master update Message-ID: <1563873958.504051.12323.nullmailer@dev.openssl.org> The branch master has been updated via 037439c46addc62130617bbba8c5e58e1548bfd8 (commit) from 584410227ab3afd3d296408ca096409cd677ee10 (commit) - Log ----------------------------------------------------------------- commit 037439c46addc62130617bbba8c5e58e1548bfd8 Author: Matt Caswell Date: Mon Jul 22 15:19:02 2019 +0100 Remove some utilities from the core to provider interface The core provides a number of essential functions as "upcalls" to providers. Some of those were just utility functions that wrap other upcalls - which don't seem essential and bloat the interface. We should remove them in order to simplify the interface. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9432) ----------------------------------------------------------------------- Summary of changes: crypto/build.info | 2 +- crypto/mem_str.c | 133 ----------------------------------------- crypto/o_str.c | 120 +++++++++++++++++++++++++++++++++++++ crypto/provider_core.c | 4 -- include/openssl/core_numbers.h | 32 ++++------ providers/fips/fipsprov.c | 36 ----------- 6 files changed, 131 insertions(+), 196 deletions(-) delete mode 100644 crypto/mem_str.c diff --git a/crypto/build.info b/crypto/build.info index 3f9eb52..fe49fa3 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -73,7 +73,7 @@ $UTIL_COMMON=\ $UTIL_DEFINE=$CPUIDDEF SOURCE[../libcrypto]=$UTIL_COMMON \ - mem.c mem_sec.c mem_str.c mem_dbg.c \ + mem.c mem_sec.c mem_dbg.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \ asn1_dsa.c packet.c $UPLINKSRC diff --git a/crypto/mem_str.c b/crypto/mem_str.c deleted file mode 100644 index da13ea4..0000000 --- a/crypto/mem_str.c +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include -#include -#include "internal/cryptlib.h" - -char *CRYPTO_strdup(const char *str, const char* file, int line) -{ - char *ret; - - if (str == NULL) - return NULL; - ret = CRYPTO_malloc(strlen(str) + 1, file, line); - if (ret != NULL) - strcpy(ret, str); - return ret; -} - -char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) -{ - size_t maxlen; - char *ret; - - if (str == NULL) - return NULL; - - maxlen = OPENSSL_strnlen(str, s); - - ret = CRYPTO_malloc(maxlen + 1, file, line); - if (ret) { - memcpy(ret, str, maxlen); - ret[maxlen] = '\0'; - } - return ret; -} - -void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) -{ - void *ret; - - if (data == NULL || siz >= INT_MAX) - return NULL; - - ret = CRYPTO_malloc(siz, file, line); - if (ret == NULL) { - CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE); - return NULL; - } - return memcpy(ret, data, siz); -} - -/* - * Give a string of hex digits convert to a buffer - */ -unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) -{ - unsigned char *hexbuf, *q; - unsigned char ch, cl; - int chi, cli; - const unsigned char *p; - size_t s; - - s = strlen(str); - if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (p = (const unsigned char *)str, q = hexbuf; *p; ) { - ch = *p++; - if (ch == ':') - continue; - cl = *p++; - if (!cl) { - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, - CRYPTO_R_ODD_NUMBER_OF_DIGITS); - OPENSSL_free(hexbuf); - return NULL; - } - cli = OPENSSL_hexchar2int(cl); - chi = OPENSSL_hexchar2int(ch); - if (cli < 0 || chi < 0) { - OPENSSL_free(hexbuf); - CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT); - return NULL; - } - *q++ = (unsigned char)((chi << 4) | cli); - } - - if (len) - *len = q - hexbuf; - return hexbuf; -} - -/* - * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its - * hex representation @@@ (Contents of buffer are always kept in ASCII, also - * on EBCDIC machines) - */ -char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) -{ - static const char hexdig[] = "0123456789ABCDEF"; - char *tmp, *q; - const unsigned char *p; - int i; - - if (len == 0) - return OPENSSL_zalloc(1); - - if ((tmp = OPENSSL_malloc(len * 3)) == NULL) { - CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); - return NULL; - } - q = tmp; - for (i = 0, p = buffer; i < len; i++, p++) { - *q++ = hexdig[(*p >> 4) & 0xf]; - *q++ = hexdig[*p & 0xf]; - *q++ = ':'; - } - q[-1] = 0; -#ifdef CHARSET_EBCDIC - ebcdic2ascii(tmp, tmp, q - tmp - 1); -#endif - - return tmp; -} diff --git a/crypto/o_str.c b/crypto/o_str.c index 35bb654..c24524f 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -12,6 +12,51 @@ #include #include "internal/cryptlib.h" +char *CRYPTO_strdup(const char *str, const char* file, int line) +{ + char *ret; + + if (str == NULL) + return NULL; + ret = CRYPTO_malloc(strlen(str) + 1, file, line); + if (ret != NULL) + strcpy(ret, str); + return ret; +} + +char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) +{ + size_t maxlen; + char *ret; + + if (str == NULL) + return NULL; + + maxlen = OPENSSL_strnlen(str, s); + + ret = CRYPTO_malloc(maxlen + 1, file, line); + if (ret) { + memcpy(ret, str, maxlen); + ret[maxlen] = '\0'; + } + return ret; +} + +void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) +{ + void *ret; + + if (data == NULL || siz >= INT_MAX) + return NULL; + + ret = CRYPTO_malloc(siz, file, line); + if (ret == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE); + return NULL; + } + return memcpy(ret, data, siz); +} + size_t OPENSSL_strnlen(const char *str, size_t maxlen) { const char *p; @@ -84,6 +129,81 @@ int OPENSSL_hexchar2int(unsigned char c) return -1; } +/* + * Give a string of hex digits convert to a buffer + */ +unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) +{ + unsigned char *hexbuf, *q; + unsigned char ch, cl; + int chi, cli; + const unsigned char *p; + size_t s; + + s = strlen(str); + if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) { + CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (p = (const unsigned char *)str, q = hexbuf; *p; ) { + ch = *p++; + if (ch == ':') + continue; + cl = *p++; + if (!cl) { + CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, + CRYPTO_R_ODD_NUMBER_OF_DIGITS); + OPENSSL_free(hexbuf); + return NULL; + } + cli = OPENSSL_hexchar2int(cl); + chi = OPENSSL_hexchar2int(ch); + if (cli < 0 || chi < 0) { + OPENSSL_free(hexbuf); + CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT); + return NULL; + } + *q++ = (unsigned char)((chi << 4) | cli); + } + + if (len) + *len = q - hexbuf; + return hexbuf; +} + +/* + * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its + * hex representation @@@ (Contents of buffer are always kept in ASCII, also + * on EBCDIC machines) + */ +char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) +{ + static const char hexdig[] = "0123456789ABCDEF"; + char *tmp, *q; + const unsigned char *p; + int i; + + if (len == 0) + return OPENSSL_zalloc(1); + + if ((tmp = OPENSSL_malloc(len * 3)) == NULL) { + CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); + return NULL; + } + q = tmp; + for (i = 0, p = buffer; i < len; i++, p++) { + *q++ = hexdig[(*p >> 4) & 0xf]; + *q++ = hexdig[*p & 0xf]; + *q++ = ':'; + } + q[-1] = 0; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(tmp, tmp, q - tmp - 1); +#endif + + return tmp; +} + int openssl_strerror_r(int errnum, char *buf, size_t buflen) { #if defined(_MSC_VER) && _MSC_VER>=1400 diff --git a/crypto/provider_core.c b/crypto/provider_core.c index d96e214..0e86097 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -812,9 +812,6 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc }, { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc }, - { OSSL_FUNC_CRYPTO_MEMDUP, (void (*)(void))CRYPTO_memdup }, - { OSSL_FUNC_CRYPTO_STRDUP, (void (*)(void))CRYPTO_strdup }, - { OSSL_FUNC_CRYPTO_STRNDUP, (void (*)(void))CRYPTO_strndup }, { OSSL_FUNC_CRYPTO_FREE, (void (*)(void))CRYPTO_free }, { OSSL_FUNC_CRYPTO_CLEAR_FREE, (void (*)(void))CRYPTO_clear_free }, { OSSL_FUNC_CRYPTO_REALLOC, (void (*)(void))CRYPTO_realloc }, @@ -827,7 +824,6 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED, (void (*)(void))CRYPTO_secure_allocated }, { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse }, - { OSSL_FUNC_OPENSSL_HEXSTR2BUF, (void (*)(void))OPENSSL_hexstr2buf }, { 0, NULL } }; diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 21f4303..f8a700a 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -85,48 +85,36 @@ OSSL_CORE_MAKE_FUNC(void *, #define OSSL_FUNC_CRYPTO_ZALLOC 11 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_zalloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_MEMDUP 12 -OSSL_CORE_MAKE_FUNC(void *, - CRYPTO_memdup, (const void *str, size_t siz, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_STRDUP 13 -OSSL_CORE_MAKE_FUNC(char *, - CRYPTO_strdup, (const char *str, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_STRNDUP 14 -OSSL_CORE_MAKE_FUNC(char *, - CRYPTO_strndup, (const char *str, size_t s, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_FREE 15 +#define OSSL_FUNC_CRYPTO_FREE 12 OSSL_CORE_MAKE_FUNC(void, CRYPTO_free, (void *ptr, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_CLEAR_FREE 16 +#define OSSL_FUNC_CRYPTO_CLEAR_FREE 13 OSSL_CORE_MAKE_FUNC(void, CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_REALLOC 17 +#define OSSL_FUNC_CRYPTO_REALLOC 14 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 18 +#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 15 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 19 +#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 16 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_secure_malloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 20 +#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 17 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_FREE 21 +#define OSSL_FUNC_CRYPTO_SECURE_FREE 18 OSSL_CORE_MAKE_FUNC(void, CRYPTO_secure_free, (void *ptr, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 22 +#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 19 OSSL_CORE_MAKE_FUNC(void, CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 23 +#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 20 OSSL_CORE_MAKE_FUNC(int, CRYPTO_secure_allocated, (const void *ptr)) -#define OSSL_FUNC_OPENSSL_CLEANSE 24 +#define OSSL_FUNC_OPENSSL_CLEANSE 21 OSSL_CORE_MAKE_FUNC(void, OPENSSL_cleanse, (void *ptr, size_t len)) -# define OSSL_FUNC_OPENSSL_HEXSTR2BUF 25 -OSSL_CORE_MAKE_FUNC(unsigned char *, - OPENSSL_hexstr2buf, (const char *str, long *len)) /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 50d3c4b..4c010c8 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -43,9 +43,6 @@ static OSSL_core_put_error_fn *c_put_error; static OSSL_core_add_error_vdata_fn *c_add_error_vdata; static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; -static OSSL_CRYPTO_memdup_fn *c_CRYPTO_memdup; -static OSSL_CRYPTO_strdup_fn *c_CRYPTO_strdup; -static OSSL_CRYPTO_strndup_fn *c_CRYPTO_strndup; static OSSL_CRYPTO_free_fn *c_CRYPTO_free; static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc; @@ -55,7 +52,6 @@ static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; -static OSSL_OPENSSL_hexstr2buf_fn *c_OPENSSL_hexstr2buf; typedef struct fips_global_st { const OSSL_PROVIDER *prov; @@ -321,15 +317,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CRYPTO_ZALLOC: c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in); break; - case OSSL_FUNC_CRYPTO_MEMDUP: - c_CRYPTO_memdup = OSSL_get_CRYPTO_memdup(in); - break; - case OSSL_FUNC_CRYPTO_STRDUP: - c_CRYPTO_strdup = OSSL_get_CRYPTO_strdup(in); - break; - case OSSL_FUNC_CRYPTO_STRNDUP: - c_CRYPTO_strndup = OSSL_get_CRYPTO_strndup(in); - break; case OSSL_FUNC_CRYPTO_FREE: c_CRYPTO_free = OSSL_get_CRYPTO_free(in); break; @@ -357,9 +344,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); break; - case OSSL_FUNC_OPENSSL_HEXSTR2BUF: - c_OPENSSL_hexstr2buf = OSSL_get_OPENSSL_hexstr2buf(in); - break; default: /* Just ignore anything we don't understand */ break; @@ -478,21 +462,6 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line) return c_CRYPTO_zalloc(num, file, line); } -void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line) -{ - return c_CRYPTO_memdup(str, siz, file, line); -} - -char *CRYPTO_strdup(const char *str, const char *file, int line) -{ - return c_CRYPTO_strdup(str, file, line); -} - -char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line) -{ - return c_CRYPTO_strndup(str, s, file, line); -} - void CRYPTO_free(void *ptr, const char *file, int line) { c_CRYPTO_free(ptr, file, line); @@ -534,11 +503,6 @@ void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) c_CRYPTO_secure_clear_free(ptr, num, file, line); } -unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) -{ - return c_OPENSSL_hexstr2buf(str, len); -} - int CRYPTO_secure_allocated(const void *ptr) { return c_CRYPTO_secure_allocated(ptr); From builds at travis-ci.org Tue Jul 23 09:54:52 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 09:54:52 +0000 Subject: Still Failing: openssl/openssl#26794 (master - 037439c) In-Reply-To: Message-ID: <5d36d96c43670_43fb6b66337043882f@cb18b961-207d-46c0-a575-9b620a741a14.mail> Build Update for openssl/openssl ------------------------------------- Build: #26794 Status: Still Failing Duration: 23 mins and 51 secs Commit: 037439c (master) Author: Matt Caswell Message: Remove some utilities from the core to provider interface The core provides a number of essential functions as "upcalls" to providers. Some of those were just utility functions that wrap other upcalls - which don't seem essential and bloat the interface. We should remove them in order to simplify the interface. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9432) View the changeset: https://github.com/openssl/openssl/compare/584410227ab3...037439c46add View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562494365?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 23 13:36:41 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jul 2019 13:36:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1563889001.836950.6207.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 29ce3458d8 Remove superfluous call to OPENSSL_cpuid_setup a38c878c2e Change DH parameters to generate the order q subgroup instead of 2q d4c69c69d1 Documentation: add provider-base(7), describing the base functions 2cafb1dff3 Documentation: Move the description of the fetching functions e4c0ec6278 Documentation: Add provider(7), for general description of providers a80278b071 Include deprecated SYS_F_xxx codes 46160e6fb9 Deprecate SYSerr, add new FUNCerr macro 56c3a135b2 Add ERR_put_func_error, and use it. 1372560f64 Allocate DRBG additional data pool from non-secure memory a8f1aabd4b x509: publish X509_PUBKEY_dup 9b977675ad x509: add missing X509 dup functions 227d426554 x509: sort X509 dup functions alphabetically fa9faf0104 Add an internal API to access the KEYMGMT provider functions 4cae07fef3 Add evp_keymgmt_clear_pkey_cache() and use it d0ea49a820 Adapt int_ctx_new() to use with providers 70a1f7b4d7 Add evp_keymgmt_export_to_provider(), for key transfer between providers a94a3e0d91 Add basic EVP_KEYMGMT API and libcrypto <-> provider interface 7312ef3fc4 Add param builder free function. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 225 wallclock secs ( 1.53 usr 0.35 sys + 221.40 cusr 16.50 csys = 239.78 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 23 14:23:53 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jul 2019 14:23:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1563891833.581217.32051.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 29ce3458d8 Remove superfluous call to OPENSSL_cpuid_setup a38c878c2e Change DH parameters to generate the order q subgroup instead of 2q d4c69c69d1 Documentation: add provider-base(7), describing the base functions 2cafb1dff3 Documentation: Move the description of the fetching functions e4c0ec6278 Documentation: Add provider(7), for general description of providers a80278b071 Include deprecated SYS_F_xxx codes 46160e6fb9 Deprecate SYSerr, add new FUNCerr macro 56c3a135b2 Add ERR_put_func_error, and use it. 1372560f64 Allocate DRBG additional data pool from non-secure memory a8f1aabd4b x509: publish X509_PUBKEY_dup 9b977675ad x509: add missing X509 dup functions 227d426554 x509: sort X509 dup functions alphabetically fa9faf0104 Add an internal API to access the KEYMGMT provider functions 4cae07fef3 Add evp_keymgmt_clear_pkey_cache() and use it d0ea49a820 Adapt int_ctx_new() to use with providers 70a1f7b4d7 Add evp_keymgmt_export_to_provider(), for key transfer between providers a94a3e0d91 Add basic EVP_KEYMGMT API and libcrypto <-> provider interface 7312ef3fc4 Add param builder free function. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 221 wallclock secs ( 1.56 usr 0.37 sys + 215.59 cusr 17.18 csys = 234.70 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue Jul 23 14:55:21 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 14:55:21 +0000 Subject: Build failed: openssl master.26229 Message-ID: <20190723145521.1.4D1D2CB202D0E6BA@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 23 15:29:22 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 15:29:22 +0000 Subject: Build completed: openssl master.26230 Message-ID: <20190723152922.1.ED5C4FCCD9B57D3A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 23 19:34:03 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 19:34:03 +0000 Subject: Build failed: openssl master.26241 Message-ID: <20190723193403.1.63800D3E1CFA43CA@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jul 23 20:03:38 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jul 2019 20:03:38 +0000 Subject: [openssl] master update Message-ID: <1563912218.095038.14619.nullmailer@dev.openssl.org> The branch master has been updated via 8b84b075ff065554c0cdd1086950f1a8614d93a4 (commit) from 037439c46addc62130617bbba8c5e58e1548bfd8 (commit) - Log ----------------------------------------------------------------- commit 8b84b075ff065554c0cdd1086950f1a8614d93a4 Author: Richard Levitte Date: Sun Jul 7 10:56:46 2019 +0200 Adapt DH to use with KEYMGMT The biggest part in this was to move the key->param builder from EVP to the DH ASN.1 method, and to implement the KEYMGMT support in the provider DH. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9394) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_ameth.c | 57 ++++++++- crypto/dh/dh_asn1.c | 2 + crypto/dh/dh_gen.c | 1 + crypto/dh/dh_key.c | 1 + crypto/dh/dh_lib.c | 2 + crypto/dh/dh_locl.h | 3 + crypto/dh/dh_rfc7919.c | 1 + crypto/err/openssl.txt | 2 + crypto/evp/evp_err.c | 1 + crypto/evp/evp_lib.c | 134 ---------------------- crypto/evp/evp_locl.h | 2 + crypto/evp/exchange.c | 71 +++++++----- crypto/evp/pmeth_lib.c | 2 +- doc/man3/EVP_KEYEXCH_free.pod | 7 +- include/openssl/core_numbers.h | 8 +- include/openssl/evp.h | 1 + include/openssl/evperr.h | 1 + providers/common/build.info | 2 +- providers/common/exchange/build.info | 2 +- providers/common/exchange/{dh.c => dh_exch.c} | 70 +++-------- providers/common/include/internal/provider_algs.h | 5 +- providers/common/{exchange => keymgmt}/build.info | 4 +- providers/common/keymgmt/dh_kmgmt.c | 88 ++++++++++++++ providers/default/defltprov.c | 11 +- util/libcrypto.num | 1 + 25 files changed, 242 insertions(+), 237 deletions(-) rename providers/common/exchange/{dh.c => dh_exch.c} (67%) copy providers/common/{exchange => keymgmt}/build.info (80%) create mode 100644 providers/common/keymgmt/dh_kmgmt.c diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 524cac5..6da4878 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -16,6 +16,8 @@ #include "internal/asn1_int.h" #include "internal/evp_int.h" #include +#include +#include "internal/param_build.h" /* * i2d/d2i like DH parameter functions which use the appropriate routine for @@ -181,7 +183,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); goto dherr; } - /* Calculate public key */ + /* Calculate public key, increments dirty_cnt */ if (!DH_generate_key(dh)) goto dherr; @@ -255,6 +257,7 @@ static int dh_param_decode(EVP_PKEY *pkey, DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); return 0; } + dh->dirty_cnt++; EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); return 1; } @@ -415,6 +418,7 @@ static int int_dh_param_copy(DH *to, const DH *from, int is_x942) } } else to->length = from->length; + to->dirty_cnt++; return 1; } @@ -540,6 +544,50 @@ static int dh_pkey_param_check(const EVP_PKEY *pkey) return DH_check_ex(dh); } +static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey) +{ + return pkey->pkey.dh->dirty_cnt; +} + +static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) +{ + DH *dh = pk->pkey.dh; + OSSL_PARAM_BLD tmpl; + const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); + const BIGNUM *pub_key = DH_get0_pub_key(dh); + const BIGNUM *priv_key = DH_get0_priv_key(dh); + OSSL_PARAM *params; + void *provkey = NULL; + + if (p == NULL || g == NULL || pub_key == NULL) + return NULL; + + ossl_param_bld_init(&tmpl); + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_P, p) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_G, g) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) + return NULL; + + if (q != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_Q, q)) + return NULL; + } + + if (priv_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, + priv_key)) + return NULL; + } + + params = ossl_param_bld_to_param(&tmpl); + + /* We export, the provider imports */ + provkey = evp_keymgmt_importkey(keymgmt, params); + + ossl_param_bld_free(params); + return provkey; +} + const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { EVP_PKEY_DH, EVP_PKEY_DH, @@ -576,7 +624,12 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { 0, dh_pkey_public_check, - dh_pkey_param_check + dh_pkey_param_check, + + 0, 0, 0, 0, + + dh_pkey_dirty_cnt, + dh_pkey_export_to, }; const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index aabdfa8..71379d7 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -27,6 +27,8 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, DH_free((DH *)*pval); *pval = NULL; return 2; + } else if (operation == ASN1_OP_D2I_POST) { + ((DH *)*pval)->dirty_cnt++; } return 1; } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index bbf774f..6e98b59 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -111,6 +111,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, goto err; if (!BN_set_word(ret->g, g)) goto err; + ret->dirty_cnt++; ok = 1; err: if (ok == -1) { diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 4df993e..0d6b04d 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -154,6 +154,7 @@ static int generate_key(DH *dh) dh->pub_key = pub_key; dh->priv_key = priv_key; + dh->dirty_cnt++; ok = 1; err: if (ok != 1) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 70298ed..df31662 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -209,6 +209,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) dh->length = BN_num_bits(q); } + dh->dirty_cnt++; return 1; } @@ -242,6 +243,7 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) dh->priv_key = priv_key; } + dh->dirty_cnt++; return 1; } diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h index bb64cde..f0247b8 100644 --- a/crypto/dh/dh_locl.h +++ b/crypto/dh/dh_locl.h @@ -35,6 +35,9 @@ struct dh_st { const DH_METHOD *meth; ENGINE *engine; CRYPTO_RWLOCK *lock; + + /* Provider data */ + size_t dirty_cnt; /* If any key material changes, increment this */ }; struct dh_method { diff --git a/crypto/dh/dh_rfc7919.c b/crypto/dh/dh_rfc7919.c index e9f3eaf..4e676fd 100644 --- a/crypto/dh/dh_rfc7919.c +++ b/crypto/dh/dh_rfc7919.c @@ -22,6 +22,7 @@ static DH *dh_param_init(const BIGNUM *p, int32_t nbits) dh->p = (BIGNUM *)p; dh->g = (BIGNUM *)&_bignum_const_2; dh->length = nbits; + dh->dirty_cnt++; return dh; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index b852fa2..d88e989 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -821,6 +821,7 @@ EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id +EVP_F_EVP_KEYEXCH_FETCH:245:EVP_KEYEXCH_fetch EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str @@ -2464,6 +2465,7 @@ EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length EVP_R_NO_CIPHER_SET:131:no cipher set EVP_R_NO_DEFAULT_DIGEST:158:no default digest EVP_R_NO_DIGEST_SET:139:no digest set +EVP_R_NO_KEYMGMT_PRESENT:196:no keymgmt present EVP_R_NO_KEY_SET:154:no key set EVP_R_NO_OPERATION_SET:149:no operation set EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index d517099..92df593 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -95,6 +95,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_PRESENT), "no keymgmt present"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED), diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 0825c10..9091f8b 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -760,137 +760,3 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), OPENSSL_free(bin); return rv; } - -#ifndef FIPS_MODE -# ifndef OPENSSL_NO_DH -/* - * TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added - * in later. - */ - -# define MAX_PARAMS 10 -typedef struct { - /* Number of the current param */ - size_t curr; - struct { - /* Key for the current param */ - const char *key; - /* Value for the current param */ - const BIGNUM *bnparam; - /* Size of the buffer required for the BN */ - size_t bufsz; - } params[MAX_PARAMS]; - /* Running count of the total size required */ - size_t totsz; - int ispublic; -} PARAMS_TEMPLATE; - -static int push_param_bn(PARAMS_TEMPLATE *tmpl, const char *key, - const BIGNUM *bn) -{ - int sz; - - sz = BN_num_bytes(bn); - if (sz <= 0) - return 0; - tmpl->params[tmpl->curr].key = key; - tmpl->params[tmpl->curr].bnparam = bn; - tmpl->params[tmpl->curr++].bufsz = (size_t)sz; - tmpl->totsz += sizeof(OSSL_PARAM) + (size_t)sz; - - return 1; -} - -static OSSL_PARAM *param_template_to_param(PARAMS_TEMPLATE *tmpl, size_t *sz) -{ - size_t i; - void *buf; - OSSL_PARAM *param = NULL; - unsigned char *currbuf = NULL; - - if (tmpl->totsz == 0) - return NULL; - - /* Add some space for the end of OSSL_PARAM marker */ - tmpl->totsz += sizeof(*param); - - if (tmpl->ispublic) - buf = OPENSSL_zalloc(tmpl->totsz); - else - buf = OPENSSL_secure_zalloc(tmpl->totsz); - if (buf == NULL) - return NULL; - param = buf; - - currbuf = (unsigned char *)buf + (sizeof(*param) * (tmpl->curr + 1)); - - for (i = 0; i < tmpl->curr; i++) { - if (!ossl_assert((currbuf - (unsigned char *)buf ) - + tmpl->params[i].bufsz <= tmpl->totsz)) - goto err; - if (BN_bn2nativepad(tmpl->params[i].bnparam, currbuf, - tmpl->params[i].bufsz) < 0) - goto err; - param[i] = OSSL_PARAM_construct_BN(tmpl->params[i].key, currbuf, - tmpl->params[i].bufsz); - currbuf += tmpl->params[i].bufsz; - } - param[i] = OSSL_PARAM_construct_end(); - - if (sz != NULL) - *sz = tmpl->totsz; - return param; - - err: - if (tmpl->ispublic) - OPENSSL_free(param); - else - OPENSSL_clear_free(param, tmpl->totsz); - return NULL; -} - -static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz) -{ - DH *dh = pkey->pkey.dh; - PARAMS_TEMPLATE tmpl = {0}; - const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); - const BIGNUM *pub_key = DH_get0_pub_key(dh); - const BIGNUM *priv_key = DH_get0_priv_key(dh); - - if (p == NULL || g == NULL || pub_key == NULL) - return NULL; - - if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_P, p) - || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_G, g) - || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) - return NULL; - - if (q != NULL) { - if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_Q, q)) - return NULL; - } - - if (priv_key != NULL) { - if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key)) - return NULL; - } else { - tmpl.ispublic = 1; - } - - return param_template_to_param(&tmpl, sz); -} -# endif /* OPENSSL_NO_DH */ - -OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz) -{ - switch (pkey->type) { -# ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - return evp_pkey_dh_to_param(pkey, sz); -# endif - default: - return NULL; - } -} - -#endif /* FIPS_MODE */ diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index ce46163..848ef29 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -94,6 +94,8 @@ struct evp_keyexch_st { CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; + EVP_KEYMGMT *keymgmt; + OSSL_OP_keyexch_newctx_fn *newctx; OSSL_OP_keyexch_init_fn *init; OSSL_OP_keyexch_set_peer_fn *set_peer; diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index d8afcbd..1c48e7f 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -112,6 +112,7 @@ void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange) CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock); if (i > 0) return; + EVP_KEYMGMT_free(exchange->keymgmt); ossl_provider_free(exchange->prov); OPENSSL_free(exchange->name); CRYPTO_THREAD_lock_free(exchange->lock); @@ -127,20 +128,46 @@ int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange) return 1; } +OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange) +{ + return exchange->prov; +} + EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties) { - return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, - evp_keyexch_from_dispatch, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); + /* + * Key exchange cannot work without a key, and we key management + * from the same provider to manage its keys. + */ + EVP_KEYEXCH *keyexch = + evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, + evp_keyexch_from_dispatch, + (int (*)(void *))EVP_KEYEXCH_up_ref, + (void (*)(void *))EVP_KEYEXCH_free); + + /* If the method is newly created, there's no keymgmt attached */ + if (keyexch->keymgmt == NULL) { + EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(ctx, algorithm, properties); + + if (keymgmt == NULL + || (EVP_KEYEXCH_provider(keyexch) + != EVP_KEYMGMT_provider(keymgmt))) { + EVP_KEYEXCH_free(keyexch); + EVP_KEYMGMT_free(keymgmt); + EVPerr(EVP_F_EVP_KEYEXCH_FETCH, EVP_R_NO_KEYMGMT_PRESENT); + return NULL; + } + + keyexch->keymgmt = keymgmt; + } + return keyexch; } int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange) { int ret; - OSSL_PARAM *param = NULL; - size_t paramsz = 0; + void *provkey = NULL; ctx->operation = EVP_PKEY_OP_DERIVE; @@ -180,26 +207,19 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange) EVP_KEYEXCH_free(ctx->exchange); ctx->exchange = exchange; if (ctx->pkey != NULL) { - param = evp_pkey_to_param(ctx->pkey, ¶msz); - if (param == NULL) { + provkey = evp_keymgmt_export_to_provider(ctx->pkey, exchange->keymgmt); + if (provkey == NULL) { EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); goto err; } } ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); if (ctx->exchprovctx == NULL) { - OPENSSL_secure_clear_free(param, paramsz); + /* The provider key can stay in the cache */ EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); goto err; } - ret = exchange->init(ctx->exchprovctx, param); - /* - * TODO(3.0): Really we should detect whether to call OPENSSL_free or - * OPENSSL_secure_clear_free based on the presence of a private key or not. - * Since we always expect a private key to be present we just call - * OPENSSL_secure_clear_free for now. - */ - OPENSSL_secure_clear_free(param, paramsz); + ret = exchange->init(ctx->exchprovctx, provkey); return ret ? 1 : 0; err: @@ -229,7 +249,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { int ret; - OSSL_PARAM *param = NULL; + void *provkey = NULL; if (ctx == NULL) { EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, @@ -252,21 +272,12 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return -2; } - param = evp_pkey_to_param(peer, NULL); - if (param == NULL) { + provkey = evp_keymgmt_export_to_provider(peer, ctx->exchange->keymgmt); + if (provkey == NULL) { EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR); return 0; } - ret = ctx->exchange->set_peer(ctx->exchprovctx, param); - /* - * TODO(3.0): Really we should detect whether to call OPENSSL_free or - * OPENSSL_secure_clear_free based on the presence of a private key or not. - * Since we always expect a public key to be present we just call - * OPENSSL_free for now. - */ - OPENSSL_free(param); - - return ret; + return ctx->exchange->set_peer(ctx->exchprovctx, provkey); legacy: if (ctx->pmeth == NULL diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index cc26f06..31b4ae4 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -171,7 +171,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) if (pkey != NULL) EVP_PKEY_up_ref(pkey); - if (pmeth != NULL && pmeth->init) { + if (pmeth != NULL && pmeth->init != NULL) { if (pmeth->init(ret) <= 0) { ret->pmeth = NULL; EVP_PKEY_CTX_free(ret); diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index 912434d..41926f6 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref +EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider - Functions to manage EVP_KEYEXCH algorithm objects =head1 SYNOPSIS @@ -13,6 +13,7 @@ EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref const char *properties); void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); + OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); =head1 DESCRIPTION @@ -31,6 +32,8 @@ structure is freed. EVP_KEYEXCH_up_ref() increments the reference count for an B structure. +EVP_KEYEXCH_provider() returns the provider that I was fetched from. + =head1 RETURN VALUES EVP_KEYEXCH_fetch() returns a pointer to a B for success @@ -40,7 +43,7 @@ EVP_KEYEXCH_up_ref() returns 1 for success or 0 otherwise. =head1 SEE ALSO -L +L, L =head1 HISTORY diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index f8a700a..7bd0226 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -301,16 +301,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportkey_types, (void)) # define OSSL_FUNC_KEYEXCH_SET_PARAMS 7 OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx)) -OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, - OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, void *provkey)) OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx, unsigned char *key, size_t *keylen, size_t outlen)) -OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx, - OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx, void *provkey)) OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_params, (void *ctx, - OSSL_PARAM params[])) + const OSSL_PARAM params[])) /* Highest known operation number */ # define OSSL_OP__HIGHEST 3 diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 24ad23f..8182915 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1728,6 +1728,7 @@ void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); +OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); void EVP_add_alg_module(void); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index b54f387..8b46d76 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -213,6 +213,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_NO_CIPHER_SET 131 # define EVP_R_NO_DEFAULT_DIGEST 158 # define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEYMGMT_PRESENT 196 # define EVP_R_NO_KEY_SET 154 # define EVP_R_NO_OPERATION_SET 149 # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 diff --git a/providers/common/build.info b/providers/common/build.info index c77606a..bc106d0 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,4 +1,4 @@ -SUBDIRS=digests ciphers exchange +SUBDIRS=digests ciphers exchange keymgmt SOURCE[../../libcrypto]=\ provider_err.c provlib.c diff --git a/providers/common/exchange/build.info b/providers/common/exchange/build.info index 7957f51..c99c9d8 100644 --- a/providers/common/exchange/build.info +++ b/providers/common/exchange/build.info @@ -1,7 +1,7 @@ LIBS=../../../libcrypto IF[{- !$disabled{dh} -}] SOURCE[../../../libcrypto]=\ - dh.c + dh_exch.c ENDIF diff --git a/providers/common/exchange/dh.c b/providers/common/exchange/dh_exch.c similarity index 67% rename from providers/common/exchange/dh.c rename to providers/common/exchange/dh_exch.c index ca6f0fc..439b28a 100644 --- a/providers/common/exchange/dh.c +++ b/providers/common/exchange/dh_exch.c @@ -21,6 +21,11 @@ static OSSL_OP_keyexch_derive_fn dh_derive; static OSSL_OP_keyexch_freectx_fn dh_freectx; static OSSL_OP_keyexch_dupctx_fn dh_dupctx; +/* + * What's passed as an actual key is defined by the KEYMGMT interface. + * We happen to know that our KEYMGMT simply passes DH structures, so + * we use that here too. + */ typedef struct { DH *dh; @@ -33,71 +38,24 @@ static void *dh_newctx(void *provctx) return OPENSSL_zalloc(sizeof(PROV_DH_CTX)); } -static DH *param_to_dh(OSSL_PARAM params[], int priv) -{ - DH *dh = DH_new(); - OSSL_PARAM *paramptr; - BIGNUM *p = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; - - if (dh == NULL) - return NULL; - - paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_P); - if (paramptr == NULL - || !OSSL_PARAM_get_BN(paramptr, &p)) - goto err; - - paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_G); - if (paramptr == NULL || !OSSL_PARAM_get_BN(paramptr, &g)) - goto err; - - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; - p = g = NULL; - - paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_PUB_KEY); - if (paramptr == NULL || !OSSL_PARAM_get_BN(paramptr, &pub_key)) - goto err; - - /* Private key is optional */ - if (priv) { - paramptr = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DH_PRIV_KEY); - if (paramptr == NULL - || (priv_key = BN_secure_new()) == NULL - || !OSSL_PARAM_get_BN(paramptr, &priv_key)) - goto err; - } - - if (!DH_set0_key(dh, pub_key, priv_key)) - goto err; - - return dh; - - err: - BN_free(p); - BN_free(g); - BN_free(pub_key); - BN_free(priv_key); - DH_free(dh); - return NULL; -} - -static int dh_init(void *vpdhctx, OSSL_PARAM params[]) +static int dh_init(void *vpdhctx, void *vdh) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; DH_free(pdhctx->dh); - pdhctx->dh = param_to_dh(params, 1); + pdhctx->dh = vdh; + DH_up_ref(pdhctx->dh); return pdhctx->dh != NULL; } -static int dh_set_peer(void *vpdhctx, OSSL_PARAM params[]) +static int dh_set_peer(void *vpdhctx, void *vdh) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; DH_free(pdhctx->dhpeer); - pdhctx->dhpeer = param_to_dh(params, 0); + pdhctx->dhpeer = vdh; + DH_up_ref(pdhctx->dhpeer); return pdhctx->dhpeer != NULL; } @@ -164,7 +122,7 @@ static void *dh_dupctx(void *vpdhctx) return dstctx; } -static int dh_set_params(void *vpdhctx, OSSL_PARAM params[]) +static int dh_set_params(void *vpdhctx, const OSSL_PARAM params[]) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; const OSSL_PARAM *p; @@ -173,7 +131,7 @@ static int dh_set_params(void *vpdhctx, OSSL_PARAM params[]) if (pdhctx == NULL || params == NULL) return 0; - p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_PAD); + p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_PAD); if (p == NULL || !OSSL_PARAM_get_int(p, &pad)) return 0; @@ -182,7 +140,7 @@ static int dh_set_params(void *vpdhctx, OSSL_PARAM params[]) return 1; } -const OSSL_DISPATCH dh_functions[] = { +const OSSL_DISPATCH dh_keyexch_functions[] = { { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))dh_newctx }, { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))dh_init }, { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))dh_derive }, diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index dbc79a5..80946ca 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -58,5 +58,8 @@ extern const OSSL_DISPATCH aes256ctr_functions[]; extern const OSSL_DISPATCH aes192ctr_functions[]; extern const OSSL_DISPATCH aes128ctr_functions[]; +/* Key management */ +extern const OSSL_DISPATCH dh_keymgmt_functions[]; + /* Key Exchange */ -extern const OSSL_DISPATCH dh_functions[]; +extern const OSSL_DISPATCH dh_keyexch_functions[]; diff --git a/providers/common/exchange/build.info b/providers/common/keymgmt/build.info similarity index 80% copy from providers/common/exchange/build.info copy to providers/common/keymgmt/build.info index 7957f51..a41f3da 100644 --- a/providers/common/exchange/build.info +++ b/providers/common/keymgmt/build.info @@ -1,7 +1,5 @@ LIBS=../../../libcrypto IF[{- !$disabled{dh} -}] SOURCE[../../../libcrypto]=\ - dh.c + dh_kmgmt.c ENDIF - - diff --git a/providers/common/keymgmt/dh_kmgmt.c b/providers/common/keymgmt/dh_kmgmt.c new file mode 100644 index 0000000..67e3205 --- /dev/null +++ b/providers/common/keymgmt/dh_kmgmt.c @@ -0,0 +1,88 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/provider_algs.h" + +static OSSL_OP_keymgmt_importkey_fn dh_importkey; + +static int params_to_key(DH *dh, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_p, *param_g, *param_priv_key, *param_pub_key; + BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *pub_key = NULL; + + if (dh == NULL) + return 0; + + param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_P); + param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_G); + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PUB_KEY); + + /* + * DH documentation says that a public key must be present if a + * private key is present. + * We want to have at least a public key either way, so we end up + * requiring it unconditionally. + */ + if (param_pub_key == NULL) + return 0; + + if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p)) + || (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g)) + || (param_priv_key != NULL + && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + || !OSSL_PARAM_get_BN(param_pub_key, &pub_key)) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = g = NULL; + + if (!DH_set0_key(dh, pub_key, priv_key)) + goto err; + priv_key = pub_key = NULL; + + return 1; + + err: + BN_free(p); + BN_free(g); + BN_free(priv_key); + BN_free(pub_key); + return 0; +} + +static void *dh_importkey(void *provctx, const OSSL_PARAM params[]) +{ + DH *dh; + + if ((dh = DH_new()) == NULL + || !params_to_key(dh, params)) { + DH_free(dh); + dh = NULL; + } + return dh; +} + +const OSSL_DISPATCH dh_keymgmt_functions[] = { + /* + * TODO(3.0) When implementing OSSL_FUNC_KEYMGMT_GENKEY, remember to also + * implement OSSL_FUNC_KEYMGMT_EXPORTKEY. + */ + { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dh_importkey }, + { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DH_free }, + { 0, NULL } +}; diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 2c25bf7..95534b1 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -116,7 +116,14 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { static const OSSL_ALGORITHM deflt_keyexch[] = { #ifndef OPENSSL_NO_DH - { "dhKeyAgreement", "default=yes", dh_functions }, + { "dhKeyAgreement", "default=yes", dh_keyexch_functions }, +#endif + { NULL, NULL, NULL } +}; + +static const OSSL_ALGORITHM deflt_keymgmt[] = { +#ifndef OPENSSL_NO_DH + { "dhKeyAgreement", "default=yes", dh_keymgmt_functions }, #endif { NULL, NULL, NULL } }; @@ -131,6 +138,8 @@ static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, return deflt_digests; case OSSL_OP_CIPHER: return deflt_ciphers; + case OSSL_OP_KEYMGMT: + return deflt_keymgmt; case OSSL_OP_KEYEXCH: return deflt_keyexch; } diff --git a/util/libcrypto.num b/util/libcrypto.num index b0a7f81..1533a88 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4698,3 +4698,4 @@ EVP_CIPHER_provider 4803 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_name 4804 3_0_0 EXIST::FUNCTION: EVP_CIPHER_do_all_ex 4805 3_0_0 EXIST::FUNCTION: EVP_MD_do_all_ex 4806 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_provider 4807 3_0_0 EXIST::FUNCTION: From no-reply at appveyor.com Tue Jul 23 20:09:16 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 20:09:16 +0000 Subject: Build failed: openssl master.26244 Message-ID: <20190723200916.1.A3C2061B3519B099@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 23 20:24:55 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 20:24:55 +0000 Subject: Still Failing: openssl/openssl#26824 (master - 8b84b07) In-Reply-To: Message-ID: <5d376d179ce67_43ffa3f43cbb83041ad@ee6fb6c5-3be9-4fd7-97ac-21851effa153.mail> Build Update for openssl/openssl ------------------------------------- Build: #26824 Status: Still Failing Duration: 20 mins and 42 secs Commit: 8b84b07 (master) Author: Richard Levitte Message: Adapt DH to use with KEYMGMT The biggest part in this was to move the key->param builder from EVP to the DH ASN.1 method, and to implement the KEYMGMT support in the provider DH. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9394) View the changeset: https://github.com/openssl/openssl/compare/037439c46add...8b84b075ff06 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562765528?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 23 20:37:39 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jul 2019 20:37:39 +0000 Subject: Build completed: openssl master.26245 Message-ID: <20190723203739.1.F648C6453F4CFAA4@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 23 20:49:18 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Jul 2019 20:49:18 +0000 Subject: Still Failing: openssl/openssl#26794 (master - 037439c) In-Reply-To: Message-ID: <5d3772ce776ea_43fb6b5677978320867@cb18b961-207d-46c0-a575-9b620a741a14.mail> Build Update for openssl/openssl ------------------------------------- Build: #26794 Status: Still Failing Duration: 18 mins and 14 secs Commit: 037439c (master) Author: Matt Caswell Message: Remove some utilities from the core to provider interface The core provides a number of essential functions as "upcalls" to providers. Some of those were just utility functions that wrap other upcalls - which don't seem essential and bloat the interface. We should remove them in order to simplify the interface. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9432) View the changeset: https://github.com/openssl/openssl/compare/584410227ab3...037439c46add View the full build log and details: https://travis-ci.org/openssl/openssl/builds/562494365?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 24 02:28:47 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jul 2019 02:28:47 +0000 Subject: Build failed: openssl master.26254 Message-ID: <20190724022847.1.F3605A7491CAE2FD@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 24 02:35:40 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 24 Jul 2019 02:35:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1563935740.436795.3666.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 8b84b075ff Adapt DH to use with KEYMGMT 037439c46a Remove some utilities from the core to provider interface 584410227a Don't complain if function name doesn't match a6a66e4511 Make rand_pool buffers more dynamic in their sizing. 82925f9dd0 Avoid double clearing some BIGNUMs 2617501348 Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere 3efe19145c Describe OSSL_PARAM as a parameter descriptor b8441adb59 Re-implement the cipher and digest listings for 'openssl list' c540f00f38 Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex() 3d96a51c09 Add internal function evp_generic_do_all() 84d167f6eb Refactor ossl_method_construct() in terms of ossl_algorithm_do_all() a883c02faa Add internal function ossl_algorithm_do_all() b37066fdf7 Add OSSL_PROVIDER_name() 1d2622d4f3 Add EVP_MD_provider() and EVP_CIPHER_provider() c750bc0851 Re-implement EVP_MD_name() and EVP_CIPHER_name() as functions 6b9e37246d Add a mechnism to save the name of fetched methods da2addc515 provider-keymgmt(7): Document the KEYMGMT interface Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1647, 238 wallclock secs ( 2.69 usr 0.40 sys + 228.33 cusr 18.58 csys = 250.00 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jul 24 02:37:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jul 2019 02:37:42 +0000 Subject: Build failed: openssl master.26255 Message-ID: <20190724023742.1.AA0F0ABBF474E333@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 24 06:33:56 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 24 Jul 2019 06:33:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1563950036.939107.29878.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 8b84b075ff Adapt DH to use with KEYMGMT 037439c46a Remove some utilities from the core to provider interface 584410227a Don't complain if function name doesn't match a6a66e4511 Make rand_pool buffers more dynamic in their sizing. 82925f9dd0 Avoid double clearing some BIGNUMs 2617501348 Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere 3efe19145c Describe OSSL_PARAM as a parameter descriptor b8441adb59 Re-implement the cipher and digest listings for 'openssl list' c540f00f38 Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex() 3d96a51c09 Add internal function evp_generic_do_all() 84d167f6eb Refactor ossl_method_construct() in terms of ossl_algorithm_do_all() a883c02faa Add internal function ossl_algorithm_do_all() b37066fdf7 Add OSSL_PROVIDER_name() 1d2622d4f3 Add EVP_MD_provider() and EVP_CIPHER_provider() c750bc0851 Re-implement EVP_MD_name() and EVP_CIPHER_name() as functions 6b9e37246d Add a mechnism to save the name of fetched methods da2addc515 provider-keymgmt(7): Document the KEYMGMT interface Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:188: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:182: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:214: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:221: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:212: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:293: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:297: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:290: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:307: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:310: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:313: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:386: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:403: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:452: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:453: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:158: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:160: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:161: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:163: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:255: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7183: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Wed Jul 24 07:54:13 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jul 2019 07:54:13 +0000 Subject: Build completed: openssl OpenSSL_1_0_2-stable.26256 Message-ID: <20190724075413.1.DF1ED756A96EA4EC@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Wed Jul 24 12:45:13 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 24 Jul 2019 12:45:13 +0000 Subject: [openssl] master update Message-ID: <1563972313.859372.5039.nullmailer@dev.openssl.org> The branch master has been updated via 6de1fe90860ddfe768864838637f681537f3f108 (commit) from 8b84b075ff065554c0cdd1086950f1a8614d93a4 (commit) - Log ----------------------------------------------------------------- commit 6de1fe90860ddfe768864838637f681537f3f108 Author: Bernd Edlinger Date: Mon Jul 22 22:50:19 2019 +0200 Enforce a minimum DH modulus size of 512 bits [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9437) ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 +++ crypto/dh/dh_err.c | 1 + crypto/dh/dh_gen.c | 10 ++++++++++ crypto/dh/dh_key.c | 10 ++++++++++ crypto/dh/dh_locl.h | 2 ++ crypto/err/openssl.txt | 1 + doc/man1/dhparam.pod | 3 ++- include/openssl/dherr.h | 1 + test/dhtest.c | 25 ++++++------------------- 9 files changed, 36 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index 3507e35..acaa099 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,9 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Enforce a minimum DH modulus size of 512 bits. + [Bernd Edlinger] + *) Changed DH parameters to generate the order q subgroup instead of 2q. Previously generated DH parameters are still accepted by DH_check but DH_generate_key works around that by clearing bit 0 of the diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index cbde260..69f1452 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -41,6 +41,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = { {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL), "modulus too small"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), "not suitable generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 6e98b59..76d6ad0 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -61,6 +61,16 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, int g, ok = -1; BN_CTX *ctx = NULL; + if (prime_len > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_MODULUS_TOO_LARGE); + return 0; + } + + if (prime_len < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 0d6b04d..8731cc2 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -87,6 +87,11 @@ static int generate_key(DH *dh) return 0; } + if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -181,6 +186,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } + if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h index f0247b8..a9041e9 100644 --- a/crypto/dh/dh_locl.h +++ b/crypto/dh/dh_locl.h @@ -10,6 +10,8 @@ #include #include "internal/refcount.h" +#define DH_MIN_MODULUS_BITS 512 + struct dh_st { /* * This first argument is used to pick up errors when a DH is passed diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d88e989..ede1c57 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2276,6 +2276,7 @@ DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error DH_R_KEYS_NOT_SET:108:keys not set DH_R_MISSING_PUBKEY:125:missing pubkey DH_R_MODULUS_TOO_LARGE:103:modulus too large +DH_R_MODULUS_TOO_SMALL:126:modulus too small DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator DH_R_NO_PARAMETERS_SET:107:no parameters set DH_R_NO_PRIVATE_VALUE:100:no private value diff --git a/doc/man1/dhparam.pod b/doc/man1/dhparam.pod index dd871b3..c51bbaa 100644 --- a/doc/man1/dhparam.pod +++ b/doc/man1/dhparam.pod @@ -103,8 +103,9 @@ This can be used with a subsequent B<-rand> flag. This option specifies that a parameter set should be generated of size I. It must be the last option. If this option is present then the input file is ignored and parameters are generated instead. If -this option is not present but a generator (B<-2> or B<-5>) is +this option is not present but a generator (B<-2>, B<-3> or B<-5>) is present, parameters are generated with a default length of 2048 bits. +The minimim length is 512 bits. The maximum length is 10000 bits. =item B<-noout> diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h index 1e3451b..13bd036 100644 --- a/include/openssl/dherr.h +++ b/include/openssl/dherr.h @@ -80,6 +80,7 @@ int ERR_load_DH_strings(void); # define DH_R_KEYS_NOT_SET 108 # define DH_R_MISSING_PUBKEY 125 # define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_MODULUS_TOO_SMALL 126 # define DH_R_NOT_SUITABLE_GENERATOR 120 # define DH_R_NO_PARAMETERS_SET 107 # define DH_R_NO_PRIVATE_VALUE 100 diff --git a/test/dhtest.c b/test/dhtest.c index f80d5b3..662a4f3 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -103,25 +103,12 @@ static int dh_test(void) || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) goto err3; - /* now generate a key pair ... */ - if (!DH_generate_key(dh)) + /* now generate a key pair (expect failure since modulus is too small) */ + if (!TEST_false(DH_generate_key(dh))) goto err3; - /* ... and check whether the private key was reused: */ - - /* test it with the combined getter for pub_key and priv_key */ - DH_get0_key(dh, &pub_key2, &priv_key2); - if (!TEST_ptr(pub_key2) - || !TEST_ptr_eq(priv_key2, priv_key)) - goto err3; - - /* test it the simple getters for pub_key and priv_key */ - if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) - || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) - goto err3; - - /* check whether the public key was calculated correctly */ - TEST_uint_eq(BN_get_word(pub_key2), 3331L); + /* We'll have a stale error on the queue from the above test so clear it */ + ERR_clear_error(); /* * II) key generation @@ -132,7 +119,7 @@ static int dh_test(void) goto err3; BN_GENCB_set(_cb, &cb, NULL); if (!TEST_ptr(a = DH_new()) - || !TEST_true(DH_generate_parameters_ex(a, 64, + || !TEST_true(DH_generate_parameters_ex(a, 512, DH_GENERATOR_5, _cb))) goto err3; @@ -192,7 +179,7 @@ static int dh_test(void) || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1)) goto err3; - if (!TEST_true(aout >= 4) + if (!TEST_true(aout >= 20) || !TEST_mem_eq(abuf, aout, bbuf, bout) || !TEST_mem_eq(abuf, aout, cbuf, cout)) goto err3; From bernd.edlinger at hotmail.de Wed Jul 24 13:02:14 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 24 Jul 2019 13:02:14 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563973334.793301.21558.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ddd16c2fe988ed9fdd5118c2f2617745438fd675 (commit) from 8e747338593f3bafe9798226cddf4edf36bc2de9 (commit) - Log ----------------------------------------------------------------- commit ddd16c2fe988ed9fdd5118c2f2617745438fd675 Author: Bernd Edlinger Date: Wed Jul 10 15:52:36 2019 +0200 Change DH parameters to generate the order q subgroup instead of 2q This avoids leaking bit 0 of the private key. Backport-of: #9363 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9435) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++ crypto/dh/dh_check.c | 34 +++++++----------------- crypto/dh/dh_gen.c | 52 +++++++++++++++++-------------------- crypto/dh/dh_key.c | 13 ++++++++-- test/dhtest.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 122 insertions(+), 56 deletions(-) diff --git a/CHANGES b/CHANGES index 09c17f7..47ea8e0 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,12 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) Changed DH parameters to generate the order q subgroup instead of 2q. + Previously generated DH parameters are still accepted by DH_check + but DH_generate_key works around that by clearing bit 0 of the + private key for those. This avoids leaking bit 0 of the private key. + [Bernd Edlinger] + *) Revert the DEVRANDOM_WAIT feature for Linux systems The DEVRANDOM_WAIT feature added a select() call to wait for the diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index c7e1dbf..6d81101 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -24,7 +24,8 @@ int DH_check_params_ex(const DH *dh) { int errflags = 0; - (void)DH_check_params(dh, &errflags); + if (!DH_check_params(dh, &errflags)) + return 0; if ((errflags & DH_CHECK_P_NOT_PRIME) != 0) DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME); @@ -67,18 +68,14 @@ int DH_check_params(const DH *dh, int *ret) /*- * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. + * g is a suitable generator. */ int DH_check_ex(const DH *dh) { int errflags = 0; - (void)DH_check(dh, &errflags); + if (!DH_check(dh, &errflags)) + return 0; if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0) DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR); @@ -102,10 +99,11 @@ int DH_check(const DH *dh, int *ret) { int ok = 0, r; BN_CTX *ctx = NULL; - BN_ULONG l; BIGNUM *t1 = NULL, *t2 = NULL; - *ret = 0; + if (!DH_check_params(dh, ret)) + return 0; + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -139,21 +137,7 @@ int DH_check(const DH *dh, int *ret) *ret |= DH_CHECK_INVALID_Q_VALUE; if (dh->j && BN_cmp(dh->j, t1)) *ret |= DH_CHECK_INVALID_J_VALUE; - - } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) - goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) - goto err; - if ((l != 3) && (l != 7)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; + } r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 887fc4c..1262d4e 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -30,30 +30,29 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, /*- * We generate DH parameters as follows - * find a prime q which is prime_len/2 bits long. - * p=(2*q)+1 or (p-1)/2 = q - * For this case, g is a generator if - * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. - * Since the factors of p-1 are q and 2, we just need to check - * g^2 mod p != 1 and g^q mod p != 1. + * find a prime p which is prime_len bits long, + * where q=(p-1)/2 is also prime. + * In the following we assume that g is not 0, 1 or p-1, since it + * would generate only trivial subgroups. + * For this case, g is a generator of the order-q subgroup if + * g^q mod p == 1. + * Or in terms of the Legendre symbol: (g/p) == 1. * * Having said all that, * there is another special case method for the generators 2, 3 and 5. - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 <<<<< does not work for safe primes. - * for 5, p mod 10 == 3 or 7 + * Using the quadratic reciprocity law it is possible to solve + * (g/p) == 1 for the special values 2, 3, 5: + * (2/p) == 1 if p mod 8 == 1 or 7. + * (3/p) == 1 if p mod 12 == 1 or 11. + * (5/p) == 1 if p mod 5 == 1 or 4. + * See for instance: https://en.wikipedia.org/wiki/Legendre_symbol * - * Thanks to Phil Karn for the pointers about the - * special generators and for answering some of my questions. - * - * I've implemented the second simple method :-). - * Since DH should be using a safe prime (both p and q are prime), - * this generator function can take a very very long time to run. - */ -/* - * Actually there is no reason to insist that 'generator' be a generator. - * It's just as OK (and in some sense better) to use a generator of the - * order-q subgroup. + * Since all safe primes > 7 must satisfy p mod 12 == 11 + * and all safe primes > 11 must satisfy p mod 5 != 1 + * we can further improve the condition for g = 2, 3 and 5: + * for 2, p mod 24 == 23 + * for 3, p mod 12 == 11 + * for 5, p mod 60 == 59 */ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -84,17 +83,14 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, if (generator == DH_GENERATOR_2) { if (!BN_set_word(t1, 24)) goto err; - if (!BN_set_word(t2, 11)) + if (!BN_set_word(t2, 23)) goto err; g = 2; } else if (generator == DH_GENERATOR_5) { - if (!BN_set_word(t1, 10)) + if (!BN_set_word(t1, 60)) goto err; - if (!BN_set_word(t2, 3)) + if (!BN_set_word(t2, 59)) goto err; - /* - * BN_set_word(t3,7); just have to miss out on these ones :-( - */ g = 5; } else { /* @@ -102,9 +98,9 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, * not: since we are using safe primes, it will generate either an * order-q or an order-2q group, which both is OK */ - if (!BN_set_word(t1, 2)) + if (!BN_set_word(t1, 12)) goto err; - if (!BN_set_word(t2, 1)) + if (!BN_set_word(t2, 11)) goto err; g = generator; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 99c00e5..718aa42 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -125,6 +125,15 @@ static int generate_key(DH *dh) l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto err; + /* + * We handle just one known case where g is a quadratic non-residue: + * for g = 2: p % 8 == 3 + */ + if (BN_is_word(dh->g, DH_GENERATOR_2) && !BN_is_bit_set(dh->p, 2)) { + /* clear bit 0, since it won't be a secret anyway */ + if (!BN_clear_bit(priv_key, 0)) + goto err; + } } } @@ -136,11 +145,11 @@ static int generate_key(DH *dh) BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) { - BN_free(prk); + BN_clear_free(prk); goto err; } /* We MUST free prk before any further use of priv_key */ - BN_free(prk); + BN_clear_free(prk); } dh->pub_key = pub_key; diff --git a/test/dhtest.c b/test/dhtest.c index 84a0468..d264bbb 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "testutil.h" #ifndef OPENSSL_NO_DH @@ -62,6 +63,17 @@ static int dh_test(void) || !TEST_true(DH_set0_pqg(dh, p, q, g))) goto err1; + if (!DH_check(dh, &i)) + goto err2; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) + goto err2; + /* test the combined getter for p, q, and g */ DH_get0_pqg(dh, &p2, &q2, &g2); if (!TEST_ptr_eq(p2, p) @@ -130,7 +142,8 @@ static int dh_test(void) if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) - || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) goto err3; DH_get0_pqg(a, &ap, NULL, &ag); @@ -609,6 +622,63 @@ static int rfc5114_test(void) TEST_error("Test failed RFC5114 set %d\n", i + 1); return 0; } + +static int rfc7919_test(void) +{ + DH *a = NULL, *b = NULL; + const BIGNUM *apub_key = NULL, *bpub_key = NULL; + unsigned char *abuf = NULL; + unsigned char *bbuf = NULL; + int i, alen, blen, aout, bout; + int ret = 0; + + if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048))) + goto err; + + if (!DH_check(a, &i)) + goto err; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) + goto err; + + if (!DH_generate_key(a)) + goto err; + DH_get0_key(a, &apub_key, NULL); + + /* now create another copy of the DH group for the peer */ + if (!TEST_ptr(b = DH_new_by_nid(NID_ffdhe2048))) + goto err; + + if (!DH_generate_key(b)) + goto err; + DH_get0_key(b, &bpub_key, NULL); + + alen = DH_size(a); + if (!TEST_ptr(abuf = OPENSSL_malloc(alen)) + || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1)) + goto err; + + blen = DH_size(b); + if (!TEST_ptr(bbuf = OPENSSL_malloc(blen)) + || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1)) + goto err; + + if (!TEST_true(aout >= 20) + || !TEST_mem_eq(abuf, aout, bbuf, bout)) + goto err; + + ret = 1; + + err: + OPENSSL_free(abuf); + OPENSSL_free(bbuf); + DH_free(a); + DH_free(b); + return ret; +} #endif @@ -619,6 +689,7 @@ int setup_tests(void) #else ADD_TEST(dh_test); ADD_TEST(rfc5114_test); + ADD_TEST(rfc7919_test); #endif return 1; } From builds at travis-ci.org Wed Jul 24 13:05:25 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Jul 2019 13:05:25 +0000 Subject: Still Failing: openssl/openssl#26849 (master - 6de1fe9) In-Reply-To: Message-ID: <5d3857934241b_43fb7a2237a64327721@ef0e1c02-2ef8-40b1-b8bb-1cf19c10b011.mail> Build Update for openssl/openssl ------------------------------------- Build: #26849 Status: Still Failing Duration: 19 mins and 27 secs Commit: 6de1fe9 (master) Author: Bernd Edlinger Message: Enforce a minimum DH modulus size of 512 bits [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9437) View the changeset: https://github.com/openssl/openssl/compare/8b84b075ff06...6de1fe90860d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563059305?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 24 13:22:55 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Jul 2019 13:22:55 +0000 Subject: Failed: openssl/openssl#26850 (OpenSSL_1_1_1-stable - ddd16c2) In-Reply-To: Message-ID: <5d385baf3fe8a_43f826351d6d01209f@2a8884af-a77d-4bb2-a923-e537c18ff441.mail> Build Update for openssl/openssl ------------------------------------- Build: #26850 Status: Failed Duration: 20 mins and 2 secs Commit: ddd16c2 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Change DH parameters to generate the order q subgroup instead of 2q This avoids leaking bit 0 of the private key. Backport-of: #9363 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9435) View the changeset: https://github.com/openssl/openssl/compare/8e747338593f...ddd16c2fe988 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563066965?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 24 13:45:17 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 24 Jul 2019 13:45:17 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1563975917.588980.32540.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 8b84b075ff Adapt DH to use with KEYMGMT 037439c46a Remove some utilities from the core to provider interface 584410227a Don't complain if function name doesn't match a6a66e4511 Make rand_pool buffers more dynamic in their sizing. 82925f9dd0 Avoid double clearing some BIGNUMs 2617501348 Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere 3efe19145c Describe OSSL_PARAM as a parameter descriptor b8441adb59 Re-implement the cipher and digest listings for 'openssl list' c540f00f38 Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex() 3d96a51c09 Add internal function evp_generic_do_all() 84d167f6eb Refactor ossl_method_construct() in terms of ossl_algorithm_do_all() a883c02faa Add internal function ossl_algorithm_do_all() b37066fdf7 Add OSSL_PROVIDER_name() 1d2622d4f3 Add EVP_MD_provider() and EVP_CIPHER_provider() c750bc0851 Re-implement EVP_MD_name() and EVP_CIPHER_name() as functions 6b9e37246d Add a mechnism to save the name of fetched methods da2addc515 provider-keymgmt(7): Document the KEYMGMT interface Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 222 wallclock secs ( 1.58 usr 0.37 sys + 216.64 cusr 17.50 csys = 236.09 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matthias.st.pierre at ncp-e.com Wed Jul 24 13:51:41 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 24 Jul 2019 13:51:41 +0000 Subject: [openssl] master update Message-ID: <1563976301.143197.11379.nullmailer@dev.openssl.org> The branch master has been updated via d0cf719efb4e60364ee80d3d7c9c8f69c69cdb95 (commit) via dbd66443208cb0928b93bce04e32de412d452aff (commit) via b23217a144d007a35875136ad744a5824a6a6306 (commit) from 6de1fe90860ddfe768864838637f681537f3f108 (commit) - Log ----------------------------------------------------------------- commit d0cf719efb4e60364ee80d3d7c9c8f69c69cdb95 Author: Dr. Matthias St. Pierre Date: Fri Jul 12 22:49:42 2019 +0200 Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps The HEADER_X509_H check is redundant, because is already included. Instead of of checking for HEADER_SSL_H, include explicitly in "s_apps.h" and don't include "s_apps.h" where it's not necessary. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9364) commit dbd66443208cb0928b93bce04e32de412d452aff Author: Dr. Matthias St. Pierre Date: Fri Jul 5 15:50:50 2019 +0200 Remove OPENSSL_X509V3_H include detector from openssl/cms.h The check is redundant, because is included. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9364) commit b23217a144d007a35875136ad744a5824a6a6306 Author: Dr. Matthias St. Pierre Date: Thu Jul 4 12:38:43 2019 +0200 Remove HEADER_BSS_FILE_C module include guard This include guard inside an object file comes as a surprise and serves no purpose anymore. It seems like this object file was included by crypto/threads/mttest.c at some time, but the include directive was removed in commit bb8abd6. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9364) ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 9 +++++++- apps/include/apps.h | 2 -- apps/include/s_apps.h | 18 +++------------ apps/openssl.c | 1 - crypto/bio/bss_file.c | 61 +++++++++++++++++++++++---------------------------- crypto/cms/cms_lcl.h | 3 --- include/openssl/cms.h | 3 --- 7 files changed, 39 insertions(+), 58 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 43af5ad..79d6bec 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -40,7 +40,6 @@ #endif #include #include -#include "s_apps.h" #include "apps.h" #ifdef _WIN32 @@ -48,6 +47,14 @@ static int WIN32_rename(const char *from, const char *to); # define rename(from,to) WIN32_rename((from),(to)) #endif +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +# include +#endif + +#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +# define _kbhit kbhit +#endif + #define PASS_SOURCE_SIZE_MAX 4 typedef struct { diff --git a/apps/include/apps.h b/apps/include/apps.h index 59e3e92..a0fd3c3 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -102,11 +102,9 @@ typedef struct args_st { int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); int chopup_args(ARGS *arg, char *buf); -# ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); -# endif void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index d941ccd..4f976da 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -9,13 +9,7 @@ #include -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# include -#endif - -#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) -# define _kbhit kbhit -#endif +#include #define PORT "4433" #define PROTOCOL "tcp" @@ -24,17 +18,15 @@ typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, int protocol, do_server_cb cb, unsigned char *context, int naccept, BIO *bio_s_out); -#ifdef HEADER_X509_H + int verify_callback(int ok, X509_STORE_CTX *ctx); -#endif -#ifdef HEADER_SSL_H + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_groups(BIO *out, SSL *s, int noshared); -#endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, const char *bindhost, const char *bindport, @@ -44,13 +36,11 @@ int should_retry(int i); long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -#ifdef HEADER_SSL_H void apps_ssl_info_callback(const SSL *s, int where, int ret); void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg); -#endif int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); @@ -75,7 +65,6 @@ int args_excert(int option, SSL_EXCERT **pexc); int load_excert(SSL_EXCERT **pexc); void print_verify_detail(SSL *s, BIO *bio); void print_ssl_summary(SSL *s); -#ifdef HEADER_SSL_H int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download); @@ -86,4 +75,3 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); void print_ca_names(BIO *bio, SSL *s); -#endif diff --git a/apps/openssl.c b/apps/openssl.c index b2fd630..123c1ff 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -23,7 +23,6 @@ # include #endif #include -#include "s_apps.h" /* Needed to get the other O_xxx flags. */ #ifdef OPENSSL_SYS_VMS # include diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 5a0b248..0aa6b71 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -7,10 +7,7 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BSS_FILE_C -# define HEADER_BSS_FILE_C - -# if defined(__linux) || defined(__sun) || defined(__hpux) +#if defined(__linux) || defined(__sun) || defined(__hpux) /* * Following definition aliases fopen to fopen64 on above mentioned * platforms. This makes it possible to open and sequentially access files @@ -23,17 +20,17 @@ * of 32-bit platforms which allow for sequential access of large files * without extra "magic" comprise *BSD, Darwin, IRIX... */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif +# ifndef _FILE_OFFSET_BITS +# define _FILE_OFFSET_BITS 64 # endif +#endif -# include -# include -# include "bio_lcl.h" -# include +#include +#include +#include "bio_lcl.h" +#include -# if !defined(OPENSSL_NO_STDIO) +#if !defined(OPENSSL_NO_STDIO) static int file_write(BIO *h, const char *buf, int num); static int file_read(BIO *h, char *buf, int size); @@ -72,9 +69,9 @@ BIO *BIO_new_file(const char *filename, const char *mode) FUNCerr("fopen", get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); if (errno == ENOENT -# ifdef ENXIO +#ifdef ENXIO || errno == ENXIO -# endif +#endif ) BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); else @@ -212,33 +209,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num & BIO_CLOSE; b->ptr = ptr; b->init = 1; -# if BIO_FLAGS_UPLINK_INTERNAL!=0 -# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) -# define _IOB_ENTRIES 20 -# endif +# if BIO_FLAGS_UPLINK_INTERNAL!=0 +# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +# define _IOB_ENTRIES 20 +# endif /* Safety net to catch purely internal BIO_set_fp calls */ -# if defined(_MSC_VER) && _MSC_VER>=1900 +# if defined(_MSC_VER) && _MSC_VER>=1900 if (ptr == stdin || ptr == stdout || ptr == stderr) BIO_clear_flags(b, BIO_FLAGS_UPLINK_INTERNAL); -# elif defined(_IOB_ENTRIES) +# elif defined(_IOB_ENTRIES) if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) BIO_clear_flags(b, BIO_FLAGS_UPLINK_INTERNAL); -# endif # endif -# ifdef UP_fsetmod +# endif +# ifdef UP_fsetmod if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b')); else -# endif +# endif { -# if defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_WINDOWS) int fd = _fileno((FILE *)ptr); if (num & BIO_FP_TEXT) _setmode(fd, _O_TEXT); else _setmode(fd, _O_BINARY); -# elif defined(OPENSSL_SYS_MSDOS) +# elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE *)ptr); /* Set correct text/binary mode */ if (num & BIO_FP_TEXT) @@ -251,11 +248,11 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) } else _setmode(fd, _O_BINARY); } -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) int fd = fileno((FILE *)ptr); if (!(num & BIO_FP_TEXT)) setmode(fd, O_BINARY); -# endif +# endif } break; case BIO_C_SET_FILENAME: @@ -277,15 +274,15 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); else OPENSSL_strlcat(p, "t", sizeof(p)); -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); -# endif +# endif fp = openssl_fopen(ptr, p); if (fp == NULL) { FUNCerr("fopen", get_last_sys_error()); @@ -422,6 +419,4 @@ BIO *BIO_new_file(const char *filename, const char *mode) return NULL; } -# endif /* OPENSSL_NO_STDIO */ - -#endif /* HEADER_BSS_FILE_C */ +#endif /* OPENSSL_NO_STDIO */ diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index dbc329d..08f086b 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -317,8 +317,6 @@ struct CMS_OtherKeyAttribute_st { /* ESS structures */ -# ifdef HEADER_X509V3_H - struct CMS_ReceiptRequest_st { ASN1_OCTET_STRING *signedContentIdentifier; CMS_ReceiptsFrom *receiptsFrom; @@ -332,7 +330,6 @@ struct CMS_ReceiptsFrom_st { STACK_OF(GENERAL_NAMES) *receiptList; } d; }; -# endif struct CMS_Receipt_st { int32_t version; diff --git a/include/openssl/cms.h b/include/openssl/cms.h index e8653d7..64002e4 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -288,8 +288,6 @@ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); -# ifdef HEADER_X509V3_H - int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, @@ -302,7 +300,6 @@ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto); -# endif int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pukm); From builds at travis-ci.org Wed Jul 24 14:17:12 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Jul 2019 14:17:12 +0000 Subject: Still Failing: openssl/openssl#26852 (master - d0cf719) In-Reply-To: Message-ID: <5d3868687bd91_43faefacfc874334335@8ae846a3-0747-449a-83f5-debc401db110.mail> Build Update for openssl/openssl ------------------------------------- Build: #26852 Status: Still Failing Duration: 24 mins and 53 secs Commit: d0cf719 (master) Author: Dr. Matthias St. Pierre Message: Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps The HEADER_X509_H check is redundant, because is already included. Instead of of checking for HEADER_SSL_H, include explicitly in "s_apps.h" and don't include "s_apps.h" where it's not necessary. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9364) View the changeset: https://github.com/openssl/openssl/compare/6de1fe90860d...d0cf719efb4e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563090463?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 24 14:33:38 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 24 Jul 2019 14:33:38 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1563978818.841213.26079.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 8b84b075ff Adapt DH to use with KEYMGMT 037439c46a Remove some utilities from the core to provider interface 584410227a Don't complain if function name doesn't match a6a66e4511 Make rand_pool buffers more dynamic in their sizing. 82925f9dd0 Avoid double clearing some BIGNUMs 2617501348 Replace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere 3efe19145c Describe OSSL_PARAM as a parameter descriptor b8441adb59 Re-implement the cipher and digest listings for 'openssl list' c540f00f38 Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex() 3d96a51c09 Add internal function evp_generic_do_all() 84d167f6eb Refactor ossl_method_construct() in terms of ossl_algorithm_do_all() a883c02faa Add internal function ossl_algorithm_do_all() b37066fdf7 Add OSSL_PROVIDER_name() 1d2622d4f3 Add EVP_MD_provider() and EVP_CIPHER_provider() c750bc0851 Re-implement EVP_MD_name() and EVP_CIPHER_name() as functions 6b9e37246d Add a mechnism to save the name of fetched methods da2addc515 provider-keymgmt(7): Document the KEYMGMT interface Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 223 wallclock secs ( 1.64 usr 0.31 sys + 217.32 cusr 17.27 csys = 236.54 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matthias.st.pierre at ncp-e.com Wed Jul 24 15:12:21 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 24 Jul 2019 15:12:21 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1563981141.655158.22029.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 77cb24344dd522b4b7882be50aa199b1ecf4711f (commit) via 19b7b64c7284dea373b454e14360e786ffca6375 (commit) via ca066211a831e6fead672cf2fdc89a89e33f86d9 (commit) via 0904e31297f3f8275721fbf107248508db113598 (commit) from ddd16c2fe988ed9fdd5118c2f2617745438fd675 (commit) - Log ----------------------------------------------------------------- commit 77cb24344dd522b4b7882be50aa199b1ecf4711f Author: Dr. Matthias St. Pierre Date: Fri Jul 12 22:49:42 2019 +0200 Remove HEADER_X509_H include detector from apps The HEADER_X509_H check is redundant, because is already included. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9365) commit 19b7b64c7284dea373b454e14360e786ffca6375 Author: Dr. Matthias St. Pierre Date: Fri Jul 5 15:50:50 2019 +0200 Remove OPENSSL_X509V3_H include detector from openssl/cms.h The check is redundant, because is included. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9365) commit ca066211a831e6fead672cf2fdc89a89e33f86d9 Author: Dr. Matthias St. Pierre Date: Thu Jul 4 12:38:43 2019 +0200 Remove HEADER_BSS_FILE_C module include guard This include guard inside an object file comes as a surprise and serves no purpose anymore. It seems like this object file was included by crypto/threads/mttest.c at some time, but the include directive was removed in commit bb8abd6. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9365) commit 0904e31297f3f8275721fbf107248508db113598 Author: Dr. Matthias St. Pierre Date: Sun Jul 14 10:55:35 2019 +0200 Remove external HEADER_SYMHACKS_H include guard Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9365) ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 9 +++++++- apps/apps.h | 2 -- apps/openssl.c | 1 - apps/s_apps.h | 18 +++------------ crypto/bio/bss_file.c | 61 +++++++++++++++++++++++---------------------------- crypto/cms/cms_lcl.h | 3 --- include/openssl/cms.h | 3 --- util/mkerr.pl | 4 +--- 8 files changed, 40 insertions(+), 61 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 36cb0b2..7177c5d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -40,7 +40,6 @@ #endif #include #include -#include "s_apps.h" #include "apps.h" #ifdef _WIN32 @@ -48,6 +47,14 @@ static int WIN32_rename(const char *from, const char *to); # define rename(from,to) WIN32_rename((from),(to)) #endif +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +# include +#endif + +#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +# define _kbhit kbhit +#endif + typedef struct { const char *name; unsigned long flag; diff --git a/apps/apps.h b/apps/apps.h index d9eb650..87a5962 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -444,11 +444,9 @@ void destroy_ui_method(void); const UI_METHOD *get_ui_method(void); int chopup_args(ARGS *arg, char *buf); -# ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); -# endif void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); diff --git a/apps/openssl.c b/apps/openssl.c index a872e2c..044e768 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -22,7 +22,6 @@ # include #endif #include -#include "s_apps.h" /* Needed to get the other O_xxx flags. */ #ifdef OPENSSL_SYS_VMS # include diff --git a/apps/s_apps.h b/apps/s_apps.h index 0a3bc96..810f3ed 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -9,13 +9,7 @@ #include -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# include -#endif - -#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) -# define _kbhit kbhit -#endif +#include #define PORT "4433" #define PROTOCOL "tcp" @@ -24,17 +18,15 @@ typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, int protocol, do_server_cb cb, unsigned char *context, int naccept, BIO *bio_s_out); -#ifdef HEADER_X509_H + int verify_callback(int ok, X509_STORE_CTX *ctx); -#endif -#ifdef HEADER_SSL_H + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_groups(BIO *out, SSL *s, int noshared); -#endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, const char *bindhost, const char *bindport, @@ -44,13 +36,11 @@ int should_retry(int i); long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -#ifdef HEADER_SSL_H void apps_ssl_info_callback(const SSL *s, int where, int ret); void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg); -#endif int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); @@ -75,7 +65,6 @@ int args_excert(int option, SSL_EXCERT **pexc); int load_excert(SSL_EXCERT **pexc); void print_verify_detail(SSL *s, BIO *bio); void print_ssl_summary(SSL *s); -#ifdef HEADER_SSL_H int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download); @@ -86,4 +75,3 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); void print_ca_names(BIO *bio, SSL *s); -#endif diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 0573447..a210205 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -7,10 +7,7 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BSS_FILE_C -# define HEADER_BSS_FILE_C - -# if defined(__linux) || defined(__sun) || defined(__hpux) +#if defined(__linux) || defined(__sun) || defined(__hpux) /* * Following definition aliases fopen to fopen64 on above mentioned * platforms. This makes it possible to open and sequentially access files @@ -23,17 +20,17 @@ * of 32-bit platforms which allow for sequential access of large files * without extra "magic" comprise *BSD, Darwin, IRIX... */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif +# ifndef _FILE_OFFSET_BITS +# define _FILE_OFFSET_BITS 64 # endif +#endif -# include -# include -# include "bio_lcl.h" -# include +#include +#include +#include "bio_lcl.h" +#include -# if !defined(OPENSSL_NO_STDIO) +#if !defined(OPENSSL_NO_STDIO) static int file_write(BIO *h, const char *buf, int num); static int file_read(BIO *h, char *buf, int size); @@ -72,9 +69,9 @@ BIO *BIO_new_file(const char *filename, const char *mode) SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); if (errno == ENOENT -# ifdef ENXIO +#ifdef ENXIO || errno == ENXIO -# endif +#endif ) BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); else @@ -212,33 +209,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num & BIO_CLOSE; b->ptr = ptr; b->init = 1; -# if BIO_FLAGS_UPLINK!=0 -# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) -# define _IOB_ENTRIES 20 -# endif +# if BIO_FLAGS_UPLINK!=0 +# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +# define _IOB_ENTRIES 20 +# endif /* Safety net to catch purely internal BIO_set_fp calls */ -# if defined(_MSC_VER) && _MSC_VER>=1900 +# if defined(_MSC_VER) && _MSC_VER>=1900 if (ptr == stdin || ptr == stdout || ptr == stderr) BIO_clear_flags(b, BIO_FLAGS_UPLINK); -# elif defined(_IOB_ENTRIES) +# elif defined(_IOB_ENTRIES) if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) BIO_clear_flags(b, BIO_FLAGS_UPLINK); -# endif # endif -# ifdef UP_fsetmod +# endif +# ifdef UP_fsetmod if (b->flags & BIO_FLAGS_UPLINK) UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b')); else -# endif +# endif { -# if defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_WINDOWS) int fd = _fileno((FILE *)ptr); if (num & BIO_FP_TEXT) _setmode(fd, _O_TEXT); else _setmode(fd, _O_BINARY); -# elif defined(OPENSSL_SYS_MSDOS) +# elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE *)ptr); /* Set correct text/binary mode */ if (num & BIO_FP_TEXT) @@ -251,11 +248,11 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) } else _setmode(fd, _O_BINARY); } -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) int fd = fileno((FILE *)ptr); if (!(num & BIO_FP_TEXT)) setmode(fd, O_BINARY); -# endif +# endif } break; case BIO_C_SET_FILENAME: @@ -277,15 +274,15 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); else OPENSSL_strlcat(p, "t", sizeof(p)); -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); -# endif +# endif fp = openssl_fopen(ptr, p); if (fp == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); @@ -422,6 +419,4 @@ BIO *BIO_new_file(const char *filename, const char *mode) return NULL; } -# endif /* OPENSSL_NO_STDIO */ - -#endif /* HEADER_BSS_FILE_C */ +#endif /* OPENSSL_NO_STDIO */ diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index efc958d..b5c06b7 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -317,8 +317,6 @@ struct CMS_OtherKeyAttribute_st { /* ESS structures */ -# ifdef HEADER_X509V3_H - struct CMS_ReceiptRequest_st { ASN1_OCTET_STRING *signedContentIdentifier; CMS_ReceiptsFrom *receiptsFrom; @@ -332,7 +330,6 @@ struct CMS_ReceiptsFrom_st { STACK_OF(GENERAL_NAMES) *receiptList; } d; }; -# endif struct CMS_Receipt_st { int32_t version; diff --git a/include/openssl/cms.h b/include/openssl/cms.h index ddf37e5..72d45d8 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -284,8 +284,6 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos, int type); -# ifdef HEADER_X509V3_H - int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, @@ -298,7 +296,6 @@ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto); -# endif int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pukm); diff --git a/util/mkerr.pl b/util/mkerr.pl index c4a2f8f..948391e 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -453,9 +453,7 @@ foreach my $lib ( keys %errorfile ) { #ifndef HEADER_${lib}ERR_H # define HEADER_${lib}ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include EOF if ( $internal ) { From builds at travis-ci.org Wed Jul 24 15:44:39 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Jul 2019 15:44:39 +0000 Subject: Still Failing: openssl/openssl#26858 (OpenSSL_1_1_1-stable - 77cb243) In-Reply-To: Message-ID: <5d387ce59ea26_43fdd9d5791fc379460@3fc03f5d-b96c-4488-b50d-40b70bc9268c.mail> Build Update for openssl/openssl ------------------------------------- Build: #26858 Status: Still Failing Duration: 22 mins and 36 secs Commit: 77cb243 (OpenSSL_1_1_1-stable) Author: Dr. Matthias St. Pierre Message: Remove HEADER_X509_H include detector from apps The HEADER_X509_H check is redundant, because is already included. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9365) View the changeset: https://github.com/openssl/openssl/compare/ddd16c2fe988...77cb24344dd5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563129663?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 24 19:18:40 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jul 2019 19:18:40 +0000 Subject: Build failed: openssl master.26285 Message-ID: <20190724191840.1.FBCCF93392F51763@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 24 19:50:54 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jul 2019 19:50:54 +0000 Subject: Build completed: openssl master.26286 Message-ID: <20190724195054.1.57B6110EFB5B10F9@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jul 24 22:14:10 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 24 Jul 2019 22:14:10 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564006450.703918.14961.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e8d866dcb170dbe22dcda418cd5df655f67dbc0b (commit) from 77cb24344dd522b4b7882be50aa199b1ecf4711f (commit) - Log ----------------------------------------------------------------- commit e8d866dcb170dbe22dcda418cd5df655f67dbc0b Author: Bernd Edlinger Date: Tue Jul 23 23:14:14 2019 +1000 Allocate DRBG additional data pool from non-secure memory The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9424) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/rand_int.h | 3 ++- crypto/rand/drbg_lib.c | 2 +- crypto/rand/rand_lcl.h | 1 + crypto/rand/rand_lib.c | 35 +++++++++++++++++++++++++---------- 4 files changed, 29 insertions(+), 12 deletions(-) diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index 888cab1..ea3b1a4 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -52,7 +52,8 @@ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); /* * RAND_POOL functions */ -RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len); +RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len); RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, size_t entropy); void rand_pool_free(RAND_POOL *pool); diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index abbe0a8..df1e260 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -664,7 +664,7 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) if (drbg->adin_pool == NULL) { if (drbg->type == 0) goto err; - drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen); + drbg->adin_pool = rand_pool_new(0, 0, 0, drbg->max_adinlen); if (drbg->adin_pool == NULL) goto err; } diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index c3e9804..a48e08a 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -150,6 +150,7 @@ struct rand_pool_st { size_t len; /* current number of random bytes contained in the pool */ int attached; /* true pool was attached to existing buffer */ + int secure; /* 1: allocated on the secure heap, 0: otherwise */ size_t min_len; /* minimum number of random bytes requested */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */ diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index b666381..f658634 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -150,7 +150,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, pool = drbg->seed_pool; pool->entropy_requested = entropy; } else { - pool = rand_pool_new(entropy, min_len, max_len); + pool = rand_pool_new(entropy, drbg->secure, min_len, max_len); if (pool == NULL) return 0; } @@ -216,8 +216,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - if (drbg->seed_pool == NULL) - OPENSSL_secure_clear_free(out, outlen); + if (drbg->seed_pool == NULL) { + if (drbg->secure) + OPENSSL_secure_clear_free(out, outlen); + else + OPENSSL_clear_free(out, outlen); + } } @@ -238,7 +242,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, } data; memset(&data, 0, sizeof(data)); - pool = rand_pool_new(0, min_len, max_len); + pool = rand_pool_new(0, 0, min_len, max_len); if (pool == NULL) return 0; @@ -267,7 +271,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - OPENSSL_secure_clear_free(out, outlen); + OPENSSL_clear_free(out, outlen); } /* @@ -402,7 +406,7 @@ int RAND_poll(void) } else { /* fill random pool and seed the current legacy RNG */ - pool = rand_pool_new(RAND_DRBG_STRENGTH, + pool = rand_pool_new(RAND_DRBG_STRENGTH, 1, (RAND_DRBG_STRENGTH + 7) / 8, RAND_POOL_MAX_LENGTH); if (pool == NULL) @@ -429,7 +433,8 @@ err: * Allocate memory and initialize a new random pool */ -RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) +RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); @@ -442,13 +447,18 @@ RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? RAND_POOL_MAX_LENGTH : max_len; - pool->buffer = OPENSSL_secure_zalloc(pool->max_len); + if (secure) + pool->buffer = OPENSSL_secure_zalloc(pool->max_len); + else + pool->buffer = OPENSSL_zalloc(pool->max_len); + if (pool->buffer == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); goto err; } pool->entropy_requested = entropy_requested; + pool->secure = secure; return pool; @@ -503,8 +513,13 @@ void rand_pool_free(RAND_POOL *pool) * to rand_pool_attach() as `const unsigned char*`. * (see corresponding comment in rand_pool_attach()). */ - if (!pool->attached) - OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + if (!pool->attached) { + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + else + OPENSSL_clear_free(pool->buffer, pool->max_len); + } + OPENSSL_free(pool); } From pauli at openssl.org Wed Jul 24 22:30:40 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 24 Jul 2019 22:30:40 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564007440.108524.3949.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via b4b42d441d350b48449ea93aaa035152123f70ae (commit) from e8d866dcb170dbe22dcda418cd5df655f67dbc0b (commit) - Log ----------------------------------------------------------------- commit b4b42d441d350b48449ea93aaa035152123f70ae Author: Pauli Date: Tue Jul 23 18:07:19 2019 +1000 Make rand_pool buffers more dynamic in their sizing. The rand pool support allocates maximal sized buffers -- this is typically 12288 bytes in size. These pools are allocated in secure memory which is a scarse resource. They are also allocated per DRBG of which there are up to two per thread. This change allocates 64 byte pools and grows them dynamically if required. 64 is chosen to be sufficiently large so that pools do not normally need to grow. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9428) (cherry picked from commit a6a66e4511eec0f4ecc2943117a42b3723eb2222) ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 +++ crypto/err/openssl.txt | 1 + crypto/rand/rand_err.c | 3 ++- crypto/rand/rand_lcl.h | 19 +++++++++++++++++++ crypto/rand/rand_lib.c | 48 ++++++++++++++++++++++++++++++++++++++++++----- include/openssl/randerr.h | 5 ++--- 6 files changed, 70 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 47ea8e0..de9c7c1 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,9 @@ private key for those. This avoids leaking bit 0 of the private key. [Bernd Edlinger] + *) Significantly reduce secure memory usage by the randomness pools. + [Paul Dale] + *) Revert the DEVRANDOM_WAIT feature for Linux systems The DEVRANDOM_WAIT feature added a select() call to wait for the diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 907eeaa..722a087 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1025,6 +1025,7 @@ RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed +RAND_F_RAND_POOL_GROW:125:rand_pool_grow RAND_F_RAND_POOL_NEW:116:rand_pool_new RAND_F_RAND_WRITE_FILE:112:RAND_write_file RSA_F_CHECK_PADDING_MD:140:check_padding_md diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index 6a87045..ae4d855 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,6 +47,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = { {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0), "rand_pool_bytes_needed"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_GROW, 0), "rand_pool_grow"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"}, {0, NULL} diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index a48e08a..148da84 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -72,6 +72,24 @@ * 1.5 * (RAND_DRBG_STRENGTH / 8)) */ +/* + * Initial allocation minimum. + * + * There is a distinction between the secure and normal allocation minimums. + * Ideally, the secure allocation size should be a power of two. The normal + * allocation size doesn't have any such restriction. + * + * The secure value is based on 128 bits of secure material, which is 16 bytes. + * Typically, the DRBGs will set a minimum larger than this so optimal + * allocation ought to take place (for full quality seed material). + * + * The normal value has been chosed by noticing that the rand_drbg_get_nonce + * function is usually the largest of the built in allocation (twenty four + * bytes and then appending another sixteen bytes). This means the buffer ends + * with 40 bytes. The value of forty eight is comfortably above this which + * allows some slack in the platform specific values used. + */ +# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) /* DRBG status values */ typedef enum drbg_status_e { @@ -154,6 +172,7 @@ struct rand_pool_st { size_t min_len; /* minimum number of random bytes requested */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */ + size_t alloc_len; /* current number of bytes allocated */ size_t entropy; /* current entropy count in bits */ size_t entropy_requested; /* requested entropy count in bits */ }; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index f658634..48da2b9 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -437,6 +437,7 @@ RAND_POOL *rand_pool_new(int entropy_requested, int secure, size_t min_len, size_t max_len) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); if (pool == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); @@ -446,11 +447,14 @@ RAND_POOL *rand_pool_new(int entropy_requested, int secure, pool->min_len = min_len; pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? RAND_POOL_MAX_LENGTH : max_len; + pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len; + if (pool->alloc_len > pool->max_len) + pool->alloc_len = pool->max_len; if (secure) - pool->buffer = OPENSSL_secure_zalloc(pool->max_len); + pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len); else - pool->buffer = OPENSSL_zalloc(pool->max_len); + pool->buffer = OPENSSL_zalloc(pool->alloc_len); if (pool->buffer == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); @@ -493,7 +497,7 @@ RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, pool->attached = 1; - pool->min_len = pool->max_len = pool->len; + pool->min_len = pool->max_len = pool->alloc_len = pool->len; pool->entropy = entropy; return pool; @@ -515,9 +519,9 @@ void rand_pool_free(RAND_POOL *pool) */ if (!pool->attached) { if (pool->secure) - OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); else - OPENSSL_clear_free(pool->buffer, pool->max_len); + OPENSSL_clear_free(pool->buffer, pool->alloc_len); } OPENSSL_free(pool); @@ -650,6 +654,36 @@ size_t rand_pool_bytes_remaining(RAND_POOL *pool) return pool->max_len - pool->len; } +static int rand_pool_grow(RAND_POOL *pool, size_t len) +{ + if (len > pool->alloc_len - pool->len) { + unsigned char *p; + const size_t limit = pool->max_len / 2; + size_t newlen = pool->alloc_len; + + do + newlen = newlen < limit ? newlen * 2 : pool->max_len; + while (len > newlen - pool->len); + + if (pool->secure) + p = OPENSSL_secure_zalloc(newlen); + else + p = OPENSSL_zalloc(newlen); + if (p == NULL) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(p, pool->buffer, pool->len); + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); + else + OPENSSL_clear_free(pool->buffer, pool->alloc_len); + pool->buffer = p; + pool->alloc_len = newlen; + } + return 1; +} + /* * Add random bytes to the random pool. * @@ -673,6 +707,8 @@ int rand_pool_add(RAND_POOL *pool, } if (len > 0) { + if (!rand_pool_grow(pool, len)) + return 0; memcpy(pool->buffer + pool->len, buffer, len); pool->len += len; pool->entropy += entropy; @@ -708,6 +744,8 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) return NULL; } + if (!rand_pool_grow(pool, len)) + return NULL; return pool->buffer + pool->len; } diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index d9aa9b3..70d1a17 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -11,9 +11,7 @@ #ifndef HEADER_RANDERR_H # define HEADER_RANDERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include # ifdef __cplusplus extern "C" @@ -46,6 +44,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_POOL_ADD_END 114 # define RAND_F_RAND_POOL_ATTACH 124 # define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_GROW 125 # define RAND_F_RAND_POOL_NEW 116 # define RAND_F_RAND_WRITE_FILE 112 From builds at travis-ci.org Wed Jul 24 22:36:46 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Jul 2019 22:36:46 +0000 Subject: Still Failing: openssl/openssl#26866 (OpenSSL_1_1_1-stable - e8d866d) In-Reply-To: Message-ID: <5d38dd7e3e6f2_43fab77f1332835652f@1c20df0b-2532-4d06-8990-b10cd83676b3.mail> Build Update for openssl/openssl ------------------------------------- Build: #26866 Status: Still Failing Duration: 21 mins and 48 secs Commit: e8d866d (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Allocate DRBG additional data pool from non-secure memory The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9424) View the changeset: https://github.com/openssl/openssl/compare/77cb24344dd5...e8d866dcb170 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563300032?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 24 22:57:08 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Jul 2019 22:57:08 +0000 Subject: Errored: openssl/openssl#26867 (OpenSSL_1_1_1-stable - b4b42d4) In-Reply-To: Message-ID: <5d38e24476ef3_43fab7f045d20361753@1c20df0b-2532-4d06-8990-b10cd83676b3.mail> Build Update for openssl/openssl ------------------------------------- Build: #26867 Status: Errored Duration: 25 mins and 40 secs Commit: b4b42d4 (OpenSSL_1_1_1-stable) Author: Pauli Message: Make rand_pool buffers more dynamic in their sizing. The rand pool support allocates maximal sized buffers -- this is typically 12288 bytes in size. These pools are allocated in secure memory which is a scarse resource. They are also allocated per DRBG of which there are up to two per thread. This change allocates 64 byte pools and grows them dynamically if required. 64 is chosen to be sufficiently large so that pools do not normally need to grow. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9428) (cherry picked from commit a6a66e4511eec0f4ecc2943117a42b3723eb2222) View the changeset: https://github.com/openssl/openssl/compare/e8d866dcb170...b4b42d441d35 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563305036?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 25 02:34:05 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 25 Jul 2019 02:34:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1564022045.031058.30596.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: d0cf719efb Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps dbd6644320 Remove OPENSSL_X509V3_H include detector from openssl/cms.h b23217a144 Remove HEADER_BSS_FILE_C module include guard 6de1fe9086 Enforce a minimum DH modulus size of 512 bits Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1647, 244 wallclock secs ( 3.02 usr 0.31 sys + 233.02 cusr 19.18 csys = 255.53 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jul 25 06:35:57 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 25 Jul 2019 06:35:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1564036557.691897.24106.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: d0cf719efb Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps dbd6644320 Remove OPENSSL_X509V3_H include detector from openssl/cms.h b23217a144 Remove HEADER_BSS_FILE_C module include guard 6de1fe9086 Enforce a minimum DH modulus size of 512 bits Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:188: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:182: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:214: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:221: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:212: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:293: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:297: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:290: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:307: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:310: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:313: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:386: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:403: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:452: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:453: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:158: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:160: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:161: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:163: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:255: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7183: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Thu Jul 25 09:43:50 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Jul 2019 09:43:50 +0000 Subject: Build failed: openssl master.26299 Message-ID: <20190725094350.1.7FB7CD65E6307834@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 25 10:22:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Jul 2019 10:22:42 +0000 Subject: Build completed: openssl master.26300 Message-ID: <20190725102242.1.449C789B9D049AE3@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Jul 25 12:38:10 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 25 Jul 2019 12:38:10 +0000 Subject: [openssl] master update Message-ID: <1564058290.426717.14457.nullmailer@dev.openssl.org> The branch master has been updated via 8ccf2ffbd6a98d3750b715787c80d5d2b76d054b (commit) from d0cf719efb4e60364ee80d3d7c9c8f69c69cdb95 (commit) - Log ----------------------------------------------------------------- commit 8ccf2ffbd6a98d3750b715787c80d5d2b76d054b Author: Matt Caswell Date: Wed Jul 24 15:24:01 2019 +0100 Document the provider DIGEST operation Extends the existing provider documentation with information about the DIGEST operation. This is primarily for provider authors. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9453) ----------------------------------------------------------------------- Summary of changes: doc/man7/provider-digest.pod | 214 +++++++++++++++++++++++++++++++++++++++++ doc/man7/provider-keymgmt.pod | 2 +- include/openssl/core_numbers.h | 8 +- 3 files changed, 218 insertions(+), 6 deletions(-) create mode 100644 doc/man7/provider-digest.pod diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod new file mode 100644 index 0000000..f6c3286 --- /dev/null +++ b/doc/man7/provider-digest.pod @@ -0,0 +1,214 @@ +=pod + +=head1 NAME + +provider-digest - The digest library E-E provider functions + +=head1 SYNOPSIS + +=for comment multiple includes + + #include + #include + + /* + * None of these are actual functions, but are displayed like this for + * the function signatures for functions that are offered as function + * pointers in OSSL_DISPATCH arrays. + */ + + /* Context management */ + void *OP_digest_newctx(void *provctx); + void OP_digest_freectx(void *dctx); + void *OP_digest_dupctx(void *dctx); + + /* Digest generation */ + int OP_digest_init(void *dctx); + int OP_digest_update(void *dctx, const unsigned char *in, size_t inl); + int OP_digest_final(void *dctx, unsigned char *out, size_t *outl, + size_t outsz); + int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl, + unsigned char *out, size_t *outl, size_t outsz); + + /* Digest parameters */ + size_t OP_digest_size(void); + size_t OP_digest_block_size(void); + int OP_digest_set_params(void *dctx, const OSSL_PARAM params[]); + int OP_digest_get_params(void *dctx, OSSL_PARAM params[]); + +=head1 DESCRIPTION + +This documentation is primarily aimed at provider authors. See L +for further information. + +The DIGEST operation enables providers to implement digest algorithms and make +them available to applications via the API functions L, +L and L (and other related functions). + +All "functions" mentioned here are passed as function pointers between +F and the provider in B arrays via +B arrays that are returned by the provider's +provider_query_operation() function +(see L). + +All these "functions" have a corresponding function type definition +named B, and a helper function to retrieve the +function pointer from an B element named +B. +For example, the "function" OP_digest_newctx() has these: + + typedef void *(OSSL_OP_digest_newctx_fn)(void *provctx); + static ossl_inline OSSL_OP_digest_newctx_fn + OSSL_get_OP_digest_newctx(const OSSL_DISPATCH *opf); + +B arrays are indexed by numbers that are provided as +macros in L, as follows: + + OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX + OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX + OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX + + OP_digest_init OSSL_FUNC_DIGEST_INIT + OP_digest_update OSSL_FUNC_DIGEST_UPDATE + OP_digest_final OSSL_FUNC_DIGEST_FINAL + OP_digest_digest OSSL_FUNC_DIGEST_DIGEST + + OP_digest_size OSSL_FUNC_DIGEST_SIZE + OP_digest_block_size OSSL_FUNC_DIGEST_BLOCK_SIZE + OP_digest_set_params OSSL_FUNC_DIGEST_SET_PARAMS + OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS + +A digest algorithm implementation may not implement all of these functions. +In order to be useable all or none of OP_digest_newctx, OP_digest_freectx, +OP_digest_init, OP_digest_update and OP_digest_final should be implemented. +All other functions are optional. + +=head2 Context Management Functions + +OP_digest_newctx() should create and return a pointer to a provider side +structure for holding context information during a digest operation. +A pointer to this context will be passed back in a number of the other digest +operation function calls. +The paramater B is the provider context generated during provider +initialisation (see L). + +OP_digest_freectx() is passed a pointer to the provider side digest context in +the B parameter. +This function should free any resources associated with that context. + +OP_digest_dupctx() should duplicate the provider side digest context in the +B parameter and return the duplicate copy. + +=head2 Digest Generation Functions + +OP_digest_init() initialises a digest operation given a newly created +provider side digest context in the B paramter. + +OP_digest_update() is called to supply data to be digested as part of a +previously initialised digest operation. +The B parameter contains a pointer to a previously initialised provider +side context. +OP_digest_update() should digest B bytes of data at the location pointed to +by B. +OP_digest_update() may be called multiple times for a single digest operation. + +OP_digest_final() generates a digest started through previous OP_digest_init() +and OP_digest_update() calls. +The B parameter contains a pointer to the provider side context. +The digest should be written to B<*out> and the length of the digest to +B<*outl>. +The digest should not exceed B bytes. + +OP_digest_digest() is a "oneshot" digest function. +No provider side digest context is used. +Instead the provider context that was created during provider initialisation is +passed in the B parameter (see L). +B bytes at B should be digested and the result should be stored at +B. The length of the digest should be stored in B<*outl> which should not +exceed B bytes. + +=head2 Digest Parameters + +OP_digest_size() should return the size of the digest. + +OP_digest_block_size() should return the size of the block size of the +underlying digest algorithm. + +OP_digest_set_params() set digest parameters associated with the given provider +side digest context B to B. +Any parameter settings are additional to any that were previously set. +See L for further details on the parameters structure. + +OP_digest_get_params() gets details of currently set parameters values associated +with the give provider side digest context B and stores them in B. +See L for further details on the parameters structure. + +Parameters currently recognised by built-in digests are as follows. Not all +parametes are relevant to, or are understood by all digests: + +=over 4 + +=item B (size_t) + +Sets the digest length for extendable output functions. + +=item B (octet string) + +This parameter is set by libssl in order to calculate a signature hash for an +SSLv3 CertificateVerify message as per RFC6101. +It is only set after all handshake messages have already been digested via +OP_digest_update() calls. +The parameter provides the master secret value to be added to the digest. +The digest implementation should calculate the complete digest as per RFC6101 +section 5.6.8. +The next call after setting this parameter will be OP_digest_final(). +This is only relevant for implementations of SHA1 or MD5_SHA1. + +=item B (int) + +Sets the pad type to be used. +The only built-in digest that uses this is MDC2. +Normally the final MDC2 block is padded with 0s. +If the pad type is set to 2 then the final block is padded with 0x80 followed by +0s. + +=item B (utf8 string) + +Gets the digest Message Integrity Check algorithm string. +This is used when creating S/MIME multipart/signed messages, as specified in +RFC 5751. + +=back + +=head1 RETURN VALUES + +OP_digest_newctx() and OP_digest_dupctx() should return the newly created +provider side digest context, or NULL on failure. + +OP_digest_init(), OP_digest_update(), OP_digest_final(), OP_digest_digest(), +OP_digest_set_params() and OP_digest_get_params() should return 1 for success or +0 on error. + +OP_digest_size() should return the digest size. + +OP_digest_block_size() should return the block size of the underlying digest +algorithm. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The provider DIGEST interface was introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index ed3deaa..40f1ad6 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -69,7 +69,7 @@ For example, the "function" OP_keymgmt_importdomparams() has these: typedef void * (OSSL_OP_keymgmt_importdomparams_fn)(void *provctx, const OSSL_PARAM params[]); - static ossl_inline OSSL_NAME_keymgmt_importdomparams_fn + static ossl_inline OSSL_OP_keymgmt_importdomparams_fn OSSL_get_OP_keymgmt_importdomparams(const OSSL_DISPATCH *opf); B arrays are indexed by numbers that are provided as diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 7bd0226..3428ab5 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -157,19 +157,17 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_final, unsigned char *out, size_t *outl, size_t outsz)) OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, (void *provctx, const unsigned char *in, size_t inl, - unsigned char *out, size_t *out_l, size_t outsz)) + unsigned char *out, size_t *outl, size_t outsz)) -OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *dctx)) OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *dctx)) OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *dctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) OSSL_CORE_MAKE_FUNC(int, OP_digest_set_params, - (void *vctx, const OSSL_PARAM params[])) + (void *dctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params, - (void *vctx, OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(unsigned long, OP_cipher_get_flags, (void)) + (void *dctx, OSSL_PARAM params[])) /* Symmetric Ciphers */ From builds at travis-ci.org Thu Jul 25 13:27:51 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Jul 2019 13:27:51 +0000 Subject: Still Failing: openssl/openssl#26883 (master - 8ccf2ff) In-Reply-To: Message-ID: <5d39ae56dfe0c_43f8840cc49503189b1@6179e9e6-897a-4ef7-b620-bc7c3ecbe8ac.mail> Build Update for openssl/openssl ------------------------------------- Build: #26883 Status: Still Failing Duration: 22 mins and 48 secs Commit: 8ccf2ff (master) Author: Matt Caswell Message: Document the provider DIGEST operation Extends the existing provider documentation with information about the DIGEST operation. This is primarily for provider authors. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9453) View the changeset: https://github.com/openssl/openssl/compare/d0cf719efb4e...8ccf2ffbd6a9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563537865?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 25 13:58:24 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 25 Jul 2019 13:58:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1564063104.131169.27243.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: d0cf719efb Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps dbd6644320 Remove OPENSSL_X509V3_H include detector from openssl/cms.h b23217a144 Remove HEADER_BSS_FILE_C module include guard 6de1fe9086 Enforce a minimum DH modulus size of 512 bits Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 222 wallclock secs ( 1.53 usr 0.32 sys + 217.33 cusr 16.23 csys = 235.41 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu Jul 25 14:06:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Jul 2019 14:06:48 +0000 Subject: Build failed: openssl master.26309 Message-ID: <20190725140648.1.6E4EB9B1145E94C6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 25 16:02:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Jul 2019 16:02:34 +0000 Subject: Build failed: openssl master.26312 Message-ID: <20190725160234.1.72B8DF8E43600899@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 25 16:34:08 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 25 Jul 2019 16:34:08 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564072448.746076.16739.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 54aa9d51b09d67e90db443f682cface795f5af9e (commit) from b4b42d441d350b48449ea93aaa035152123f70ae (commit) - Log ----------------------------------------------------------------- commit 54aa9d51b09d67e90db443f682cface795f5af9e Author: Richard Levitte Date: Sat Jul 6 09:38:59 2019 +0200 Fix default installation paths on mingw Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9400) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++ Configurations/10-main.conf | 4 ++ Configurations/unix-Makefile.tmpl | 98 +++++++++++++++++++++++++++++++++++++++ NOTES.WIN | 15 ++++++ 4 files changed, 124 insertions(+) diff --git a/CHANGES b/CHANGES index de9c7c1..2730205 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) Use Windows installation paths in the mingw builds + + Mingw isn't a POSIX environment per se, which means that Windows + paths should be used for installation. + (CVE-2019-1552) + [Richard Levitte] + *) Changed DH parameters to generate the order q subgroup instead of 2q. Previously generated DH parameters are still accepted by DH_check but DH_generate_key works around that by clearing bit 0 of the diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index e311a5d..3c4299d 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1397,6 +1397,10 @@ my %targets = ( shared_extension => ".dll", multilib => "", apps_aux_src => add("win32_init.c"), + # "WOW" stands for "Windows on Windows", and that word engages + # some installation path heuristics in unix-Makefile.tmpl... + build_scheme => add("WOW", { separator => undef }), + }, "mingw64" => { # As for OPENSSL_USE_APPLINK. Applink makes it possible to use diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index e7d246b..4b923fd 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -14,6 +14,26 @@ our $dsoext = $target{dso_extension} || ".so"; our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog}; + # $mingw_installroot and $mingw_commonroot is relevant for mingw only. + my $build_scheme = $target{build_scheme}; + my $install_flavour = $build_scheme->[$#$build_scheme]; # last element + my $mingw_installenv = $install_flavour eq "WOW" ? "ProgramFiles(x86)" + : "ProgramW6432"; + my $mingw_commonenv = $install_flavour eq "WOW" ? "CommonProgramFiles(x86)" + : "CommonProgramW6432"; + our $mingw_installroot = + defined($ENV{$mingw_installenv}) ? $mingw_installenv : 'ProgramFiles'; + our $mingw_commonroot = + defined($ENV{$mingw_commonenv}) ? $mingw_commonenv : 'CommonProgramFiles'; + my $mingw_installdflt = + $install_flavour eq "WOW" ? "C:/Program Files (x86)" + : "C:/Program Files"; + my $mingw_commondflt = "$mingw_installdflt/Common Files"; + + # expand variables early + $mingw_installroot = $ENV{$mingw_installroot} // $mingw_installdflt; + $mingw_commonroot = $ENV{$mingw_commonroot} // $mingw_commondflt; + sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } # Shared AIX support is special. We put libcrypto[64].so.ver into @@ -132,6 +152,7 @@ APPS_OPENSSL={- use File::Spec::Functions; # Normally it is left empty. DESTDIR= +{- output_off() if $config{target} =~ /^mingw/; "" -} # Do not edit these manually. Use Configure with --prefix or --openssldir # to change this! Short explanation in the top comment in Configure INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet @@ -175,6 +196,83 @@ ENGINESDIR=$(libdir)/engines-{- $sover_dirname -} # Convenience variable for those who want to set the rpath in shared # libraries and applications LIBRPATH=$(libdir) +{- output_on() if $config{target} =~ /^mingw/; + output_off() if $config{target} !~ /^mingw/; + "" -} +# Do not edit these manually. Use Configure with --prefix or --openssldir +# to change this! Short explanation in the top comment in Configure +INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet + # + use File::Spec::Win32; + my $prefix_default = "$mingw_installroot/OpenSSL"; + our $prefix = + File::Spec::Win32->canonpath($config{prefix} + || $prefix_default); + our ($prefix_dev, $prefix_dir, $prefix_file) = + File::Spec::Win32->splitpath($prefix, 1); + $prefix =~ s|\\|/|g; + $prefix_dir =~ s|\\|/|g; + $prefix_dev -} +INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir); + $x =~ s|\\|/|g; + $x -} +OPENSSLDIR_dev={- # + # The logic here is that if no --openssldir was given, + # OPENSSLDIR will get the value "$mingw_commonroot/SSL". + # If --openssldir was given and the value is an absolute + # path, OPENSSLDIR will get its value without change. + # If the value from --openssldir is a relative path, + # OPENSSLDIR will get $prefix with the --openssldir + # value appended as a subdirectory. + # + use File::Spec::Win32; + our $openssldir = + $config{openssldir} ? + (File::Spec::Win32->file_name_is_absolute($config{openssldir}) ? + File::Spec::Win32->canonpath($config{openssldir}) + : File::Spec::Win32->catdir($prefix, $config{openssldir})) + : File::Spec::Win32->canonpath("$mingw_commonroot/SSL"); + our ($openssldir_dev, $openssldir_dir, $openssldir_file) = + File::Spec::Win32->splitpath($openssldir, 1); + $openssldir =~ s|\\|/|g; + $openssldir_dir =~ s|\\|/|g; + $openssldir_dev -} +OPENSSLDIR_dir={- my $x = File::Spec::Win32->canonpath($openssldir_dir); + $x =~ s|\\|/|g; + $x -} +LIBDIR={- our $libdir = $config{libdir} || "lib"; + File::Spec::Win32->file_name_is_absolute($libdir) ? "" : $libdir -} +ENGINESDIR_dev={- use File::Spec::Win32; + our $enginesdir = + File::Spec::Win32->catdir($prefix,$libdir, + "engines-$sover_dirname"); + our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = + File::Spec::Win32->splitpath($enginesdir, 1); + $enginesdir =~ s|\\|/|g; + $enginesdir_dir =~ s|\\|/|g; + $enginesdir_dev -} +ENGINESDIR_dir={- my $x = File::Spec::Win32->canonpath($enginesdir_dir); + $x =~ s|\\|/|g; + $x -} +# In a Windows environment, $(DESTDIR) is harder to contatenate with other +# directory variables, because both may contain devices. What we do here is +# to adapt INSTALLTOP, OPENSSLDIR and ENGINESDIR depending on if $(DESTDIR) +# has a value or not, to ensure that concatenation will always work further +# down. +ifneq "$(DESTDIR)" "" +INSTALLTOP=$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dir) +else +INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir) +endif + +# $(libdir) is chosen to be compatible with the GNU coding standards +libdir={- File::Spec::Win32->file_name_is_absolute($libdir) + ? $libdir : '$(INSTALLTOP)/$(LIBDIR)' -} +{- output_on() if $config{target} !~ /^mingw/; "" -} MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) diff --git a/NOTES.WIN b/NOTES.WIN index 4d39d06..b1cb542 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -109,6 +109,21 @@ This naturally implies that you've installed corresponding add-on packages. + Independently of the method chosen to build for mingw, the installation + paths are similar to those used when building with VC-* targets, except + that in case the fallbacks mentioned there aren't possible (typically + when cross compiling on Linux), the paths will be the following: + + For mingw: + + PREFIX: C:/Program Files (x86)/OpenSSL + OPENSSLDIR C:/Program Files (x86)/Common Files/SSL + + For mingw64: + + PREFIX: C:/Program Files/OpenSSL + OPENSSLDIR C:/Program Files/Common Files/SSL + Linking your application ======================== From no-reply at appveyor.com Thu Jul 25 16:51:13 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Jul 2019 16:51:13 +0000 Subject: Build completed: openssl master.26313 Message-ID: <20190725165113.1.5B63CF0C17DB31A8@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 25 16:59:27 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 25 Jul 2019 16:59:27 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1564073967.663596.9998.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d333ebaf9c77332754a9d5e111e2f53e1de54fdd (commit) from 0bc650d58a58a8b4af97639b952eac3558bb982e (commit) - Log ----------------------------------------------------------------- commit d333ebaf9c77332754a9d5e111e2f53e1de54fdd Author: Richard Levitte Date: Thu Jul 25 12:21:33 2019 +0200 Document issue with default installation paths on diverse Windows targets For all config targets (except VMS, because it has a completely different set of scripts), '/usr/local/ssl' is the default prefix for installation of programs and libraries, as well as the path for OpenSSL run-time configuration. For programs built to run in a Windows environment, this default is unsafe, and the user should set a different prefix. This has been hinted at in some documentation but not all, and the danger of leaving the default as is hasn't been documented at all. This change documents the issue as a caveat lector, and all configuration examples now include an example --prefix. CVE-2019-1552 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9456) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 ++++++- INSTALL.DJGPP | 14 ++++++++++++-- INSTALL.W32 | 24 +++++++++++++++++++++--- INSTALL.W64 | 12 ++++++++++-- INSTALL.WCE | 13 ++++++++++++- 5 files changed, 61 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 137b629..d804f32 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,12 @@ Changes between 1.0.2s and 1.0.2t [xx XXX xxxx] - *) + *) Document issue with installation paths in diverse Windows builds + + '/usr/local/ssl' is an unsafe prefix for location to install OpenSSL + binaries and run-time config file. + (CVE-2019-1552) + [Richard Levitte] Changes between 1.0.2r and 1.0.2s [28 May 2019] diff --git a/INSTALL.DJGPP b/INSTALL.DJGPP index 1047ec9..ecbf493 100644 --- a/INSTALL.DJGPP +++ b/INSTALL.DJGPP @@ -33,8 +33,18 @@ running in a DOS box under Windows. If so, just close the BASH shell, go back to Windows, and restart BASH. Then run "make" again. - RUN-TIME CAVEAT LECTOR - -------------- + CAVEAT LECTOR + ------------- + + ### Default install and config paths + + ./Configure defaults to '/usr/local/ssl' as installation top. This is + suitable for Unix, but not for Windows, where this usually is a world + writable directory and therefore accessible for change by untrusted users. + It is therefore recommended to set your own --prefix or --openssldir to + some location that is not world writeable (see the example above) + + ### Entropy Quoting FAQ: diff --git a/INSTALL.W32 b/INSTALL.W32 index bd10187..b97a3d0 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -34,6 +34,17 @@ get it all to work. See the trouble shooting section later on for if (when?) it goes wrong. + CAVEAT LECTOR + ------------- + + ### Default install and config paths + + ./Configure defaults to '/usr/local/ssl' as installation top. This is + suitable for Unix, but not for Windows, where this usually is a world + writable directory and therefore accessible for change by untrusted users. + It is therefore recommended to set your own --prefix or --openssldir to + some location that is not world writeable (see the example above) + Visual C++ ---------- @@ -104,7 +115,7 @@ --------------------- * Configure for building with Borland Builder: - > perl Configure BC-32 + > perl Configure BC-32 --prefix=c:\some\openssl\dir * Create the appropriate makefile > ms\do_nasm @@ -196,7 +207,7 @@ * Compile OpenSSL: - $ ./config + $ ./config --prefix=c:/some/openssl/dir [...] $ make [...] @@ -206,7 +217,11 @@ and openssl.exe application in apps directory. It is also possible to cross-compile it on Linux by configuring - with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'. + like this: + + $ ./Configure --cross-compile-prefix=i386-mingw32- \ + --prefix=c:/some/openssl/dir mingw ... + 'make test' is naturally not applicable then. libcrypto.a and libssl.a are the static libraries. To use the DLLs, @@ -240,6 +255,9 @@ $ copy /b out32dll\libeay32.dll c:\openssl\bin $ copy /b out32dll\openssl.exe c:\openssl\bin + ("c:\openssl" should be whatever you specified to --prefix when + configuring the build) + Of course, you can choose another device than c:. C: is used here because that's usually the first (and often only) harddisk device. Note: in the modssl INSTALL.Win32, p: is used rather than c:. diff --git a/INSTALL.W64 b/INSTALL.W64 index 9fa7a19..3f5bf80 100644 --- a/INSTALL.W64 +++ b/INSTALL.W64 @@ -30,6 +30,14 @@ Neither of these is actually big deal and hardly encountered in real-life applications. + ### Default install and config paths + + ./Configure defaults to '/usr/local/ssl' as installation top. This is + suitable for Unix, but not for Windows, where this usually is a world + writable directory and therefore accessible for change by untrusted users. + It is therefore recommended to set your own --prefix or --openssldir to + some location that is not world writeable (see the example above) + Compiling procedure ------------------- @@ -43,7 +51,7 @@ To build for Win64/x64: - > perl Configure VC-WIN64A + > perl Configure VC-WIN64A --prefix=c:\some\openssl\dir > ms\do_win64a > nmake -f ms\ntdll.mak > cd out32dll @@ -51,7 +59,7 @@ To build for Win64/IA64: - > perl Configure VC-WIN64I + > perl Configure VC-WIN64I --prefix=c:\some\openssl\dir > ms\do_win64i > nmake -f ms\ntdll.mak > cd out32dll diff --git a/INSTALL.WCE b/INSTALL.WCE index d78c61a..490685d 100644 --- a/INSTALL.WCE +++ b/INSTALL.WCE @@ -35,6 +35,17 @@ redirects IO to active sync link, while PortSDK - to NT-like console driver on the handheld itself. + CAVEAT LECTOR + ------------- + + ### Default install and config paths + + ./Configure defaults to '/usr/local/ssl' as installation top. This is + suitable for Unix, but not for Windows, where this usually is a world + writable directory and therefore accessible for change by untrusted users. + It is therefore recommended to set your own --prefix or --openssldir to + some location that is not world writeable (see the example above) + Building -------- @@ -61,7 +72,7 @@ Next you should run Configure: - > perl Configure VC-CE + > perl Configure VC-CE --prefix=c:\some\openssl\dir Next you need to build the Makefiles: From levitte at openssl.org Thu Jul 25 17:03:52 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 25 Jul 2019 17:03:52 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1564074232.237829.31566.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via e32bc855a81a2d48d215c506bdeb4f598045f7e9 (commit) from 92a2f01ea40ec52f8f77893ff433dc47c1f5b9ef (commit) - Log ----------------------------------------------------------------- commit e32bc855a81a2d48d215c506bdeb4f598045f7e9 Author: Richard Levitte Date: Sat Jul 6 09:38:59 2019 +0200 Fix default installation paths on mingw Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9460) ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 +++- Configurations/10-main.conf | 2 + Configurations/unix-Makefile.tmpl | 96 +++++++++++++++++++++++++++++++++++++++ NOTES.WIN | 15 ++++++ 4 files changed, 120 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index cb82dba..2c89717 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,13 @@ Changes between 1.1.0k and 1.1.0l [xx XXX xxxx] - *) + *) Use Windows installation paths in the mingw builds + + Mingw isn't a POSIX environment per se, which means that Windows + paths should be used for installation. + (CVE-2019-1552) + [Richard Levitte] + Changes between 1.1.0j and 1.1.0k [28 May 2019] diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 6c05c28..b141be5 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1444,6 +1444,7 @@ sub vms_info { shared_extension => ".dll", multilib => "", apps_aux_src => add("win32_init.c"), + build_scheme => add("mingw", { separator => undef }), }, "mingw64" => { # As for OPENSSL_USE_APPLINK. Applink makes it possible to use @@ -1473,6 +1474,7 @@ sub vms_info { shared_extension => ".dll", multilib => "64", apps_aux_src => add("win32_init.c"), + build_scheme => add("mingw64", { separator => undef }), }, #### UEFI diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index af84bd4..d7754f0 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -13,6 +13,28 @@ our $shlibextimport = $target{shared_import_extension} || ""; our $dsoext = $target{dso_extension} || ".so"; + # $mingw_installroot and $mingw_commonroot is relevant for mingw only. + my $mingw_installenv = + $target{build_scheme}->[2] eq "mingw" + ? "ProgramFiles(x86)" : "ProgramW6432"; + my $mingw_commonenv = + $target{build_scheme}->[2] eq "mingw" + ? "CommonProgramFiles(x86)" : "CommonProgramW6432"; + our $mingw_installroot = + defined($ENV{$mingw_installenv}) + ? $mingw_installenv : 'ProgramFiles'; + our $mingw_commonroot = + defined($ENV{$mingw_commonenv}) + ? $mingw_commonenv : 'CommonProgramFiles'; + my $mingw_installdflt = + defined($ENV{$mingw_installenv}) + ? "C:/Program Files (x86)" : "C:/Program Files"; + my $mingw_commondflt = "$mingw_installdflt/Common Files"; + + # expand variables early + $mingw_installroot = $ENV{$mingw_installroot} // $mingw_installdflt; + $mingw_commonroot = $ENV{$mingw_commonroot} // $mingw_commondflt; + sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } our $sover = $config{target} =~ /^mingw/ @@ -121,6 +143,7 @@ APPS_OPENSSL={- use File::Spec::Functions; # Normally it is left empty. DESTDIR= +{- output_off() if $config{target} =~ /^mingw/; "" -} # Do not edit these manually. Use Configure with --prefix or --openssldir # to change this! Short explanation in the top comment in Configure INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet @@ -159,6 +182,79 @@ ENGINESDIR={- use File::Spec::Functions; # Convenience variable for those who want to set the rpath in shared # libraries and applications LIBRPATH=$(INSTALLTOP)/$(LIBDIR) +{- output_on() if $config{target} =~ /^mingw/; + output_off() if $config{target} !~ /^mingw/; + "" -} +# Do not edit these manually. Use Configure with --prefix or --openssldir +# to change this! Short explanation in the top comment in Configure +INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet + # + use File::Spec::Win32; + my $prefix_default = "$mingw_installroot/OpenSSL"; + our $prefix = + File::Spec::Win32->canonpath($config{prefix} + || $prefix_default); + our ($prefix_dev, $prefix_dir, $prefix_file) = + File::Spec::Win32->splitpath($prefix, 1); + $prefix =~ s|\\|/|g; + $prefix_dir =~ s|\\|/|g; + $prefix_dev -} +INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir); + $x =~ s|\\|/|g; + $x -} +OPENSSLDIR_dev={- # + # The logic here is that if no --openssldir was given, + # OPENSSLDIR will get the value "$mingw_commonroot/SSL". + # If --openssldir was given and the value is an absolute + # path, OPENSSLDIR will get its value without change. + # If the value from --openssldir is a relative path, + # OPENSSLDIR will get $prefix with the --openssldir + # value appended as a subdirectory. + # + use File::Spec::Win32; + our $openssldir = + $config{openssldir} ? + (File::Spec::Win32->file_name_is_absolute($config{openssldir}) ? + File::Spec::Win32->canonpath($config{openssldir}) + : File::Spec::Win32->catdir($prefix, $config{openssldir})) + : File::Spec::Win32->canonpath("$mingw_commonroot/SSL"); + our ($openssldir_dev, $openssldir_dir, $openssldir_file) = + File::Spec::Win32->splitpath($openssldir, 1); + $openssldir =~ s|\\|/|g; + $openssldir_dir =~ s|\\|/|g; + $openssldir_dev -} +OPENSSLDIR_dir={- my $x = File::Spec::Win32->canonpath($openssldir_dir); + $x =~ s|\\|/|g; + $x -} +LIBDIR={- our $libdir = $config{libdir} || "lib"; + $libdir -} +ENGINESDIR_dev={- use File::Spec::Win32; + our $enginesdir = + File::Spec::Win32->catdir($prefix,$libdir, + "engines-$sover_dirname"); + our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = + File::Spec::Win32->splitpath($enginesdir, 1); + $enginesdir =~ s|\\|/|g; + $enginesdir_dir =~ s|\\|/|g; + $enginesdir_dev -} +ENGINESDIR_dir={- my $x = File::Spec::Win32->canonpath($enginesdir_dir); + $x =~ s|\\|/|g; + $x -} +# In a Windows environment, $(DESTDIR) is harder to contatenate with other +# directory variables, because both may contain devices. What we do here is +# to adapt INSTALLTOP, OPENSSLDIR and ENGINESDIR depending on if $(DESTDIR) +# has a value or not, to ensure that concatenation will always work further +# down. +ifneq "$(DESTDIR)" "" +INSTALLTOP=$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dir) +else +INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir) +endif +{- output_on() if $config{target} !~ /^mingw/; "" -} MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) diff --git a/NOTES.WIN b/NOTES.WIN index c31aed9..9858977 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -107,6 +107,21 @@ and i686-w64-mingw32-. + Independently of the method chosen to build for mingw, the installation + paths are similar to those used when building with VC-* targets, except + that in case the fallbacks mentioned there aren't possible (typically + when cross compiling on Linux), the paths will be the following: + + For mingw: + + PREFIX: C:/Program Files (x86)/OpenSSL + OPENSSLDIR C:/Program Files (x86)/Common Files/SSL + + For mingw64: + + PREFIX: C:/Program Files/OpenSSL + OPENSSLDIR C:/Program Files/Common Files/SSL + Linking your application ------------------------ From builds at travis-ci.org Thu Jul 25 16:57:19 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Jul 2019 16:57:19 +0000 Subject: Failed: openssl/openssl#26891 (OpenSSL_1_1_1-stable - 54aa9d5) In-Reply-To: Message-ID: <5d39df6f8ae6a_43fe90db08840330847@401ba6c4-999a-42d3-aba0-f376a22e1b08.mail> Build Update for openssl/openssl ------------------------------------- Build: #26891 Status: Failed Duration: 20 mins and 24 secs Commit: 54aa9d5 (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: Fix default installation paths on mingw Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9400) View the changeset: https://github.com/openssl/openssl/compare/b4b42d441d35...54aa9d51b09d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563639866?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Jul 25 17:10:56 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Jul 2019 17:10:56 +0000 Subject: Broken: openssl/openssl#26894 (OpenSSL_1_1_0-stable - e32bc85) In-Reply-To: Message-ID: <5d39e29f9d88c_43f9b7676f7e098672@c68fbe60-60ea-4fb0-9820-99f0eaa97dfc.mail> Build Update for openssl/openssl ------------------------------------- Build: #26894 Status: Broken Duration: 6 mins and 19 secs Commit: e32bc85 (OpenSSL_1_1_0-stable) Author: Richard Levitte Message: Fix default installation paths on mingw Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9460) View the changeset: https://github.com/openssl/openssl/compare/92a2f01ea40e...e32bc855a81a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563652186?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From davidben at google.com Thu Jul 25 20:25:16 2019 From: davidben at google.com (davidben at google.com) Date: Thu, 25 Jul 2019 20:25:16 +0000 Subject: [openssl] master update Message-ID: <1564086316.918251.11472.nullmailer@dev.openssl.org> The branch master has been updated via 166c0b98fd6e8b1bb341397642527a9396468f6c (commit) from 8ccf2ffbd6a98d3750b715787c80d5d2b76d054b (commit) - Log ----------------------------------------------------------------- commit 166c0b98fd6e8b1bb341397642527a9396468f6c Author: David Benjamin Date: Tue Jul 23 14:14:48 2019 -0400 Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9445) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_clnt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b6e96ae..e6b674c 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1900,8 +1900,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - skey = ssl_generate_pkey(ckey); - if (skey == NULL) { + skey = EVP_PKEY_new(); + if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); return 0; From davidben at google.com Thu Jul 25 20:26:28 2019 From: davidben at google.com (davidben at google.com) Date: Thu, 25 Jul 2019 20:26:28 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564086388.411480.12487.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e4a282fe030363a87d52d4a3214eb7490036015e (commit) from 54aa9d51b09d67e90db443f682cface795f5af9e (commit) - Log ----------------------------------------------------------------- commit e4a282fe030363a87d52d4a3214eb7490036015e Author: David Benjamin Date: Tue Jul 23 14:14:48 2019 -0400 Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9445) (cherry picked from commit 166c0b98fd6e8b1bb341397642527a9396468f6c) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_clnt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 0ebaeea..f0ae642 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1858,8 +1858,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - skey = ssl_generate_pkey(ckey); - if (skey == NULL) { + skey = EVP_PKEY_new(); + if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); return 0; From builds at travis-ci.org Thu Jul 25 20:45:05 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Jul 2019 20:45:05 +0000 Subject: Still Failing: openssl/openssl#26899 (master - 166c0b9) In-Reply-To: Message-ID: <5d3a14d159c58_43fe90de5e260413096@401ba6c4-999a-42d3-aba0-f376a22e1b08.mail> Build Update for openssl/openssl ------------------------------------- Build: #26899 Status: Still Failing Duration: 19 mins and 9 secs Commit: 166c0b9 (master) Author: David Benjamin Message: Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9445) View the changeset: https://github.com/openssl/openssl/compare/8ccf2ffbd6a9...166c0b98fd6e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563729460?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Jul 25 20:57:50 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Jul 2019 20:57:50 +0000 Subject: Still Failing: openssl/openssl#26900 (OpenSSL_1_1_1-stable - e4a282f) In-Reply-To: Message-ID: <5d3a17ce854b2_43fcde6fb038085755@94abdd17-6c64-42bf-897f-bb1a4aa93d62.mail> Build Update for openssl/openssl ------------------------------------- Build: #26900 Status: Still Failing Duration: 25 mins and 27 secs Commit: e4a282f (OpenSSL_1_1_1-stable) Author: David Benjamin Message: Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9445) (cherry picked from commit 166c0b98fd6e8b1bb341397642527a9396468f6c) View the changeset: https://github.com/openssl/openssl/compare/54aa9d51b09d...e4a282fe0303 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/563729785?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 26 02:32:24 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 26 Jul 2019 02:32:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1564108344.507041.15392.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 166c0b98fd Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. 8ccf2ffbd6 Document the provider DIGEST operation Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1647, 268 wallclock secs ( 3.16 usr 0.41 sys + 253.43 cusr 23.04 csys = 280.04 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 26 06:33:43 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 26 Jul 2019 06:33:43 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1564122823.557332.8479.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 166c0b98fd Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. 8ccf2ffbd6 Document the provider DIGEST operation Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:188: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:182: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:214: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:221: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:212: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:293: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:297: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:290: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:307: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:310: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:313: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:386: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:403: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:452: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:453: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:158: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:160: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:161: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:163: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:255: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7183: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Fri Jul 26 13:49:06 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 26 Jul 2019 13:49:06 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1564148946.639581.11455.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 166c0b98fd Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. 8ccf2ffbd6 Document the provider DIGEST operation Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 231 wallclock secs ( 1.82 usr 0.38 sys + 223.10 cusr 20.64 csys = 245.94 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jul 26 14:36:30 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 26 Jul 2019 14:36:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1564151790.476990.4990.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 166c0b98fd Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. 8ccf2ffbd6 Document the provider DIGEST operation d0cf719efb Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps dbd6644320 Remove OPENSSL_X509V3_H include detector from openssl/cms.h b23217a144 Remove HEADER_BSS_FILE_C module include guard 6de1fe9086 Enforce a minimum DH modulus size of 512 bits Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1562, 233 wallclock secs ( 1.78 usr 0.39 sys + 226.44 cusr 20.69 csys = 249.30 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Fri Jul 26 16:30:58 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 26 Jul 2019 16:30:58 +0000 Subject: [openssl] master update Message-ID: <1564158658.675626.24878.nullmailer@dev.openssl.org> The branch master has been updated via e2f72313ccd168eb571b8a4c7cfaf0bf46bdcf9f (commit) via 3b5d61f4721f91b5f31a8d3b935f9b3cf4c27644 (commit) via 36f5ec55e69716024f70df53074a2871e091a3e1 (commit) from 166c0b98fd6e8b1bb341397642527a9396468f6c (commit) - Log ----------------------------------------------------------------- commit e2f72313ccd168eb571b8a4c7cfaf0bf46bdcf9f Author: Richard Levitte Date: Wed Jul 17 14:26:26 2019 +0200 test/recipes/30-test_evp.t: Modify to test with different providers Different providers will give different results, and we need to test them all. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9398) commit 3b5d61f4721f91b5f31a8d3b935f9b3cf4c27644 Author: Richard Levitte Date: Wed Jul 17 11:34:14 2019 +0200 test/evp_test.c: modify to use OSSL_PROVIDER_available() This changes the stanza format used so far. Some test stanza had the following line, only possible for digests: Legacy = 1 These have been traded for the following: Availablein = legacy That line is globally available in all test stanza and can be used to tell what providers a certain algorithm may be available in. Only one provider needs to match, so one might have something like this for some tests: Availablein = default fips This means that one of those providers must be available for the test stanza to be performed. If the providers mentioned for a stanza aren't available, the test is skipped. If this line isn't used in a stanza, the algorithm is assumed to be available unconditionally (either by fallback providers, or providers loaded by the config file). Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9398) commit 36f5ec55e69716024f70df53074a2871e091a3e1 Author: Richard Levitte Date: Wed Jul 17 11:29:04 2019 +0200 Add functions to see if a provider is available for use. Public function OSSL_PROVIDER_available() takes a library context and a provider name, and returns 1 if it's available for use, i.e. if it's possible to fetch implementations from it, otherwise 0. Internal function ossl_provider_activated() returns 1 if the given OSSL_PROVIDER is activated, otherwise 0. To make this possible, the activation of fallbacks got refactored out to a separate function, which ended up simplifying the code. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9398) ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 ++ crypto/provider.c | 12 ++++ crypto/provider_core.c | 94 ++++++++++++++++------------- doc/internal/man3/ossl_provider_new.pod | 11 +++- doc/man3/OSSL_PROVIDER.pod | 17 +++++- include/internal/provider.h | 2 + include/internal/symhacks.h | 3 + include/openssl/provider.h | 1 + test/default-and-legacy.cnf | 14 +++++ test/default.cnf | 10 +++ test/evp_test.c | 60 ++++++++++-------- test/fips.cnf | 10 +++ test/legacy.cnf | 10 +++ test/recipes/30-test_evp.t | 21 ++++--- test/recipes/30-test_evp_data/evpdigest.txt | 48 +++++++-------- util/libcrypto.num | 1 + 16 files changed, 217 insertions(+), 102 deletions(-) create mode 100644 test/default-and-legacy.cnf create mode 100644 test/default.cnf create mode 100644 test/fips.cnf create mode 100644 test/legacy.cnf diff --git a/CHANGES b/CHANGES index acaa099518..80ad49ee7c 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,11 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Introduced a new function, OSSL_PROVIDER_available(), which can be used + to check if a named provider is loaded and available. When called, it + will also activate all fallback providers if such are still present. + [Richard Levitte] + *) Enforce a minimum DH modulus size of 512 bits. [Bernd Edlinger] diff --git a/crypto/provider.c b/crypto/provider.c index f81260cdab..0250955a70 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -35,6 +35,18 @@ int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov) return 1; } +int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name) +{ + OSSL_PROVIDER *prov = NULL; + int available = 0; + + /* Find it or create it */ + prov = ossl_provider_find(libctx, name); + available = ossl_provider_available(prov); + ossl_provider_free(prov); + return available; +} + const OSSL_PARAM *OSSL_PROVIDER_get_param_types(const OSSL_PROVIDER *prov) { return ossl_provider_get_param_types(prov); diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 0e86097cd0..385a632653 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -572,67 +572,79 @@ static int provider_forall_loaded(struct provider_store_st *store, return ret; } +/* + * This function only does something once when store->use_fallbacks == 1, + * and then sets store->use_fallbacks = 0, so the second call and so on is + * effectively a no-op. + */ +static void provider_activate_fallbacks(struct provider_store_st *store) +{ + if (store->use_fallbacks) { + int num_provs = sk_OSSL_PROVIDER_num(store->providers); + int activated_fallback_count = 0; + int i; + + for (i = 0; i < num_provs; i++) { + OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(store->providers, i); + + /* + * Note that we don't care if the activation succeeds or not. + * If it doesn't succeed, then any attempt to use any of the + * fallback providers will fail anyway. + */ + if (prov->flag_fallback) { + activated_fallback_count++; + provider_activate(prov); + } + } + + /* + * We assume that all fallbacks have been added to the store before + * any fallback is activated. + * TODO: We may have to reconsider this, IF we find ourselves adding + * fallbacks after any previous fallback has been activated. + */ + if (activated_fallback_count > 0) + store->use_fallbacks = 0; + } +} + int ossl_provider_forall_loaded(OPENSSL_CTX *ctx, int (*cb)(OSSL_PROVIDER *provider, void *cbdata), void *cbdata) { int ret = 1; - int i; struct provider_store_st *store = get_provider_store(ctx); if (store != NULL) { - int found_activated = 0; - CRYPTO_THREAD_read_lock(store->lock); - ret = provider_forall_loaded(store, &found_activated, cb, cbdata); + + provider_activate_fallbacks(store); /* - * If there's nothing activated ever in this store, try to activate - * all fallbacks. + * Now, we sweep through all providers */ - if (!found_activated && store->use_fallbacks) { - int num_provs = sk_OSSL_PROVIDER_num(store->providers); - int activated_fallback_count = 0; - - for (i = 0; i < num_provs; i++) { - OSSL_PROVIDER *prov = - sk_OSSL_PROVIDER_value(store->providers, i); - - /* - * Note that we don't care if the activation succeeds or - * not. If it doesn't succeed, then the next loop will - * fail anyway. - */ - if (prov->flag_fallback) { - activated_fallback_count++; - provider_activate(prov); - } - } + ret = provider_forall_loaded(store, NULL, cb, cbdata); - if (activated_fallback_count > 0) { - /* - * We assume that all fallbacks have been added to the store - * before any fallback is activated. - * TODO: We may have to reconsider this, IF we find ourselves - * adding fallbacks after any previous fallback has been - * activated. - */ - store->use_fallbacks = 0; - - /* - * Now that we've activated available fallbacks, try a - * second sweep - */ - ret = provider_forall_loaded(store, NULL, cb, cbdata); - } - } CRYPTO_THREAD_unlock(store->lock); } return ret; } +int ossl_provider_available(OSSL_PROVIDER *prov) +{ + if (prov != NULL) { + CRYPTO_THREAD_read_lock(prov->store->lock); + provider_activate_fallbacks(prov->store); + CRYPTO_THREAD_unlock(prov->store->lock); + + return prov->flag_initialized; + } + return 0; +} + /* Setters of Provider Object data */ int ossl_provider_set_fallback(OSSL_PROVIDER *prov) { diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index 426d95393d..255f194e03 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -6,7 +6,7 @@ ossl_provider_find, ossl_provider_new, ossl_provider_up_ref, ossl_provider_free, ossl_provider_set_fallback, ossl_provider_set_module_path, ossl_provider_add_parameter, -ossl_provider_activate, +ossl_provider_activate, ossl_provider_available, ossl_provider_ctx, ossl_provider_forall_loaded, ossl_provider_name, ossl_provider_dso, @@ -33,6 +33,8 @@ ossl_provider_get_params, ossl_provider_query_operation /* Load and initialize the Provider */ int ossl_provider_activate(OSSL_PROVIDER *prov); + /* Check if provider is available */ + int ossl_provider_available(OSSL_PROVIDER *prov); /* Return pointer to the provider's context */ void *ossl_provider_ctx(const OSSL_PROVIDER *prov); @@ -148,6 +150,10 @@ be located in that module, and called. =back +ossl_provider_available() activates all fallbacks if no provider is +activated yet, then checks if given provider object I is +activated. + ossl_provider_ctx() returns a context created by the provider. Outside of the provider, it's completely opaque, but it needs to be passed back to some of the provider functions. @@ -228,6 +234,9 @@ ossl_provider_free() doesn't return any value. ossl_provider_set_module_path(), ossl_provider_set_fallback() and ossl_provider_activate() return 1 on success, or 0 on error. +ossl_provider_available() return 1 if the provider is available, +otherwise 0. + ossl_provider_name(), ossl_provider_dso(), ossl_provider_module_name(), and ossl_provider_module_path() return a pointer to their respective data if it's available, otherwise NULL diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 1453fcc50a..5608bf394c 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -3,6 +3,7 @@ =head1 NAME OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, +OSSL_PROVIDER_available, OSSL_PROVIDER_get_param_types, OSSL_PROVIDER_get_params, OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines @@ -12,13 +13,14 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines typedef struct ossl_provider_st OSSL_PROVIDER; - OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); + OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); + int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name); const OSSL_PARAM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]); - int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, + int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, ossl_provider_init_fn *init_fn); const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); @@ -32,6 +34,9 @@ A provider can be built in to the application or the OpenSSL libraries, or can be a loadable module. The functions described here handle both forms. +Some of these functions operate within a library context, please see +L for further details. + =head2 Functions OSSL_PROVIDER_add_builtin() is used to add a built in provider to @@ -49,6 +54,9 @@ OSSL_PROVIDER_unload() unloads the given provider. For a provider added with OSSL_PROVIDER_add_builtin(), this simply runs its teardown function. +OSSL_PROVIDER_available() checks if a named provider is available +for use. + OSSL_PROVIDER_get_param_types() is used to get a provider parameter descriptor set as a constant B array. See L for more information. @@ -69,6 +77,9 @@ success, or B on error. OSSL_PROVIDER_unload() returns 1 on success, or 0 on error. +OSSL_PROVIDER_available() returns 1 if the named provider is available, +otherwise 0. + OSSL_PROVIDER_get_param_types() returns a pointer to an array of constant B, or NULL if none is provided. @@ -95,7 +106,7 @@ its build number. =head1 SEE ALSO -L, L +L, L, L =head1 HISTORY diff --git a/include/internal/provider.h b/include/internal/provider.h index fbc60fc6ee..aa1876498d 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -44,6 +44,8 @@ int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name, * Inactivation is done by freeing the Provider */ int ossl_provider_activate(OSSL_PROVIDER *prov); +/* Check if the provider is available */ +int ossl_provider_available(OSSL_PROVIDER *prov); /* Return pointer to the provider's context */ void *ossl_provider_ctx(const OSSL_PROVIDER *prov); diff --git a/include/internal/symhacks.h b/include/internal/symhacks.h index 2b09604619..6e8f78e642 100644 --- a/include/internal/symhacks.h +++ b/include/internal/symhacks.h @@ -14,6 +14,9 @@ # if defined(OPENSSL_SYS_VMS) +/* ossl_provider_available vs OSSL_PROVIDER_available */ +# undef ossl_provider_available +# define ossl_provider_available ossl_int_prov_available /* ossl_provider_get_param_types vs OSSL_PROVIDER_get_param_types */ # undef ossl_provider_get_param_types # define ossl_provider_get_param_types ossl_int_prov_get_param_types diff --git a/include/openssl/provider.h b/include/openssl/provider.h index 68d5d10a12..d5a62926a7 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -19,6 +19,7 @@ extern "C" { /* Load and unload a provider */ OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); +int OSSL_PROVIDER_available(OPENSSL_CTX *, const char *name); const OSSL_PARAM *OSSL_PROVIDER_get_param_types(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); diff --git a/test/default-and-legacy.cnf b/test/default-and-legacy.cnf new file mode 100644 index 0000000000..adfa225f64 --- /dev/null +++ b/test/default-and-legacy.cnf @@ -0,0 +1,14 @@ +openssl_conf = openssl_init + +[openssl_init] +providers = provider_sect + +[provider_sect] +default = default_sect +legacy = legacy_sect + +[default_sect] +activate = 1 + +[legacy_sect] +activate = 1 diff --git a/test/default.cnf b/test/default.cnf new file mode 100644 index 0000000000..12da8cb5bd --- /dev/null +++ b/test/default.cnf @@ -0,0 +1,10 @@ +openssl_conf = openssl_init + +[openssl_init] +providers = provider_sect + +[provider_sect] +default = default_sect + +[default_sect] +activate = 1 diff --git a/test/evp_test.c b/test/evp_test.c index 7e282031a1..5f2bcc623a 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -75,9 +75,6 @@ static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); -static OSSL_PROVIDER *defltprov = NULL; -static OSSL_PROVIDER *legacyprov = NULL; - /* * Compare two memory regions for equality, returning zero if they differ. * However, if there is expected to be an error and the actual error @@ -373,11 +370,6 @@ static int digest_test_parse(EVP_TEST *t, return evp_test_buffer_set_count(value, mdata->input); if (strcmp(keyword, "Ncopy") == 0) return evp_test_buffer_ncopy(value, mdata->input); - if (strcmp(keyword, "Legacy") == 0) { - if (legacyprov == NULL) - t->skip = 1; - return 1; - } return 0; } @@ -2899,6 +2891,33 @@ static char *take_value(PAIR *pp) return p; } +/* + * Return 1 if one of the providers named in the string is available. + * The provider names are separated with whitespace. + * NOTE: destructive function, it inserts '\0' after each provider name. + */ +static int prov_available(char *providers) +{ + char *p; + int more = 1; + + while (more) { + for (; isspace(*providers); providers++) + continue; + if (*providers == '\0') + break; /* End of the road */ + for (p = providers; *p != '\0' && !isspace(*p); p++) + continue; + if (*p == '\0') + more = 0; + else + *p = '\0'; + if (OSSL_PROVIDER_available(NULL, providers)) + return 1; /* Found one */ + } + return 0; +} + /* * Read and parse one test. Return 0 if failure, 1 if okay. */ @@ -3029,6 +3048,14 @@ top: } for (pp++, i = 1; i < t->s.numpairs; pp++, i++) { + if (strcmp(pp->key, "Availablein") == 0) { + if (!prov_available(pp->value)) { + TEST_info("skipping, providers not available: %s:%d", + t->s.test_file, t->s.start); + t->skip = 1; + return 0; + } + } if (strcmp(pp->key, "Result") == 0) { if (t->expected_err != NULL) { TEST_info("Line %d: multiple result lines", t->s.curr); @@ -3106,23 +3133,6 @@ int setup_tests(void) if (n == 0) return 0; - defltprov = OSSL_PROVIDER_load(NULL, "default"); - if (!TEST_ptr(defltprov)) - return 0; -#ifndef NO_LEGACY_MODULE - legacyprov = OSSL_PROVIDER_load(NULL, "legacy"); - if (!TEST_ptr(legacyprov)) { - OSSL_PROVIDER_unload(defltprov); - return 0; - } -#endif /* NO_LEGACY_MODULE */ - ADD_ALL_TESTS(run_file_tests, n); return 1; } - -void cleanup_tests(void) -{ - OSSL_PROVIDER_unload(legacyprov); - OSSL_PROVIDER_unload(defltprov); -} diff --git a/test/fips.cnf b/test/fips.cnf new file mode 100644 index 0000000000..0578c8481f --- /dev/null +++ b/test/fips.cnf @@ -0,0 +1,10 @@ +openssl_conf = openssl_init + +[openssl_init] +providers = provider_sect + +[provider_sect] +fips = fips_sect + +[fips_sect] +activate = 1 diff --git a/test/legacy.cnf b/test/legacy.cnf new file mode 100644 index 0000000000..60b09a1e34 --- /dev/null +++ b/test/legacy.cnf @@ -0,0 +1,10 @@ +openssl_conf = openssl_init + +[openssl_init] +providers = provider_sect + +[provider_sect] +legacy = legacy_sect + +[legacy_sect] +activate = 1 diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index c140f1a87e..ed21a5f1fe 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -10,19 +10,24 @@ use strict; use warnings; -use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir); +use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file); setup("test_evp"); -my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt", - "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt", - "evppkey_ecc.txt", "evpcase.txt", "evpaessiv.txt", "evpccmcavs.txt" ); +my @configs = qw( default-and-legacy.cnf fips.cnf ); +my @files = qw( evpciph.txt evpdigest.txt evpencod.txt evpkdf.txt + evppkey_kdf.txt evpmac.txt evppbe.txt evppkey.txt + evppkey_ecc.txt evpcase.txt evpaessiv.txt evpccmcavs.txt ); -plan tests => scalar(@files); +plan tests => scalar(@configs) * scalar(@files); $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -foreach my $f ( @files ) { - ok(run(test(["evp_test", data_file("$f")])), - "running evp_test $f"); +foreach (@configs) { + $ENV{OPENSSL_CONF} = srctop_file("test", $_); + + foreach my $f ( @files ) { + ok(run(test(["evp_test", data_file("$f")])), + "running evp_test $f"); + } } diff --git a/test/recipes/30-test_evp_data/evpdigest.txt b/test/recipes/30-test_evp_data/evpdigest.txt index e32c5dd6ab..45f79ed9bd 100644 --- a/test/recipes/30-test_evp_data/evpdigest.txt +++ b/test/recipes/30-test_evp_data/evpdigest.txt @@ -274,129 +274,129 @@ Output = 8215ef0796a20bcaaae116d3876c664a84983e441c3bd26ebaae4aa1f95129e5e54670f Title = MD4 tests Digest = MD4 +Availablein = legacy Input = "" Output = 31d6cfe0d16ae931b73c59d7e0c089c0 -Legacy = 1 Digest = MD4 +Availablein = legacy Input = "a" Output = bde52cb31de33e46245e05fbdbd6fb24 -Legacy = 1 Digest = MD4 +Availablein = legacy Input = "abc" Output = a448017aaf21d8525fc10ae87aa6729d -Legacy = 1 Digest = MD4 +Availablein = legacy Input = "message digest" Output = d9130a8164549fe818874806e1c7014b -Legacy = 1 Digest = MD4 +Availablein = legacy Input = "abcdefghijklmnopqrstuvwxyz" Output = d79e1c308aa5bbcdeea8ed63df412da9 -Legacy = 1 Digest = MD4 +Availablein = legacy Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" Output = 043f8582f241db351ce627e153e7f0e4 -Legacy = 1 Digest = MD4 +Availablein = legacy Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = e33b4ddc9c38f2199c3e7b164fcc0536 -Legacy = 1 Title = RIPEMD160 tests Digest = RIPEMD160 +Availablein = legacy Input = "" Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31 -Legacy = 1 Digest = RIPEMD160 +Availablein = legacy Input = "a" Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe -Legacy = 1 Digest = RIPEMD160 +Availablein = legacy Input = "abc" Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc -Legacy = 1 Digest = RIPEMD160 +Availablein = legacy Input = "message digest" Output = 5d0689ef49d2fae572b881b123a85ffa21595f36 -Legacy = 1 Digest = RIPEMD160 +Availablein = legacy Input = "abcdefghijklmnopqrstuvwxyz" Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc -Legacy = 1 Digest = RIPEMD160 +Availablein = legacy Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b -Legacy = 1 Digest = RIPEMD160 +Availablein = legacy Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" Output = b0e20b6e3116640286ed3a87a5713079b21f5189 -Legacy = 1 Digest = RIPEMD160 +Availablein = legacy Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb -Legacy = 1 Title = Whirlpool (from ISO/IEC 10118-3 test vector set) Digest = whirlpool +Availablein = legacy Input = "" Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3 -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "a" Output = 8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "abc" Output = 4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5 -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "message digest" Output = 378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "abcdefghijklmnopqrstuvwxyz" Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" Output = DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467 -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = 466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "abcdbcdecdefdefgefghfghighijhijk" Output = 2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD -Legacy = 1 Digest = whirlpool +Availablein = legacy Input = "aaaaaaaaaa" Count = 100000 Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01 -Legacy = 1 Title = SHA3 diff --git a/util/libcrypto.num b/util/libcrypto.num index 1533a88a93..81462480ca 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4699,3 +4699,4 @@ OSSL_PROVIDER_name 4804 3_0_0 EXIST::FUNCTION: EVP_CIPHER_do_all_ex 4805 3_0_0 EXIST::FUNCTION: EVP_MD_do_all_ex 4806 3_0_0 EXIST::FUNCTION: EVP_KEYEXCH_provider 4807 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_available 4808 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Fri Jul 26 16:58:42 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 26 Jul 2019 16:58:42 +0000 Subject: Errored: openssl/openssl#26912 (master - e2f7231) In-Reply-To: Message-ID: <5d3b314239300_43fcde46e3f102691b3@94abdd17-6c64-42bf-897f-bb1a4aa93d62.mail> Build Update for openssl/openssl ------------------------------------- Build: #26912 Status: Errored Duration: 26 mins and 59 secs Commit: e2f7231 (master) Author: Richard Levitte Message: test/recipes/30-test_evp.t: Modify to test with different providers Different providers will give different results, and we need to test them all. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9398) View the changeset: https://github.com/openssl/openssl/compare/166c0b98fd6e...e2f72313ccd1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/564095525?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Fri Jul 26 20:35:17 2019 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Fri, 26 Jul 2019 20:35:17 +0000 Subject: [openssl] master update Message-ID: <1564173317.469558.11331.nullmailer@dev.openssl.org> The branch master has been updated via 5d00f46e1527235ecd28a14c5413355c3ea66dfc (commit) from e2f72313ccd168eb571b8a4c7cfaf0bf46bdcf9f (commit) - Log ----------------------------------------------------------------- commit 5d00f46e1527235ecd28a14c5413355c3ea66dfc Author: Patrick Steuer Date: Thu Jul 18 11:42:58 2019 +0200 s390x assembly pack: use getauxval to detect hw capabilities if available. Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9410) ----------------------------------------------------------------------- Summary of changes: crypto/s390xcap.c | 95 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 63 insertions(+), 32 deletions(-) diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 7d06695949..5123e14fa6 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -16,6 +16,13 @@ #include "internal/ctype.h" #include "s390x_arch.h" +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 16) +# include +# define OSSL_IMPLEMENT_GETAUXVAL +# endif +#endif + #define LEN 128 #define STR_(S) #S #define STR(S) STR_(S) @@ -47,25 +54,26 @@ memcpy(cap, &NAME, sizeof(*cap)); \ } +#ifndef OSSL_IMPLEMENT_GETAUXVAL static sigjmp_buf ill_jmp; static void ill_handler(int sig) { siglongjmp(ill_jmp, sig); } +void OPENSSL_vx_probe(void); +#endif + static const char *env; static int parse_env(struct OPENSSL_s390xcap_st *cap); void OPENSSL_s390x_facilities(void); void OPENSSL_s390x_functions(void); -void OPENSSL_vx_probe(void); struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; void OPENSSL_cpuid_setup(void) { - sigset_t oset; - struct sigaction ill_act, oact_ill, oact_fpe; struct OPENSSL_s390xcap_st cap; if (OPENSSL_s390xcap_P.stfle[0]) @@ -74,47 +82,70 @@ void OPENSSL_cpuid_setup(void) /* set a bit that will not be tested later */ OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0); +#ifdef OSSL_IMPLEMENT_GETAUXVAL + { + const unsigned long hwcap = getauxval(AT_HWCAP); + + /* protection against missing store-facility-list-extended */ + if (hwcap & HWCAP_S390_STFLE) + OPENSSL_s390x_facilities(); + + /* protection against disabled vector facility */ + if (!(hwcap & HWCAP_S390_VX)) { + OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE)); + } + } +#else + { + sigset_t oset; + struct sigaction ill_act, oact_ill, oact_fpe; + + memset(&ill_act, 0, sizeof(ill_act)); + ill_act.sa_handler = ill_handler; + sigfillset(&ill_act.sa_mask); + sigdelset(&ill_act.sa_mask, SIGILL); + sigdelset(&ill_act.sa_mask, SIGFPE); + sigdelset(&ill_act.sa_mask, SIGTRAP); + + sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); + sigaction(SIGILL, &ill_act, &oact_ill); + sigaction(SIGFPE, &ill_act, &oact_fpe); + + /* protection against missing store-facility-list-extended */ + if (sigsetjmp(ill_jmp, 1) == 0) + OPENSSL_s390x_facilities(); + + /* protection against disabled vector facility */ + if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX)) + && (sigsetjmp(ill_jmp, 1) == 0)) { + OPENSSL_vx_probe(); + } else { + OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE)); + } + + sigaction(SIGFPE, &oact_fpe, NULL); + sigaction(SIGILL, &oact_ill, NULL); + sigprocmask(SIG_SETMASK, &oset, NULL); + } +#endif + env = getenv("OPENSSL_s390xcap"); if (env != NULL) { if (!parse_env(&cap)) env = NULL; } - memset(&ill_act, 0, sizeof(ill_act)); - ill_act.sa_handler = ill_handler; - sigfillset(&ill_act.sa_mask); - sigdelset(&ill_act.sa_mask, SIGILL); - sigdelset(&ill_act.sa_mask, SIGFPE); - sigdelset(&ill_act.sa_mask, SIGTRAP); - sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); - sigaction(SIGILL, &ill_act, &oact_ill); - sigaction(SIGFPE, &ill_act, &oact_fpe); - - /* protection against missing store-facility-list-extended */ - if (sigsetjmp(ill_jmp, 1) == 0) - OPENSSL_s390x_facilities(); - if (env != NULL) { OPENSSL_s390xcap_P.stfle[0] &= cap.stfle[0]; OPENSSL_s390xcap_P.stfle[1] &= cap.stfle[1]; OPENSSL_s390xcap_P.stfle[2] &= cap.stfle[2]; } - /* protection against disabled vector facility */ - if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX)) - && (sigsetjmp(ill_jmp, 1) == 0)) { - OPENSSL_vx_probe(); - } else { - OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE)); - } - - sigaction(SIGFPE, &oact_fpe, NULL); - sigaction(SIGILL, &oact_ill, NULL); - sigprocmask(SIG_SETMASK, &oset, NULL); - - OPENSSL_s390x_functions(); + OPENSSL_s390x_functions(); /* check OPENSSL_s390xcap_P.stfle */ if (env != NULL) { OPENSSL_s390xcap_P.kimd[0] &= cap.kimd[0]; From builds at travis-ci.org Fri Jul 26 20:55:49 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 26 Jul 2019 20:55:49 +0000 Subject: Failed: openssl/openssl#26913 (master - 5d00f46) In-Reply-To: Message-ID: <5d3b68d57645b_43fb525ddf1c0314134@a6cde00a-2eaf-46a0-911d-8aed5ff0fa30.mail> Build Update for openssl/openssl ------------------------------------- Build: #26913 Status: Failed Duration: 19 mins and 56 secs Commit: 5d00f46 (master) Author: Patrick Steuer Message: s390x assembly pack: use getauxval to detect hw capabilities if available. Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9410) View the changeset: https://github.com/openssl/openssl/compare/e2f72313ccd1...5d00f46e1527 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/564186272?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jul 28 07:39:44 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 28 Jul 2019 07:39:44 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5d3d513febe3d_6b6e2ad3791d4f58859@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1PgohUNk8Csqrwc7r7fm8cTVcchbShyvlheJU8tiWGngpMB98YokMxUBxbGe21VryKX81bzTYHJmvzDdtsUNe3hucln96hB7jXyrNeUIStkLEyZrLzt2uzARbmnFcrG1qUOhDVaWNfRXoR4-2BtZQP-2BBM9O6N11sfxM2L974g-2BjPaEOm8wEJy0GggKcHnvfxvdM-3D Build ID: 266153 Analysis Summary: New defects found: 3 Defects eliminated: 3 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6zzUI-2FRfbrE6mNOeeukHUQw-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1PgohUNk8Csqrwc7r7fm8cTVcchbShyvlheJU8tiWGnvahihStaNucPICM9oflNdJ4-2B5qhctqkmleKOF-2FXynUu6yhWdBAcELkJLFrXpLa2i1AN37xRCkFB8NR-2BowV0WcWtmpFjfujnhS5JKzvchzmrV9l1Q1v-2B7-2FvXRJjDott9TtiIL1vG4AktmKQ-2BjIK0uQY-3D From scan-admin at coverity.com Sun Jul 28 07:46:20 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 28 Jul 2019 07:46:20 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5d3d52ccd9ff_6e982ad3791d4f5885f0@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2sXHHaCMaM-2FqpSvO-2BpCbgzQKVbxLs6UknMcyTbutx7pD5d1-2BtxPQYSIpHrFf3ZZeMn6puA-2BQTi-2FjXTpSJTWCDhaLvlJeFW1HfHFzMLtKaVjHbhM3XPcRNVNvnYVUC1029gf6g7TCd6bd1OTfnfLG8eqvl5PNXuBOrx6k-2BesG-2BIEE67NBCj9j87Awa1ck7fS4Y-3D Build ID: 266154 Analysis Summary: New defects found: 0 Defects eliminated: 0 From pauli at openssl.org Sun Jul 28 23:13:52 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 28 Jul 2019 23:13:52 +0000 Subject: [openssl] master update Message-ID: <1564355632.869587.17164.nullmailer@dev.openssl.org> The branch master has been updated via e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22 (commit) from 5d00f46e1527235ecd28a14c5413355c3ea66dfc (commit) - Log ----------------------------------------------------------------- commit e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22 Author: Pauli Date: Fri Jul 26 12:56:01 2019 +1000 Add weak platform independent PRNG to test framework. Implement the GNU C library's random(3) pseudorandom number generator. The algorithm is described: https://www.mscs.dal.ca/~selinger/random/ The rationale is to make the tests repeatable across differing platforms with different underlying implementations of the random(3) library call. More specifically: when executing tests with random ordering. [extended tests] Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9463) ----------------------------------------------------------------------- Summary of changes: test/build.info | 2 +- test/testutil.h | 8 ++++++++ test/testutil/driver.c | 6 +++--- test/testutil/random.c | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 test/testutil/random.c diff --git a/test/build.info b/test/build.info index f9d429eba8..595a0da2ae 100644 --- a/test/build.info +++ b/test/build.info @@ -22,7 +22,7 @@ IF[{- !$disabled{tests} -}] testutil/format_output.c testutil/tap_bio.c \ testutil/test_cleanup.c testutil/main.c testutil/init.c \ testutil/options.c testutil/test_options.c \ - testutil/apps_mem.c $LIBAPPSSRC + testutil/apps_mem.c testutil/random.c $LIBAPPSSRC INCLUDE[libtestutil.a]=../include ../apps/include .. DEPEND[libtestutil.a]=../libcrypto diff --git a/test/testutil.h b/test/testutil.h index 3a5c4866da..00e2d0aa81 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -537,4 +537,12 @@ void test_clearstanza(STANZA *s); */ char *glue_strings(const char *list[], size_t *out_len); +/* + * Pseudo random number generator of low quality but having repeatability + * across platforms. The two calls are replacements for random(3) and + * srandom(3). + */ +uint32_t test_random(void); +void test_random_seed(uint32_t sd); + #endif /* HEADER_TESTUTIL_H */ diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 40ed3736c5..7a67a0587c 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -114,7 +114,7 @@ static void set_seed(int s) seed = (int)time(NULL); test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed); test_flush_stdout(); - srand(seed); + test_random_seed(seed); } @@ -326,7 +326,7 @@ int run_tests(const char *test_prog_name) permute[i] = i; if (seed != 0) for (i = num_tests - 1; i >= 1; i--) { - j = rand() % (1 + i); + j = test_random() % (1 + i); ii = permute[j]; permute[j] = permute[i]; permute[i] = ii; @@ -373,7 +373,7 @@ int run_tests(const char *test_prog_name) jstep = 1; else do - jstep = rand() % all_tests[i].num; + jstep = test_random() % all_tests[i].num; while (jstep == 0 || gcd(all_tests[i].num, jstep) != 1); for (jj = 0; jj < all_tests[i].num; jj++) { diff --git a/test/testutil/random.c b/test/testutil/random.c new file mode 100644 index 0000000000..45d0bb5f05 --- /dev/null +++ b/test/testutil/random.c @@ -0,0 +1,40 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" + +/* + * This is an implementation of the algorithm used by the GNU C library's + * random(3) pseudorandom number generator as described: + * https://www.mscs.dal.ca/~selinger/random/ + */ +static uint32_t test_random_state[31]; + +uint32_t test_random(void) { + static unsigned int pos = 3; + + if (pos == 31) + pos = 0; + test_random_state[pos] += test_random_state[(pos + 28) % 31]; + return test_random_state[pos++] / 2; +} + +void test_random_seed(uint32_t sd) { + int i; + int32_t s; + const unsigned int mod = (1u << 31) - 1; + + test_random_state[0] = sd; + for (i = 1; i < 31; i++) { + s = (int32_t)test_random_state[i - 1]; + test_random_state[i] = (uint32_t)((16807 * (int64_t)s) % mod); + } + for (i = 34; i < 344; i++) + test_random(); +} From pauli at openssl.org Sun Jul 28 23:21:10 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 28 Jul 2019 23:21:10 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564356070.525845.19467.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7de305510a07729be3cc80a0fb10561732ee4f31 (commit) from e4a282fe030363a87d52d4a3214eb7490036015e (commit) - Log ----------------------------------------------------------------- commit 7de305510a07729be3cc80a0fb10561732ee4f31 Author: Pauli Date: Fri Jul 26 12:56:01 2019 +1000 Add weak platform independent PRNG to test framework. Implement the GNU C library's random(3) pseudorandom number generator. The algorithm is described: https://www.mscs.dal.ca/~selinger/random/ The rationale is to make the tests repeatable across differing platforms with different underlying implementations of the random(3) library call. More specifically: when executing tests with random ordering. [extended tests] Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9463) (cherry picked from commit e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22) ----------------------------------------------------------------------- Summary of changes: test/build.info | 3 ++- test/testutil.h | 8 ++++++++ test/testutil/driver.c | 6 +++--- test/testutil/random.c | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 53 insertions(+), 4 deletions(-) create mode 100644 test/testutil/random.c diff --git a/test/build.info b/test/build.info index a2fb0e2e1e..1727f28626 100644 --- a/test/build.info +++ b/test/build.info @@ -12,7 +12,8 @@ IF[{- !$disabled{tests} -}] SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \ testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \ testutil/format_output.c testutil/tap_bio.c \ - testutil/test_cleanup.c testutil/main.c testutil/init.c + testutil/test_cleanup.c testutil/main.c testutil/init.c \ + testutil/random.c INCLUDE[libtestutil.a]=../include DEPEND[libtestutil.a]=../libcrypto diff --git a/test/testutil.h b/test/testutil.h index 6391905647..db0c74ef88 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -454,4 +454,12 @@ void test_clearstanza(STANZA *s); */ char *glue_strings(const char *list[], size_t *out_len); +/* + * Pseudo random number generator of low quality but having repeatability + * across platforms. The two calls are replacements for random(3) and + * srandom(3). + */ +uint32_t test_random(void); +void test_random_seed(uint32_t sd); + #endif /* HEADER_TESTUTIL_H */ diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 6e9914c48d..48f94aea1e 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -112,7 +112,7 @@ void setup_test_framework() seed = (int)time(NULL); test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed); test_flush_stdout(); - srand(seed); + test_random_seed(seed); } #ifndef OPENSSL_NO_CRYPTO_MDEBUG @@ -190,7 +190,7 @@ int run_tests(const char *test_prog_name) permute[i] = i; if (seed != 0) for (i = num_tests - 1; i >= 1; i--) { - j = rand() % (1 + i); + j = test_random() % (1 + i); ii = permute[j]; permute[j] = permute[i]; permute[i] = ii; @@ -228,7 +228,7 @@ int run_tests(const char *test_prog_name) jstep = 1; else do - jstep = rand() % all_tests[i].num; + jstep = test_random() % all_tests[i].num; while (jstep == 0 || gcd(all_tests[i].num, jstep) != 1); for (jj = 0; jj < all_tests[i].num; jj++) { diff --git a/test/testutil/random.c b/test/testutil/random.c new file mode 100644 index 0000000000..45d0bb5f05 --- /dev/null +++ b/test/testutil/random.c @@ -0,0 +1,40 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" + +/* + * This is an implementation of the algorithm used by the GNU C library's + * random(3) pseudorandom number generator as described: + * https://www.mscs.dal.ca/~selinger/random/ + */ +static uint32_t test_random_state[31]; + +uint32_t test_random(void) { + static unsigned int pos = 3; + + if (pos == 31) + pos = 0; + test_random_state[pos] += test_random_state[(pos + 28) % 31]; + return test_random_state[pos++] / 2; +} + +void test_random_seed(uint32_t sd) { + int i; + int32_t s; + const unsigned int mod = (1u << 31) - 1; + + test_random_state[0] = sd; + for (i = 1; i < 31; i++) { + s = (int32_t)test_random_state[i - 1]; + test_random_state[i] = (uint32_t)((16807 * (int64_t)s) % mod); + } + for (i = 34; i < 344; i++) + test_random(); +} From builds at travis-ci.org Sun Jul 28 23:46:56 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 28 Jul 2019 23:46:56 +0000 Subject: Still Failing: openssl/openssl#26937 (OpenSSL_1_1_1-stable - 7de3055) In-Reply-To: Message-ID: <5d3e33efea684_43ffcd23480c81361b@b2f8ae32-52d8-4d4b-823d-2f42193773e1.mail> Build Update for openssl/openssl ------------------------------------- Build: #26937 Status: Still Failing Duration: 24 mins and 24 secs Commit: 7de3055 (OpenSSL_1_1_1-stable) Author: Pauli Message: Add weak platform independent PRNG to test framework. Implement the GNU C library's random(3) pseudorandom number generator. The algorithm is described: https://www.mscs.dal.ca/~selinger/random/ The rationale is to make the tests repeatable across differing platforms with different underlying implementations of the random(3) library call. More specifically: when executing tests with random ordering. [extended tests] Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9463) (cherry picked from commit e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22) View the changeset: https://github.com/openssl/openssl/compare/e4a282fe0303...7de305510a07 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/564750232?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sun Jul 28 23:35:08 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 28 Jul 2019 23:35:08 +0000 Subject: Still Failing: openssl/openssl#26936 (master - e9a5932) In-Reply-To: Message-ID: <5d3e312c21813_43fd62952ff14453c9@dc9a054d-c143-4969-aad3-d521ef3426b6.mail> Build Update for openssl/openssl ------------------------------------- Build: #26936 Status: Still Failing Duration: 20 mins and 34 secs Commit: e9a5932 (master) Author: Pauli Message: Add weak platform independent PRNG to test framework. Implement the GNU C library's random(3) pseudorandom number generator. The algorithm is described: https://www.mscs.dal.ca/~selinger/random/ The rationale is to make the tests repeatable across differing platforms with different underlying implementations of the random(3) library call. More specifically: when executing tests with random ordering. [extended tests] Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9463) View the changeset: https://github.com/openssl/openssl/compare/5d00f46e1527...e9a5932d04f6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/564748976?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 29 02:33:59 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 29 Jul 2019 02:33:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1564367639.381483.14813.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 5d00f46e15 s390x assembly pack: use getauxval to detect hw capabilities e2f72313cc test/recipes/30-test_evp.t: Modify to test with different providers 3b5d61f472 test/evp_test.c: modify to use OSSL_PROVIDER_available() 36f5ec55e6 Add functions to see if a provider is available for use. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1659, 273 wallclock secs ( 3.16 usr 0.37 sys + 260.81 cusr 22.90 csys = 287.24 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 29 06:38:20 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 29 Jul 2019 06:38:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1564382300.357289.10546.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 5d00f46e15 s390x assembly pack: use getauxval to detect hw capabilities e2f72313cc test/recipes/30-test_evp.t: Modify to test with different providers 3b5d61f472 test/evp_test.c: modify to use OSSL_PROVIDER_available() 36f5ec55e6 Add functions to see if a provider is available for use. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:188: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:182: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:214: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:221: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:212: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:293: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:297: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:290: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:307: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:310: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:313: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:386: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:403: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:452: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:453: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:158: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:160: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:161: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:163: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:255: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7183: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon Jul 29 13:16:36 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 29 Jul 2019 13:16:36 +0000 Subject: Build failed: openssl master.26368 Message-ID: <20190729131636.1.A3FEB94791A4D5F4@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jul 29 14:04:24 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 29 Jul 2019 14:04:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1564409064.247962.18268.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 5d00f46e15 s390x assembly pack: use getauxval to detect hw capabilities e2f72313cc test/recipes/30-test_evp.t: Modify to test with different providers 3b5d61f472 test/evp_test.c: modify to use OSSL_PROVIDER_available() 36f5ec55e6 Add functions to see if a provider is available for use. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1574, 238 wallclock secs ( 1.80 usr 0.38 sys + 228.73 cusr 20.96 csys = 251.87 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 29 14:54:20 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 29 Jul 2019 14:54:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1564412060.763748.11177.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 5d00f46e15 s390x assembly pack: use getauxval to detect hw capabilities e2f72313cc test/recipes/30-test_evp.t: Modify to test with different providers 3b5d61f472 test/evp_test.c: modify to use OSSL_PROVIDER_available() 36f5ec55e6 Add functions to see if a provider is available for use. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1574, 240 wallclock secs ( 1.88 usr 0.35 sys + 232.60 cusr 21.93 csys = 256.76 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jul 29 20:21:36 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 29 Jul 2019 20:21:36 +0000 Subject: Build completed: openssl master.26369 Message-ID: <20190729202136.1.8B9F1C756F36714A@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 30 02:37:56 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 30 Jul 2019 02:37:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1564454276.558882.18675.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: e9a5932d04 Add weak platform independent PRNG to test framework. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1659, 257 wallclock secs ( 3.12 usr 0.44 sys + 242.87 cusr 23.63 csys = 270.06 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Tue Jul 30 05:08:43 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 30 Jul 2019 05:08:43 +0000 Subject: [openssl] master update Message-ID: <1564463323.262554.21019.nullmailer@dev.openssl.org> The branch master has been updated via 10f8b36874fca928c3f41834babac8ee94dd3f09 (commit) from e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22 (commit) - Log ----------------------------------------------------------------- commit 10f8b36874fca928c3f41834babac8ee94dd3f09 Author: Richard Levitte Date: Thu Jul 25 17:51:30 2019 +0200 ERR: re-use the err_data field when possible To deallocate the err_data field and then allocating it again might be a waste of processing, but may also be a source of errors when memory is scarce. While we normally tolerate that, the ERR sub-system is an exception and we need to pay closer attention to how we handle memory. This adds a new err_data flag, ERR_TXT_IGNORE, which means that even if there is err_data memory allocated, its contents should be ignored. Deallocation of the err_data field is much more selective, aand should only happen when ERR_free_state() is called. Fixes #9458 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9459) ----------------------------------------------------------------------- Summary of changes: crypto/err/err.c | 106 +++++++++++++++++++++++++++++++++++--------------- include/openssl/err.h | 1 + 2 files changed, 75 insertions(+), 32 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 71b1049a5d..7a35512f87 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -235,18 +235,34 @@ static void build_SYS_str_reasons(void) } #endif -#define err_clear_data(p, i) \ - do { \ - if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) {\ - OPENSSL_free((p)->err_data[i]); \ - (p)->err_data[i] = NULL; \ - } \ - (p)->err_data_flags[i] = 0; \ +#define err_get_slot(p) \ + do { \ + (p)->top = ((p)->top + 1) % ERR_NUM_ERRORS; \ + if ((p)->top == (p)->bottom) \ + (p)->bottom = ((p)->bottom + 1) % ERR_NUM_ERRORS; \ + } while (0) + +#define err_clear_data(p, i, deall) \ + do { \ + if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) { \ + if (deall) { \ + OPENSSL_free((p)->err_data[i]); \ + (p)->err_data[i] = NULL; \ + (p)->err_data_size[i] = 0; \ + (p)->err_data_flags[i] = 0; \ + } else if ((p)->err_data[i] != NULL) { \ + (p)->err_data[i][0] = '\0'; \ + } \ + } else { \ + (p)->err_data[i] = NULL; \ + (p)->err_data_size[i] = 0; \ + (p)->err_data_flags[i] = 0; \ + } \ } while (0) -#define err_clear(p, i) \ +#define err_clear(p, i, deall) \ do { \ - err_clear_data(p, i); \ + err_clear_data((p), (i), (deall)); \ (p)->err_flags[i] = 0; \ (p)->err_buffer[i] = 0; \ (p)->err_file[i] = NULL; \ @@ -260,7 +276,7 @@ static void ERR_STATE_free(ERR_STATE *s) if (s == NULL) return; for (i = 0; i < ERR_NUM_ERRORS; i++) { - err_clear_data(s, i); + err_clear_data(s, i, 1); } OPENSSL_free(s); } @@ -406,14 +422,11 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line) if (es == NULL) return; - es->top = (es->top + 1) % ERR_NUM_ERRORS; - if (es->top == es->bottom) - es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS; - es->err_flags[es->top] = 0; + err_get_slot(es); + err_clear(es, es->top, 0); es->err_buffer[es->top] = ERR_PACK(lib, func, reason); es->err_file[es->top] = file; es->err_line[es->top] = line; - err_clear_data(es, es->top); } void ERR_clear_error(void) @@ -426,7 +439,7 @@ void ERR_clear_error(void) return; for (i = 0; i < ERR_NUM_ERRORS; i++) { - err_clear(es, i); + err_clear(es, i, 0); } es->top = es->bottom = 0; } @@ -506,14 +519,14 @@ static unsigned long get_error_values(int inc, int top, const char **file, while (es->bottom != es->top) { if (es->err_flags[es->top] & ERR_FLAG_CLEAR) { - err_clear(es, es->top); + err_clear(es, es->top, 0); es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1; continue; } i = (es->bottom + 1) % ERR_NUM_ERRORS; if (es->err_flags[i] & ERR_FLAG_CLEAR) { es->bottom = i; - err_clear(es, es->bottom); + err_clear(es, es->bottom, 0); continue; } break; @@ -545,7 +558,7 @@ static unsigned long get_error_values(int inc, int top, const char **file, if (data == NULL) { if (inc) { - err_clear_data(es, i); + err_clear_data(es, i, 0); } } else { if (es->err_data[i] == NULL) { @@ -772,7 +785,8 @@ int ERR_get_next_error_library(void) return ret; } -static int err_set_error_data_int(char *data, int flags) +static int err_set_error_data_int(char *data, size_t size, int flags, + int deallocate) { ERR_STATE *es; int i; @@ -783,8 +797,9 @@ static int err_set_error_data_int(char *data, int flags) i = es->top; - err_clear_data(es, i); + err_clear_data(es, es->top, deallocate); es->err_data[i] = data; + es->err_data_size[i] = size; es->err_data_flags[i] = flags; return 1; @@ -795,8 +810,18 @@ void ERR_set_error_data(char *data, int flags) /* * This function is void so we cannot propagate the error return. Since it * is also in the public API we can't change the return type. + * + * We estimate the size of the data. If it's not flagged as allocated, + * then this is safe, and if it is flagged as allocated, then our size + * may be smaller than the actual allocation, but that doesn't matter + * too much, the buffer will remain untouched or will eventually be + * reallocated to a new size. + * + * callers should be advised that this function takes over ownership of + * the allocated memory, i.e. they can't count on the pointer to remain + * valid. */ - err_set_error_data_int(data, flags); + err_set_error_data_int(data, strlen(data) + 1, flags, 1); } void ERR_add_error_data(int num, ...) @@ -810,7 +835,8 @@ void ERR_add_error_data(int num, ...) void ERR_add_error_vdata(int num, va_list args) { int i, len, size; - char *str, *p, *arg; + int flags = ERR_TXT_MALLOCED | ERR_TXT_STRING; + char *str, *arg; ERR_STATE *es; /* Get the current error data; if an allocated string get it. */ @@ -818,16 +844,30 @@ void ERR_add_error_vdata(int num, va_list args) if (es == NULL) return; i = es->top; - p = es->err_data_flags[i] == (ERR_TXT_MALLOCED | ERR_TXT_STRING) - ? es->err_data[i] : ""; - /* Start with initial (or empty) string and allocate a new buffer */ - size = 80 + strlen(p); - if ((str = OPENSSL_malloc(size + 1)) == NULL) { - /* ERRerr(ERR_F_ERR_ADD_ERROR_VDATA, ERR_R_MALLOC_FAILURE); */ + /* + * If err_data is allocated already, re-use the space. + * Otherwise, allocate a small new buffer. + */ + if ((es->err_data_flags[i] & flags) == flags) { + str = es->err_data[i]; + size = es->err_data_size[i]; + + /* + * To protect the string we just grabbed from tampering by other + * functions we may call, or to protect them from freeing a pointer + * that may no longer be valid at that point, we clear away the + * data pointer and the flags. We will set them again at the end + * of this function. + */ + es->err_data[i] = NULL; + es->err_data_flags[i] = 0; + } else if ((str = OPENSSL_malloc(size = 81)) == NULL) { return; + } else { + str[0] = '\0'; } - strcpy(str, p); + len = strlen(str); for (len = 0; --num >= 0; ) { arg = va_arg(args, char *); @@ -835,6 +875,8 @@ void ERR_add_error_vdata(int num, va_list args) arg = ""; len += strlen(arg); if (len > size) { + char *p; + size = len + 20; p = OPENSSL_realloc(str, size + 1); if (p == NULL) { @@ -845,7 +887,7 @@ void ERR_add_error_vdata(int num, va_list args) } OPENSSL_strlcat(str, arg, (size_t)size + 1); } - if (!err_set_error_data_int(str, ERR_TXT_MALLOCED | ERR_TXT_STRING)) + if (!err_set_error_data_int(str, size, flags, 0)) OPENSSL_free(str); } @@ -873,7 +915,7 @@ int ERR_pop_to_mark(void) while (es->bottom != es->top && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { - err_clear(es, es->top); + err_clear(es, es->top, 0); es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1; } diff --git a/include/openssl/err.h b/include/openssl/err.h index 3fa30ab2c1..e84bc68a4e 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -46,6 +46,7 @@ typedef struct err_state_st { int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; + size_t err_data_size[ERR_NUM_ERRORS]; int err_data_flags[ERR_NUM_ERRORS]; const char *err_file[ERR_NUM_ERRORS]; int err_line[ERR_NUM_ERRORS]; From openssl at openssl.org Tue Jul 30 06:39:47 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 30 Jul 2019 06:39:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1564468787.215448.14175.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: e9a5932d04 Add weak platform independent PRNG to test framework. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:188: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:182: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:214: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:221: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:212: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:293: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:297: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:290: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:307: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:310: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:313: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:386: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:403: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:452: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:453: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:158: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:160: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:161: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:163: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:255: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7191: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Tue Jul 30 08:58:04 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 30 Jul 2019 08:58:04 +0000 Subject: [openssl] master update Message-ID: <1564477084.137548.29782.nullmailer@dev.openssl.org> The branch master has been updated via d753cc333d941d0990ce74821c80b0bfb81e10dc (commit) from 10f8b36874fca928c3f41834babac8ee94dd3f09 (commit) - Log ----------------------------------------------------------------- commit d753cc333d941d0990ce74821c80b0bfb81e10dc Author: Pauli Date: Sun Jul 28 18:21:07 2019 +1000 Fix coverity 1452084 Fix coverity 1452083 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9470) ----------------------------------------------------------------------- Summary of changes: providers/common/exchange/dh_exch.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/providers/common/exchange/dh_exch.c b/providers/common/exchange/dh_exch.c index 439b28a27e..b4bfd5f419 100644 --- a/providers/common/exchange/dh_exch.c +++ b/providers/common/exchange/dh_exch.c @@ -42,22 +42,22 @@ static int dh_init(void *vpdhctx, void *vdh) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; + if (pdhctx == NULL || vdh == NULL || !DH_up_ref(vdh)) + return 0; DH_free(pdhctx->dh); pdhctx->dh = vdh; - DH_up_ref(pdhctx->dh); - - return pdhctx->dh != NULL; + return 1; } static int dh_set_peer(void *vpdhctx, void *vdh) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; + if (pdhctx == NULL || vdh == NULL || !DH_up_ref(vdh)) + return 0; DH_free(pdhctx->dhpeer); pdhctx->dhpeer = vdh; - DH_up_ref(pdhctx->dhpeer); - - return pdhctx->dhpeer != NULL; + return 1; } static int dh_derive(void *vpdhctx, unsigned char *key, size_t *keylen, From matt at openssl.org Tue Jul 30 09:17:54 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 30 Jul 2019 09:17:54 +0000 Subject: [openssl] master update Message-ID: <1564478274.159623.3748.nullmailer@dev.openssl.org> The branch master has been updated via 11dbdc0714b117fcac4af59d61184b0770fcee7e (commit) from d753cc333d941d0990ce74821c80b0bfb81e10dc (commit) - Log ----------------------------------------------------------------- commit 11dbdc0714b117fcac4af59d61184b0770fcee7e Author: Matt Caswell Date: Thu Jul 25 11:55:00 2019 +0100 Document the provider CIPHER operation Extends the existing provider documentation with information about the CIPHER operation. This is primarily for provider authors. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9473) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 5 +- doc/man3/EVP_EncryptInit.pod | 7 +- doc/man7/provider-cipher.pod | 316 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 323 insertions(+), 5 deletions(-) create mode 100644 doc/man7/provider-cipher.pod diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 0873bae81a..b2c0a260e6 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1216,9 +1216,8 @@ static void *evp_cipher_from_dispatch(const char *name, /* * In order to be a consistent set of functions we must have at least * a complete set of "encrypt" functions, or a complete set of "decrypt" - * functions, or a single "cipher" function. In all cases we need a - * complete set of context management functions, as well as the - * blocksize, iv_length and key_length functions. + * functions, or a single "cipher" function. In all cases we need both + * the "newctx" and "freectx" functions. */ EVP_CIPHER_meth_free(cipher); EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 43ed7f90c2..083bba7996 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -278,8 +278,11 @@ an B structure. EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, -EVP_CIPH_WRAP_MODE or EVP_CIPH_OCB_MODE. If the cipher is a stream cipher then -EVP_CIPH_STREAM_CIPHER is returned. +EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. If the cipher is a +stream cipher then EVP_CIPH_STREAM_CIPHER is returned. + +EVP_CIPHER_flags() returns any flags associated with the cipher. See +EVP_CIPHER_meth_set_flags() for a list of currently defined flags. EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will typically include any parameters and an diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod new file mode 100644 index 0000000000..08cfebfb25 --- /dev/null +++ b/doc/man7/provider-cipher.pod @@ -0,0 +1,316 @@ +=pod + +=head1 NAME + +provider-cipher - The cipher library E-E provider functions + +=head1 SYNOPSIS + +=for comment multiple includes + + #include + #include + + /* + * None of these are actual functions, but are displayed like this for + * the function signatures for functions that are offered as function + * pointers in OSSL_DISPATCH arrays. + */ + + /* Context management */ + void *OP_cipher_newctx(void *provctx); + void OP_cipher_freectx(void *cctx); + void *OP_cipher_dupctx(void *cctx); + + /* Encryption/decryption */ + int OP_cipher_encrypt_init(void *cctx, const unsigned char *key, + size_t keylen, const unsigned char *iv, + size_t ivlen); + int OP_cipher_decrypt_init(void *cctx, const unsigned char *key, + size_t keylen, const unsigned char *iv, + size_t ivlen); + int OP_cipher_update(void *cctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, size_t inl); + int OP_cipher_final(void *cctx, unsigned char *out, size_t *outl, + size_t outsize); + int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, size_t inl); + + /* Cipher parameters */ + int OP_cipher_get_params(OSSL_PARAM params[]); + int OP_cipher_ctx_get_params(void *cctx, OSSL_PARAM params[]); + int OP_cipher_ctx_set_params(void *cctx, const OSSL_PARAM params[]); + +=head1 DESCRIPTION + +This documentation is primarily aimed at provider authors. See L +for further information. + +The CIPHER operation enables providers to implement cipher algorithms and make +them available to applications via the API functions L, +L and L (as well as the decrypt +equivalents and other related functions). + +All "functions" mentioned here are passed as function pointers between +F and the provider in B arrays via +B arrays that are returned by the provider's +provider_query_operation() function +(see L). + +All these "functions" have a corresponding function type definition +named B, and a helper function to retrieve the +function pointer from an B element named +B. +For example, the "function" OP_cipher_newctx() has these: + + typedef void *(OSSL_OP_cipher_newctx_fn)(void *provctx); + static ossl_inline OSSL_OP_cipher_newctx_fn + OSSL_get_OP_cipher_newctx(const OSSL_DISPATCH *opf); + +B arrays are indexed by numbers that are provided as +macros in L, as follows: + + OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX + OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX + OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX + + OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT + OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT + OP_cipher_update OSSL_FUNC_CIPHER_UPDATE + OP_cipher_final OSSL_FUNC_CIPHER_FINAL + OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER + + OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS + OP_cipher_ctx_get_params OSSL_FUNC_CIPHER_CTX_GET_PARAMS + OP_cipher_ctx_set_params OSSL_FUNC_CIPHER_CTX_SET_PARAMS + +A cipher algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions there must at least be a complete +set of "encrypt" functions, or a complete set of "decrypt" functions, or a +single "cipher" function. +In all cases both the OP_cipher_newctx and OP_cipher_freectx functions must be +present. +All other functions are optional. + +=head2 Context Management Functions + +OP_cipher_newctx() should create and return a pointer to a provider side +structure for holding context information during a cipher operation. +A pointer to this context will be passed back in a number of the other cipher +operation function calls. +The paramater B is the provider context generated during provider +initialisation (see L). + +OP_cipher_freectx() is passed a pointer to the provider side cipher context in +the B parameter. +This function should free any resources associated with that context. + +OP_cipher_dupctx() should duplicate the provider side cipher context in the +B parameter and return the duplicate copy. + +=head2 Encryption/Decryption Functions + +OP_cipher_encrypt_init() initialises a cipher operation for encryption given a +newly created provider side cipher context in the B paramter. +The key to be used is given in B which is B bytes long. +The IV to be used is given in B which is B bytes long. + +OP_cipher_decrypt_init() is the same as OP_cipher_encrypt_init() except that it +initialises the context for a decryption operation. + +OP_cipher_update() is called to supply data to be encrypted/decrypted as part of +a previously initialised cipher operation. +The B parameter contains a pointer to a previously initialised provider +side context. +OP_cipher_update() should encrypt/decrypt B bytes of data at the location +pointed to by B. +The encrypted data should be stored in B and the amount of data written to +B<*outl> which should not exceed B bytes. +OP_cipher_update() may be called multiple times for a single cipher operation. +It is the responsibility of the cipher implementation to handle input lengths +that are not multiples of the block length. +In such cases a cipher implementation will typically cache partial blocks of +input data until a complete block is obtained. +B may be the same location as B but it should not partially overlap. +The same expectations apply to B as documented for +L and L. + +OP_cipher_final() completes an encryption or decryption started through previous +OP_cipher_encrypt_init() or OP_cipher_decrypt_init(), and OP_cipher_update() +calls. +The B parameter contains a pointer to the provider side context. +Any final encryption/decryption output should be written to B and the +amount of data written to B<*outl> which should not exceed B bytes. +The same expectations apply to B as documented for +L and L. + +OP_cipher_cipher() performs encryption/decryption using the provider side cipher +context in the B paramter that should have been previously initialised via +a call to OP_cipher_encrypt_init() or OP_cipher_decrypt_init. +This should call the raw underlying cipher function without any padding. +This will be invoked in the provider as a result of the application calling +L. +The application is responsible for ensuring that the input is a multiple of the +block length. +The data to be encrypted/decrypted will be in B, and it will be B bytes +in length. +The output from the encryption/decryption should be stored in B and the +amount of data stored should be put in B<*outl> which should be no more than +B bytes. + +=head2 Cipher Parameters + +See L for further details on the parameters structure used by +these functions. + +OP_cipher_get_params() gets details of parameter values associated with the +provider algorithm and stores them in B. + +OP_cipher_ctx_set_params() sets cipher parameters associated with the given +provider side cipher context B to B. +Any parameter settings are additional to any that were previously set. + +OP_cipher_ctx_get_params() gets details of currently set parameter values +associated with the given provider side cipher context B and stores them +in B. + +Parameters currently recognised by built-in ciphers are as follows. Not all +parameters are relevant to, or are understood by all ciphers: + +=over 4 + +=item B (int) + +Sets the padding mode for the associated cipher ctx. +Setting a value of 1 will turn padding on. +Setting a vlue of 0 will turn padding off. + +=item B (int) + +Gets the mode for the associated cipher algorithm. +See L for a list of valid modes. + +=item B (int) + +Gets the block size for the associated cipher algorithm. +The block size should be 1 for stream ciphers. +Note that the block size for a cipher may be different to the block size for +the underlying encryption/decryption primitive. +For example AES in CTR mode has a block size of 1 (because it operates like a +stream cipher), even though AES has a block size of 16. + +=item B (ulong) + +Gets any flags for the associated cipher algorithm. +See L for a list of currently defined cipher +flags. + +=item B (int) + +Gets the key length for the associated cipher algorithm. +This can also be used to get or set the key length for the associated cipher +ctx. + +=item B (int) + +Gets the IV length for the associated cipher algorithm. + +=item B (octet_string OR octet_ptr) + +Gets the IV for the associated cipher ctx. + +=item B (int) + +Gets or sets the cipher specific "num" parameter for the associated cipher ctx. +Built-in ciphers typically use this to track how much of the current underlying +block has been "used" already. + +=item B (octet_string) + +Gets or sets the AEAD tag for the associated cipher ctx. +See L. + +=item B (octet_string) + +=for comment TODO(3.0): Consider changing this interface so that all ciphers +use the standard AEAD interface - rather than having this special purpose +interface for TLS + +Sets TLSv1.2 AAD information for the associated cipher ctx. +TLSv1.2 AAD information is always 13 bytes in length and is as defined for the +"additional_data" field described in section 6.2.3.3 of RFC5246. + +=item B (size_t) + +Gets the length of the tag that will be added to a TLS record for the AEAD +tag for the associated cipher ctx. + +=item B (octet_string) + +=for comment TODO(3.0): This interface needs completely redesigning! + +Sets the fixed portion of an IV for an AEAD cipher used in a TLS record +encryption/ decryption for the associated cipher ctx. +TLS record encryption/decryption always occurs "in place" so that the input and +output buffers are always the same memory location. +AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part +that varies with every record. +Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records. +TLS records are encrypted/decrypted using a single OP_cipher_cipher call per +record. +For a record decryption the first bytes of the input buffer will be the explict +part of the IV and the final bytes of the input buffer will be the AEAD tag. +The length of the explicit part of the IV and the tag length will depend on the +cipher in use and will be defined in the RFC for the relevant ciphersuite. +In order to allow for "in place" decryption the plaintext output should be +written to the same location in the output buffer that the ciphertext payload +was read from, i.e. immediately after the explicit IV. + +When encrypting a record the first bytes of the input buffer will be empty to +allow space for the explicit IV, as will the final bytes where the tag will +be written. +The length of the input buffer will include the length of the explicit IV, the +payload, and the tag bytes. +The cipher implementation should generate the explicit IV and write it to the +beginning of the output buffer, do "in place" encryption of the payload and +write that to the output buffer, and finally add the tag onto the end of the +output buffer. + +Whether encrypting or decrypting the value written to B<*outl> in the +OP_cipher_cipher call should be the length of the payload excluding the explicit +IV length and the tag length. + +=item B (size_t) + +Sets the IV length to be used for an AEAD cipher for the associated cipher ctx. + +=back + +=head1 RETURN VALUES + +OP_cipher_newctx() and OP_cipher_dupctx() should return the newly created +provider side cipher context, or NULL on failure. + +OP_cipher_encrypt_init(), OP_cipher_decrypt_init(), OP_cipher_update(), +OP_cipher_final(), OP_cipher_cipher(), OP_cipher_get_params(), +OP_cipher_ctx_get_params() and OP_cipher_ctx_set_params() should return 1 for +success or 0 on error. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The provider CIPHER interface was introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut From levitte at openssl.org Tue Jul 30 12:34:54 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 30 Jul 2019 12:34:54 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1564490094.199670.9701.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via b15a19c148384e73338aa7c5b12652138e35ed28 (commit) from e32bc855a81a2d48d215c506bdeb4f598045f7e9 (commit) - Log ----------------------------------------------------------------- commit b15a19c148384e73338aa7c5b12652138e35ed28 Author: Richard Levitte Date: Sat Jul 27 08:40:46 2019 +0200 Makefile.shared: fix to allow strings and spaces in passed variables The previous change for mingw, which now defaults to OPENSSLDIR and ENGINESDIR definitions that include a space, a long standing issue was revealed again; our builds for Unix like environment were never very tolerant of spaces in these definitions, because the quotes were interpreted along the way. New analysis of Makefile.shared showed that our use of quotes in there wasn't quite right. A lot of double quotes could safely be replaced with single quotes, thus protecting the diverse values we pass down to this build file (remember that make variables are expanded before passing the command to the shell, unconditionally), reserving double quotes to the places where absolutely needed (to protect the expansion of shell variables to commands). CVE-2019-1552 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9469) ----------------------------------------------------------------------- Summary of changes: Makefile.shared | 116 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index 4f9550aaf1..f7d2ffccc3 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -98,20 +98,20 @@ top: LINK_APP= \ ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ - LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS) $(LDFLAGS)}"; \ + LIBDEPS=$${LIBDEPS:-'$(LIBDEPS)'}; \ + LDCMD=$${LDCMD:-'$(CC)'}; LDFLAGS=$${LDFLAGS:-'$(CFLAGS) $(LDFLAGS)'}; \ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} ) + eval "$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}" ) LINK_SO= \ ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ - SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBDEPS=$${LIBDEPS:-'$(LIBDEPS)'}; \ + SHAREDCMD=$${SHAREDCMD:-'$(CC)'}; \ + SHAREDFLAGS=$${SHAREDFLAGS:-'$(CFLAGS) $(SHARED_LDFLAGS)'}; \ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ @@ -119,23 +119,23 @@ LINK_SO= \ -o $(SHLIBNAME_FULL) \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ + eval "$${SHAREDCMD} $${SHAREDFLAGS} \ -o $(SHLIBNAME_FULL) \ - $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ + $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS" \ ) && $(SYMLINK_SO) SYMLINK_SO= \ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ - if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \ - "$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \ + if [ -n '$(SHLIBNAME_FULL)' -a -n '$(SHLIBNAME)' -a \ + '$(SHLIBNAME_FULL)' != '$(SHLIBNAME)' ]; then \ ( $(SET_X); \ rm -f $(SHLIBNAME); \ ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \ fi; \ fi -LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO) -LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO) +LINK_SO_SHLIB= SHOBJECTS='$(STLIBNAME) $(LIBEXTRAS)'; $(LINK_SO) +LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS='$(LIBEXTRAS)'; $(LINK_SO) LINK_SO_SHLIB_VIA_O= \ SHOBJECTS=$(STLIBNAME).o; \ @@ -147,21 +147,21 @@ LINK_SO_SHLIB_VIA_O= \ LINK_SO_SHLIB_UNPACKED= \ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ (cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \ - ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ + ([ -z '$(LIBEXTRAS)' ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ SHOBJECTS=$$UNPACKDIR/*.o; \ $(LINK_SO) && rm -rf $$UNPACKDIR DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null DO_GNU_SO_COMMON=\ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)" + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)' DO_GNU_DSO=\ $(DO_GNU_SO_COMMON) DO_GNU_SO=\ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ $(DO_GNU_SO_COMMON) -DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)" +DO_GNU_APP=LDFLAGS='$(CFLAGS) $(LDFLAGS)' #This is rather special. It's a special target with which one can link #applications without bothering with any features that have anything to @@ -186,21 +186,21 @@ link_shlib.linux-shared: link_dso.bsd: @if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \ - LIBDEPS=" "; \ + LIBDEPS=' '; \ ALLSYMSFLAGS=; \ NOALLSYMSFLAGS=; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib'; \ fi; $(LINK_SO_DSO) link_shlib.bsd: @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ - LIBDEPS=" "; \ - ALLSYMSFLAGS="-Wl,-Bforcearchive"; \ + LIBDEPS=' '; \ + ALLSYMSFLAGS='-Wl,-Bforcearchive'; \ NOALLSYMSFLAGS=; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib'; \ fi; $(LINK_SO_SHLIB) link_app.bsd: @if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ + LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \ fi; $(LINK_APP) # For Darwin AKA Mac OS/X (dyld) @@ -223,12 +223,12 @@ link_app.bsd: link_dso.darwin: @ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \ + SHAREDFLAGS='$(CFLAGS) '"`echo '$(SHARED_LDFLAGS)' | sed s/dynamiclib/bundle/`"; \ $(LINK_SO_DSO) link_shlib.darwin: @ ALLSYMSFLAGS='-all_load'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)'; \ $(LINK_SO_SHLIB) link_app.darwin: # is there run-path on darwin? $(LINK_APP) @@ -237,17 +237,17 @@ link_dso.cygwin: @ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ base=-Wl,--enable-auto-image-base; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS)'" -shared $$base -Wl,-Bsymbolic"; \ $(LINK_SO_DSO) link_shlib.cygwin: @ INHIBIT_SYMLINKS=yes; \ - echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \ - "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ + echo '$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |' \ + '$(RC) $(SHARED_RCFLAGS) -o rc.o'; \ $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \ $(RC) $(SHARED_RCFLAGS) -o rc.o; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o'; \ $(LINK_SO_SHLIB) || exit 1; \ rm rc.o link_app.cygwin: @@ -257,17 +257,17 @@ link_app.cygwin: # corresponding cygwin targets, as they do the exact same thing. link_shlib.mingw: @ INHIBIT_SYMLINKS=yes; \ - base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \ + base=; [ '$(LIBNAME)' = 'crypto' -a -n '$(FIPSCANLIB)' ] && base=-Wl,--image-base,0x63000000; \ $(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \ | sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \ > $(LIBNAME).def; \ - echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \ - "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ + echo '$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |' \ + '$(RC) $(SHARED_RCFLAGS) -o rc.o'; \ $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \ $(RC) $(SHARED_RCFLAGS) -o rc.o; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared '"$$base"' -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o'; \ $(LINK_SO_SHLIB) || exit 1; \ rm $(LIBNAME).def rc.o @@ -277,7 +277,7 @@ link_dso.alpha-osf1: else \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic'; \ fi; \ $(LINK_SO_DSO) link_shlib.alpha-osf1: @@ -286,14 +286,14 @@ link_shlib.alpha-osf1: else \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)'; \ fi; \ $(LINK_SO_SHLIB) link_app.alpha-osf1: @if $(DETECT_GNU_LD); then \ $(DO_GNU_APP); \ else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ + LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \ fi; \ $(LINK_APP) @@ -301,9 +301,9 @@ link_dso.solaris: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_DSO); \ else \ - ALLSYMSFLAGS=""; \ - NOALLSYMSFLAGS=""; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic'; \ fi; \ $(LINK_SO_DSO) link_shlib.solaris: @@ -311,16 +311,16 @@ link_shlib.solaris: $(DO_GNU_SO); \ else \ $(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \ - ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \ - NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \ + ALLSYMSFLAGS='-Wl,-z,allextract,-M,$(LIBNAME).map'; \ + NOALLSYMSFLAGS='-Wl,-z,defaultextract'; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic'; \ fi; \ $(LINK_SO_SHLIB) link_app.solaris: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_APP); \ else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ + LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \ fi; \ $(LINK_APP) @@ -331,7 +331,7 @@ link_dso.svr3: else \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \ + SHAREDFLAGS='$(CFLAGS) -G -h $(SHLIBNAME_FULL)'; \ fi; \ $(LINK_SO_DSO) link_shlib.svr3: @@ -340,7 +340,7 @@ link_shlib.svr3: else \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \ + SHAREDFLAGS='$(CFLAGS) -G -h $(SHLIBNAME_FULL)'; \ fi; \ $(LINK_SO_SHLIB_UNPACKED) link_app.svr3: @@ -356,7 +356,7 @@ link_dso.svr5: ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \ + SHAREDFLAGS='$(CFLAGS) '"$${SHARE_FLAG}"' -h $(SHLIBNAME_FULL)'; \ fi; \ $(LINK_SO_DSO) link_shlib.svr5: @@ -367,7 +367,7 @@ link_shlib.svr5: ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \ + SHAREDFLAGS='$(CFLAGS) '"$${SHARE_FLAG}"' -h $(SHLIBNAME_FULL)'; \ fi; \ $(LINK_SO_SHLIB_UNPACKED) link_app.svr5: @@ -378,24 +378,24 @@ link_dso.irix: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_DSO); \ else \ - ALLSYMSFLAGS=""; \ - NOALLSYMSFLAGS=""; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic'; \ fi; \ $(LINK_SO_DSO) link_shlib.irix: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_SO); \ else \ - MINUSWL=""; \ - ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ + MINUSWL=''; \ + ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL='-Wl,'; \ ALLSYMSFLAGS="$${MINUSWL}-all"; \ NOALLSYMSFLAGS="$${MINUSWL}-none"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic'; \ fi; \ $(LINK_SO_SHLIB) link_app.irix: - @LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ + @LDFLAGS='$(CFLAGS) $(LDFLAGS)'; \ $(LINK_APP) # 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so @@ -411,7 +411,7 @@ link_dso.hpux: ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:'; \ fi; \ rm -f $(SHLIBNAME_FULL) || :; \ $(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL) @@ -420,18 +420,18 @@ link_shlib.hpux: ALLSYMSFLAGS='-Wl,-Fl'; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:'; \ fi; \ rm -f $(SHLIBNAME_FULL) || :; \ $(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL) link_app.hpux: @if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \ + LDFLAGS='$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:'; \ fi; \ $(LINK_APP) link_dso.aix: - @OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \ + @OBJECT_MODE=`expr 'x$(SHARED_LDFLAGS)' : 'x\-[a-z]*\(64\)'` || :; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ @@ -439,7 +439,7 @@ link_dso.aix: rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \ $(LINK_SO_DSO); link_shlib.aix: - @ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \ + @ OBJECT_MODE=`expr 'x$(SHARED_LDFLAGS)' : 'x\-[a-z]*\(64\)'` || : ; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ @@ -447,7 +447,7 @@ link_shlib.aix: rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \ $(LINK_SO_SHLIB_VIA_O) link_app.aix: - LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \ + LDFLAGS='$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)'; \ $(LINK_APP) From builds at travis-ci.org Tue Jul 30 12:55:36 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Jul 2019 12:55:36 +0000 Subject: Fixed: openssl/openssl#26960 (OpenSSL_1_1_0-stable - b15a19c) In-Reply-To: Message-ID: <5d403e488d6fe_43fe284f42b0c1426e8@f6fd74f7-68b2-4276-9229-2d87133c6a63.mail> Build Update for openssl/openssl ------------------------------------- Build: #26960 Status: Fixed Duration: 16 mins and 27 secs Commit: b15a19c (OpenSSL_1_1_0-stable) Author: Richard Levitte Message: Makefile.shared: fix to allow strings and spaces in passed variables The previous change for mingw, which now defaults to OPENSSLDIR and ENGINESDIR definitions that include a space, a long standing issue was revealed again; our builds for Unix like environment were never very tolerant of spaces in these definitions, because the quotes were interpreted along the way. New analysis of Makefile.shared showed that our use of quotes in there wasn't quite right. A lot of double quotes could safely be replaced with single quotes, thus protecting the diverse values we pass down to this build file (remember that make variables are expanded before passing the command to the shell, unconditionally), reserving double quotes to the places where absolutely needed (to protect the expansion of shell variables to commands). CVE-2019-1552 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9469) View the changeset: https://github.com/openssl/openssl/compare/e32bc855a81a...b15a19c14838 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565469821?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 30 13:07:55 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Jul 2019 13:07:55 +0000 Subject: Still Failing: openssl/openssl#26961 (master - 11dbdc0) In-Reply-To: Message-ID: <5d40412b5c940_43fbfb036c824175929@541aa2a3-5feb-4bb5-b18c-67958fedcacd.mail> Build Update for openssl/openssl ------------------------------------- Build: #26961 Status: Still Failing Duration: 28 mins and 48 secs Commit: 11dbdc0 (master) Author: Matt Caswell Message: Document the provider CIPHER operation Extends the existing provider documentation with information about the CIPHER operation. This is primarily for provider authors. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9473) View the changeset: https://github.com/openssl/openssl/compare/e9a5932d04f6...11dbdc0714b1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565469847?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 30 14:02:42 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 30 Jul 2019 14:02:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1564495362.984715.22543.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: e9a5932d04 Add weak platform independent PRNG to test framework. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1574, 239 wallclock secs ( 1.68 usr 0.44 sys + 229.45 cusr 20.39 csys = 251.96 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Tue Jul 30 14:20:27 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 30 Jul 2019 14:20:27 +0000 Subject: [web] master update Message-ID: <1564496427.197986.11598.nullmailer@dev.openssl.org> The branch master has been updated via e6ce68d75408edac4a22e85dc3af43444bc7fefc (commit) from e784301605e11bb68c60d0f8c8e0c0ce5520eb17 (commit) - Log ----------------------------------------------------------------- commit e6ce68d75408edac4a22e85dc3af43444bc7fefc Author: Richard Levitte Date: Tue Jul 30 15:20:38 2019 +0200 CVE-2019-1552 security advisory Reviewed-by: Mark J. Cox Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/134) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + news/secadv/20190730.txt | 68 +++++++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 83 +++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 151 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20190730.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 7a47756..491bee5 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +30-Jul-2019: Security Advisory: one low severity fix in Windows builds 28-May-2019: OpenSSL 1.1.1c is now available, including bug and security fixes 28-May-2019: OpenSSL 1.1.0k is now available, including bug and security fixes 28-May-2019: OpenSSL 1.0.2s is now available, including bug fixes diff --git a/news/secadv/20190730.txt b/news/secadv/20190730.txt new file mode 100644 index 0000000..0714a04 --- /dev/null +++ b/news/secadv/20190730.txt @@ -0,0 +1,68 @@ +OpenSSL Security Advisory [30 July 2019] +======================================== + +Windows builds with insecure path defaults (CVE-2019-1552) +========================================================== + +Severity: Low + +OpenSSL has internal defaults for a directory tree where it can find a +configuration file as well as certificates used for verification in +TLS. This directory is most commonly referred to as OPENSSLDIR, and +is configurable with the --prefix / --openssldir configuration options. + +For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets +assume that resulting programs and libraries are installed in a +Unix-like environment and the default prefix for program installation +as well as for OPENSSLDIR should be '/usr/local'. + +However, mingw programs are Windows programs, and as such, find +themselves looking at sub-directories of 'C:/usr/local', which may be +world writable, which enables untrusted users to modify OpenSSL's +default configuration, insert CA certificates, modify (or even +replace) existing engine modules, etc. + +For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR +on all Unix and Windows targets, including Visual C builds. However, +some build instructions for the diverse Windows targets on 1.0.2 +encourage you to specify your own --prefix. + +OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. +Due to the limited scope of affected deployments this has been +assessed as low severity and therefore we are not creating new +releases at this time. + +The mitigations are found in these commits: +- For 1.1.1, commit 54aa9d51b09d67e90db443f682cface795f5af9e +- For 1.1.0, commit e32bc855a81a2d48d215c506bdeb4f598045f7e9 and + b15a19c148384e73338aa7c5b12652138e35ed28 +- For 1.0.2, commit d333ebaf9c77332754a9d5e111e2f53e1de54fdd + +The 1.1.1 and 1.1.0 mitigation set more appropriate defaults for +mingw, while the 1.0.2 mitigation documents the issue and provides +enhanced examples. + +This issue was reported by Rich Mirth. The fix was developed by +Richard Levitte from the OpenSSL development team. It was reported to +OpenSSL on 9th Jun 2019. + +Note +===== + +OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. +Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 +will end on 11th September 2019. Users of these versions should +upgrade to OpenSSL 1.1.1. + + +Referenses +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20190730.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index f9949ce..e66f6d8 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,88 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Insecure defaults + Windows builds with insecure path defaults + + OpenSSL has internal defaults for a directory tree where it can find a + configuration file as well as certificates used for verification in + TLS. This directory is most commonly referred to as OPENSSLDIR, and + is configurable with the --prefix / --openssldir configuration options. + + For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets + assume that resulting programs and libraries are installed in a + Unix-like environment and the default prefix for program installation + as well as for OPENSSLDIR should be '/usr/local'. + + However, mingw programs are Windows programs, and as such, find + themselves looking at sub-directories of 'C:/usr/local', which may be + world writable, which enables untrusted users to modify OpenSSL's + default configuration, insert CA certificates, modify (or even + replace) existing engine modules, etc. + + For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR + on all Unix and Windows targets, including Visual C builds. However, + some build instructions for the diverse Windows targets on 1.0.2 + encourage you to specify your own --prefix. + + OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. + Due to the limited scope of affected deployments this has been + assessed as low severity and therefore we are not creating new + releases at this time. + + + + From openssl at openssl.org Tue Jul 30 14:54:01 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 30 Jul 2019 14:54:01 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1564498441.228009.15486.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: e9a5932d04 Add weak platform independent PRNG to test framework. Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1574, 235 wallclock secs ( 1.80 usr 0.41 sys + 227.89 cusr 20.53 csys = 250.63 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Tue Jul 30 18:38:11 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 30 Jul 2019 18:38:11 +0000 Subject: [openssl] master update Message-ID: <1564511891.616367.20203.nullmailer@dev.openssl.org> The branch master has been updated via 62cc845fc955c8d4de7b703f57bfd8e5854f00f4 (commit) from 11dbdc0714b117fcac4af59d61184b0770fcee7e (commit) - Log ----------------------------------------------------------------- commit 62cc845fc955c8d4de7b703f57bfd8e5854f00f4 Author: Bernd Edlinger Date: Mon Jul 29 11:39:34 2019 +0200 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c This avoids a spurious gcc warning: ./config enable-asan --strict-warnings => In function 'afalg_create_sk', inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11: engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation] 376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); | ^~~~~~~ [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9478) ----------------------------------------------------------------------- Summary of changes: engines/e_afalg.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/engines/e_afalg.c b/engines/e_afalg.c index c3f622e752..dacbe358cb 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -63,9 +63,6 @@ void engine_load_afalg_int(void) # define ALG_OP_TYPE unsigned int # define ALG_OP_LEN (sizeof(ALG_OP_TYPE)) -#define ALG_MAX_SALG_NAME 64 -#define ALG_MAX_SALG_TYPE 14 - # ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_afalg_int(void); # endif @@ -371,10 +368,8 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, memset(&sa, 0, sizeof(sa)); sa.salg_family = AF_ALG; - strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE); - sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0'; - strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); - sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0'; + OPENSSL_strlcpy((char *) sa.salg_type, ciphertype, sizeof(sa.salg_type)); + OPENSSL_strlcpy((char *) sa.salg_name, ciphername, sizeof(sa.salg_name)); actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (actx->bfd == -1) { @@ -503,7 +498,7 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ciphertype; int ret; afalg_ctx *actx; - char ciphername[ALG_MAX_SALG_NAME]; + const char *ciphername; if (ctx == NULL || key == NULL) { ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__); @@ -526,14 +521,13 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, case NID_aes_128_cbc: case NID_aes_192_cbc: case NID_aes_256_cbc: - strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME); + ciphername = "cbc(aes)"; break; default: ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__, ciphertype); return 0; } - ciphername[ALG_MAX_SALG_NAME-1]='\0'; if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, From bernd.edlinger at hotmail.de Tue Jul 30 18:38:58 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 30 Jul 2019 18:38:58 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564511938.590597.21166.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 74f4cc0276b8fe003c036544219a0371266fc32c (commit) from 7de305510a07729be3cc80a0fb10561732ee4f31 (commit) - Log ----------------------------------------------------------------- commit 74f4cc0276b8fe003c036544219a0371266fc32c Author: Bernd Edlinger Date: Mon Jul 29 11:39:34 2019 +0200 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c This avoids a spurious gcc warning: ./config enable-asan --strict-warnings => In function 'afalg_create_sk', inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11: engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation] 376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); | ^~~~~~~ [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9478) (cherry picked from commit 62cc845fc955c8d4de7b703f57bfd8e5854f00f4) ----------------------------------------------------------------------- Summary of changes: engines/e_afalg.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/engines/e_afalg.c b/engines/e_afalg.c index f09c396ed9..ae9fee807a 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -63,9 +63,6 @@ void engine_load_afalg_int(void) # define ALG_OP_TYPE unsigned int # define ALG_OP_LEN (sizeof(ALG_OP_TYPE)) -#define ALG_MAX_SALG_NAME 64 -#define ALG_MAX_SALG_TYPE 14 - # ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_afalg_int(void); # endif @@ -371,10 +368,8 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, memset(&sa, 0, sizeof(sa)); sa.salg_family = AF_ALG; - strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE); - sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0'; - strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); - sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0'; + OPENSSL_strlcpy((char *) sa.salg_type, ciphertype, sizeof(sa.salg_type)); + OPENSSL_strlcpy((char *) sa.salg_name, ciphername, sizeof(sa.salg_name)); actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (actx->bfd == -1) { @@ -502,7 +497,7 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ciphertype; int ret; afalg_ctx *actx; - char ciphername[ALG_MAX_SALG_NAME]; + const char *ciphername; if (ctx == NULL || key == NULL) { ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__); @@ -525,14 +520,13 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, case NID_aes_128_cbc: case NID_aes_192_cbc: case NID_aes_256_cbc: - strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME); + ciphername = "cbc(aes)"; break; default: ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__, ciphertype); return 0; } - ciphername[ALG_MAX_SALG_NAME-1]='\0'; if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, From bernd.edlinger at hotmail.de Tue Jul 30 18:42:51 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 30 Jul 2019 18:42:51 +0000 Subject: [openssl] master update Message-ID: <1564512171.299282.22921.nullmailer@dev.openssl.org> The branch master has been updated via 35f6fe7ac4fbde98d4fd6af968dfe320011bbe1e (commit) from 62cc845fc955c8d4de7b703f57bfd8e5854f00f4 (commit) - Log ----------------------------------------------------------------- commit 35f6fe7ac4fbde98d4fd6af968dfe320011bbe1e Author: Bernd Edlinger Date: Mon Jul 29 12:26:06 2019 +0200 Fix BIO_printf format warnings [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9479) ----------------------------------------------------------------------- Summary of changes: crypto/x509/pcy_tree.c | 2 +- ssl/record/ssl3_record.c | 2 +- test/sparse_array_test.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c index 0c5887c25a..5d4c6bd839 100644 --- a/crypto/x509/pcy_tree.c +++ b/crypto/x509/pcy_tree.c @@ -49,7 +49,7 @@ static void tree_print(BIO *channel, curr++; BIO_printf(channel, "Level print after %s\n", str); - BIO_printf(channel, "Printing Up to Level %ld\n", + BIO_printf(channel, "Printing Up to Level %zd\n", curr - tree->levels); for (plev = tree->levels; plev != curr; plev++) { int i; diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index d32516e26d..c5614dc08e 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1703,7 +1703,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) return 0; } OSSL_TRACE_BEGIN(TLS) { - BIO_printf(trc_out, "dec %ld\n", rr->length); + BIO_printf(trc_out, "dec %zd\n", rr->length); BIO_dump_indent(trc_out, rr->data, rr->length, 4); } OSSL_TRACE_END(TLS); diff --git a/test/sparse_array_test.c b/test/sparse_array_test.c index 3457a7775f..5cc8038f7f 100644 --- a/test/sparse_array_test.c +++ b/test/sparse_array_test.c @@ -122,7 +122,7 @@ static void leaf_check_all(ossl_uintmax_t n, char *value, void *arg) doall_data->res = 1; return; } - TEST_error("Index %zu with value %s not found", n, value); + TEST_error("Index %ju with value %s not found", n, value); } static void leaf_delete(ossl_uintmax_t n, char *value, void *arg) @@ -138,7 +138,7 @@ static void leaf_delete(ossl_uintmax_t n, char *value, void *arg) ossl_sa_char_set(doall_data->sa, n, NULL); return; } - TEST_error("Index %zu with value %s not found", n, value); + TEST_error("Index %ju with value %s not found", n, value); } static int test_sparse_array_doall(void) From builds at travis-ci.org Tue Jul 30 18:58:30 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Jul 2019 18:58:30 +0000 Subject: Still Failing: openssl/openssl#26966 (master - 62cc845) In-Reply-To: Message-ID: <5d4093562573e_43fb941f7f7e44719e1@8895583e-d1bd-4800-918c-428d5ff9b4ee.mail> Build Update for openssl/openssl ------------------------------------- Build: #26966 Status: Still Failing Duration: 28 mins and 38 secs Commit: 62cc845 (master) Author: Bernd Edlinger Message: Use OPENSSL_strlcpy instead of strncpy in e_afalg.c This avoids a spurious gcc warning: ./config enable-asan --strict-warnings => In function 'afalg_create_sk', inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11: engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation] 376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); | ^~~~~~~ [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9478) View the changeset: https://github.com/openssl/openssl/compare/11dbdc0714b1...62cc845fc955 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565623738?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 30 19:23:10 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Jul 2019 19:23:10 +0000 Subject: Still Failing: openssl/openssl#26967 (OpenSSL_1_1_1-stable - 74f4cc0) In-Reply-To: Message-ID: <5d40991dd40af_43fd4a5e790142622db@6cd38288-3931-4676-9ae7-3c4ab87c5abb.mail> Build Update for openssl/openssl ------------------------------------- Build: #26967 Status: Still Failing Duration: 38 mins and 10 secs Commit: 74f4cc0 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Use OPENSSL_strlcpy instead of strncpy in e_afalg.c This avoids a spurious gcc warning: ./config enable-asan --strict-warnings => In function 'afalg_create_sk', inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11: engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation] 376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); | ^~~~~~~ [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9478) (cherry picked from commit 62cc845fc955c8d4de7b703f57bfd8e5854f00f4) View the changeset: https://github.com/openssl/openssl/compare/7de305510a07...74f4cc0276b8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565624093?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jul 30 19:25:00 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Jul 2019 19:25:00 +0000 Subject: Still Failing: openssl/openssl#26968 (master - 35f6fe7) In-Reply-To: Message-ID: <5d40998bd3eb6_43fb9024643802175f8@1a58fdf4-5ae4-4f71-80c6-848da9748d5c.mail> Build Update for openssl/openssl ------------------------------------- Build: #26968 Status: Still Failing Duration: 28 mins and 44 secs Commit: 35f6fe7 (master) Author: Bernd Edlinger Message: Fix BIO_printf format warnings [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9479) View the changeset: https://github.com/openssl/openssl/compare/62cc845fc955...35f6fe7ac4fb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565625448?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 30 20:33:23 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 30 Jul 2019 20:33:23 +0000 Subject: Build failed: openssl master.26393 Message-ID: <20190730203323.1.719B3D17AD19D0EC@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 30 21:55:17 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 30 Jul 2019 21:55:17 +0000 Subject: Build completed: openssl master.26394 Message-ID: <20190730215517.1.3380453A4B49FDAB@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jul 30 22:48:10 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 30 Jul 2019 22:48:10 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1564526890.933659.15386.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 35f6fe7ac4 Fix BIO_printf format warnings 62cc845fc9 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c 11dbdc0714 Document the provider CIPHER operation d753cc333d Fix coverity 1452084 Fix coverity 1452083 10f8b36874 ERR: re-use the err_data field when possible Build log ended with (last 100 lines): ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/209 subtests ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/11 subtests Test Summary Report ------------------- ../../openssl/test/recipes/90-test_store.t (Wstat: 512 Tests: 209 Failed: 2) Failed tests: 43, 51 Non-zero exit status: 2 ../../openssl/test/recipes/99-test_fuzz.t (Wstat: 256 Tests: 11 Failed: 1) Failed test: 6 Non-zero exit status: 1 Files=174, Tests=1459, 585 wallclock secs ( 1.08 usr 0.37 sys + 514.18 cusr 68.41 csys = 584.04 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jul 31 02:37:41 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 31 Jul 2019 02:37:41 +0000 Subject: Build failed: openssl master.26396 Message-ID: <20190731023741.1.27BA2BC284404A65@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 31 02:38:08 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 31 Jul 2019 02:38:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128 Message-ID: <1564540688.631785.21833.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 35f6fe7ac4 Fix BIO_printf format warnings 62cc845fc9 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c 11dbdc0714 Document the provider CIPHER operation d753cc333d Fix coverity 1452084 Fix coverity 1452083 10f8b36874 ERR: re-use the err_data field when possible Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1) Failed test: 2 Non-zero exit status: 1 Files=174, Tests=1659, 272 wallclock secs ( 3.00 usr 0.48 sys + 257.60 cusr 23.89 csys = 284.97 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ec_nistp_64_gcc_128' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Wed Jul 31 04:46:34 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 31 Jul 2019 04:46:34 +0000 Subject: [openssl] master update Message-ID: <1564548394.195820.7108.nullmailer@dev.openssl.org> The branch master has been updated via c3612970465d0a13f2fc5b47bc28ca18516a699d (commit) via 036913b1076da41f257c640a5e6230476c647eff (commit) via 49c6434673ca5e9413062851979cf6ed126c9f1c (commit) via add8c8e9647a71cc755dea22490e2075e342624b (commit) via ed57f7f93508776b898e4c23b65d67f3479edaf1 (commit) via 7c0e20dc6f11aa506abc99ccc90b3a39c48c3052 (commit) via 8a4dc425cc73040c55bc01d89c5541e37dab939a (commit) via e039ca38c8d77f1e2f182123727c884aaf2d683d (commit) from 35f6fe7ac4fbde98d4fd6af968dfe320011bbe1e (commit) - Log ----------------------------------------------------------------- commit c3612970465d0a13f2fc5b47bc28ca18516a699d Author: Richard Levitte Date: Wed Jul 24 16:55:32 2019 +0200 Avoid using ERR_put_error() directly in OpenSSL code If compiled with 'no-deprecated', ERR_put_error() is undefined. We had one spot where we were using it directly, because the file and line information was passed from elsewhere. Fortunately, it's possible to use ERR_raise() for that situation, and call ERR_set_debug() immediately after and thereby override the information that ERR_raise() stored in the error record. util/mkerr.pl needed a small adjustment to not generate code that won't compile in a 'no-deprecated' configuration. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) commit 036913b1076da41f257c640a5e6230476c647eff Author: Richard Levitte Date: Wed Jul 24 14:00:39 2019 +0200 Adapt the FIPS provider to use the new core error functions Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) commit 49c6434673ca5e9413062851979cf6ed126c9f1c Author: Richard Levitte Date: Wed Jul 24 13:37:42 2019 +0200 Refactor provider support for reporting errors The core now supplies its own versions of ERR_new(), ERR_set_debug() and ERR_vset_error(). This should suffice for a provider to have any OpenSSL compatible functionlity it desires. The main difference between the ERR functions and the core counterparts is that the core counterparts take an OSSL_PROVIDER parameter instead of the library number. That way, providers do not need to know what number they have been assigned, that information stays in the core. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) commit add8c8e9647a71cc755dea22490e2075e342624b Author: Richard Levitte Date: Wed Jul 24 13:25:56 2019 +0200 ERR: Remove ERR_put_func_error() and reimplement ERR_put_error() as a macro Also, deprecate ERR_put_error() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) commit ed57f7f93508776b898e4c23b65d67f3479edaf1 Author: Richard Levitte Date: Wed Jul 24 13:13:52 2019 +0200 ERR: Implement the macros ERR_raise() and ERR_raise_data() and use them The ERR_raise() macro uses a trick in C. The following is permitted: #include void first(void) { printf("Hello! "); } void foo(const char *bar) { printf("%s", bar); } int main() { /* This */ (first(),foo)("cookie"); } ERR_raise_data() can be used to implement FUNCerr() as well, which takes away the need for the special function ERR_put_func_error(). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) commit 7c0e20dc6f11aa506abc99ccc90b3a39c48c3052 Author: Richard Levitte Date: Wed Jul 24 13:03:32 2019 +0200 ERR: Add new building blocks for reporting errors The new building block are ERR_new(), ERR_set_debug(), ERR_set_error(), ERR_vset_error(), which allocate a new error record and set the diverse data in them. They are designed in such a way that it's reasonably easy to create macros that use all of them but then rely completely on the function signature of ERR_set_error() or ERR_vset_error(). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) commit 8a4dc425cc73040c55bc01d89c5541e37dab939a Author: Richard Levitte Date: Wed Jul 24 12:56:58 2019 +0200 ERR: refactor useful inner macros to err_locl.h. Add function name field The useful inner macros are now static inline functions. That will make them easier to debug in the future. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) commit e039ca38c8d77f1e2f182123727c884aaf2d683d Author: Richard Levitte Date: Wed Jul 24 12:53:36 2019 +0200 Move some macros from include/openssl/opensslconf.h.in, add OPENSSL_FUNC New header file, include/openssl/macros.h, which contains diverse useful macros that we use elsewhere. We also add the new macro OPENSSL_FUNC, which is an alias for __FUNC__, __FUNCTION__, __FUNCSIG or __func__, depending on what the compiler supports. In the worst case, it's an alias for the string "(unknown function)". Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) ----------------------------------------------------------------------- Summary of changes: crypto/err/build.info | 2 +- crypto/err/err.c | 83 +----------------- crypto/err/err_blocks.c | 113 ++++++++++++++++++++++++ crypto/err/err_locl.h | 68 ++++++++++++++ crypto/property/property_parse.c | 53 +++++------ crypto/provider_core.c | 72 +++++++++------ doc/man3/ERR_new.pod | 78 +++++++++++++++++ doc/man3/ERR_put_error.pod | 40 ++++++--- doc/man7/provider-base.pod | 58 ++++++++---- engines/e_afalg_err.c | 3 +- engines/e_capi_err.c | 3 +- engines/e_dasync_err.c | 3 +- engines/e_ossltest_err.c | 3 +- include/openssl/core_numbers.h | 20 +++-- include/openssl/err.h | 114 ++++++++++++++---------- include/openssl/{opensslconf.h.in => macros.h} | 74 ++++------------ include/openssl/opensslconf.h.in | 117 +------------------------ providers/fips/fipsprov.c | 41 +++++---- ssl/statem/statem.c | 3 +- test/errtest.c | 8 +- util/libcrypto.num | 8 +- util/mkerr.pl | 3 +- util/private.num | 3 + 23 files changed, 543 insertions(+), 427 deletions(-) create mode 100644 crypto/err/err_blocks.c create mode 100644 crypto/err/err_locl.h create mode 100644 doc/man3/ERR_new.pod copy include/openssl/{opensslconf.h.in => macros.h} (70%) diff --git a/crypto/err/build.info b/crypto/err/build.info index 6163d95b74..c010ea4cb9 100644 --- a/crypto/err/build.info +++ b/crypto/err/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - err.c err_all.c err_prn.c + err_blocks.c err.c err_all.c err_prn.c diff --git a/crypto/err/err.c b/crypto/err/err.c index 7a35512f87..f129c1c7d6 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -22,6 +22,7 @@ #include "internal/ctype.h" #include "internal/constant_time_locl.h" #include "e_os.h" +#include "err_locl.h" static int err_load_strings(const ERR_STRING_DATA *str); @@ -235,40 +236,6 @@ static void build_SYS_str_reasons(void) } #endif -#define err_get_slot(p) \ - do { \ - (p)->top = ((p)->top + 1) % ERR_NUM_ERRORS; \ - if ((p)->top == (p)->bottom) \ - (p)->bottom = ((p)->bottom + 1) % ERR_NUM_ERRORS; \ - } while (0) - -#define err_clear_data(p, i, deall) \ - do { \ - if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) { \ - if (deall) { \ - OPENSSL_free((p)->err_data[i]); \ - (p)->err_data[i] = NULL; \ - (p)->err_data_size[i] = 0; \ - (p)->err_data_flags[i] = 0; \ - } else if ((p)->err_data[i] != NULL) { \ - (p)->err_data[i][0] = '\0'; \ - } \ - } else { \ - (p)->err_data[i] = NULL; \ - (p)->err_data_size[i] = 0; \ - (p)->err_data_flags[i] = 0; \ - } \ - } while (0) - -#define err_clear(p, i, deall) \ - do { \ - err_clear_data((p), (i), (deall)); \ - (p)->err_flags[i] = 0; \ - (p)->err_buffer[i] = 0; \ - (p)->err_file[i] = NULL; \ - (p)->err_line[i] = -1; \ - } while (0) - static void ERR_STATE_free(ERR_STATE *s) { int i; @@ -388,47 +355,6 @@ void err_free_strings_int(void) /********************************************************/ -void ERR_put_func_error(int lib, const char *func, int reason, - const char *file, int line) -{ - ERR_put_error(lib, 0, reason, file, line); - ERR_add_error_data(2, "calling function ", func); -} - -void ERR_put_error(int lib, int func, int reason, const char *file, int line) -{ - ERR_STATE *es; - -#ifdef _OSD_POSIX - /* - * In the BS2000-OSD POSIX subsystem, the compiler generates path names - * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to - * something sensible. @@@ We shouldn't modify a const string, though. - */ - if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) { - char *end; - - /* Skip the "*POSIX(" prefix */ - file += sizeof("*POSIX(") - 1; - end = &file[strlen(file) - 1]; - if (*end == ')') - *end = '\0'; - /* Optional: use the basename of the path only. */ - if ((end = strrchr(file, '/')) != NULL) - file = &end[1]; - } -#endif - es = ERR_get_state(); - if (es == NULL) - return; - - err_get_slot(es); - err_clear(es, es->top, 0); - es->err_buffer[es->top] = ERR_PACK(lib, func, reason); - es->err_file[es->top] = file; - es->err_line[es->top] = line; -} - void ERR_clear_error(void) { int i; @@ -789,18 +715,13 @@ static int err_set_error_data_int(char *data, size_t size, int flags, int deallocate) { ERR_STATE *es; - int i; es = ERR_get_state(); if (es == NULL) return 0; - i = es->top; - err_clear_data(es, es->top, deallocate); - es->err_data[i] = data; - es->err_data_size[i] = size; - es->err_data_flags[i] = flags; + err_set_data(es, es->top, data, size, flags); return 1; } diff --git a/crypto/err/err_blocks.c b/crypto/err/err_blocks.c new file mode 100644 index 0000000000..49086bd0c2 --- /dev/null +++ b/crypto/err/err_blocks.c @@ -0,0 +1,113 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "err_locl.h" + +void ERR_new(void) +{ + ERR_STATE *es; + + es = ERR_get_state(); + if (es == NULL) + return; + + /* Allocate a slot */ + err_get_slot(es); + err_clear(es, es->top, 0); +} + +void ERR_set_debug(const char *file, int line, const char *func) +{ + ERR_STATE *es; + + es = ERR_get_state(); + if (es == NULL) + return; + + err_set_debug(es, es->top, file, line, func); +} + +void ERR_set_error(int lib, int reason, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + ERR_vset_error(lib, reason, fmt, args); + va_end(args); +} + +void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) +{ + ERR_STATE *es; + char *buf = NULL; + size_t buf_size = 0; + unsigned long flags = 0; + size_t i; + + es = ERR_get_state(); + if (es == NULL) + return; + i = es->top; + + if (fmt != NULL) { + int printed_len = 0; + char *rbuf = NULL; + + buf = es->err_data[i]; + buf_size = es->err_data_size[i]; + + /* + * To protect the string we just grabbed from tampering by other + * functions we may call, or to protect them from freeing a pointer + * that may no longer be valid at that point, we clear away the + * data pointer and the flags. We will set them again at the end + * of this function. + */ + es->err_data[i] = NULL; + es->err_data_flags[i] = 0; + + /* + * Try to maximize the space available. If that fails, we use what + * we have. + */ + if (buf_size < ERR_MAX_DATA_SIZE + && (rbuf = OPENSSL_realloc(buf, ERR_MAX_DATA_SIZE)) != NULL) { + buf = rbuf; + buf_size = ERR_MAX_DATA_SIZE; + } + + if (buf != NULL) { + printed_len = BIO_vsnprintf(buf, ERR_MAX_DATA_SIZE, fmt, args); + } + if (printed_len < 0) + printed_len = 0; + buf[printed_len] = '\0'; + + /* + * Try to reduce the size, but only if we maximized above. If that + * fails, we keep what we have. + * (According to documentation, realloc leaves the old buffer untouched + * if it fails) + */ + if ((rbuf = OPENSSL_realloc(buf, printed_len + 1)) != NULL) { + buf = rbuf; + buf_size = printed_len + 1; + } + + if (buf != NULL) + flags = ERR_TXT_MALLOCED | ERR_TXT_STRING; + } + + err_clear_data(es, es->top, 0); + err_set_error(es, es->top, lib, reason); + if (fmt != NULL) + err_set_data(es, es->top, buf, buf_size, flags); +} diff --git a/crypto/err/err_locl.h b/crypto/err/err_locl.h new file mode 100644 index 0000000000..d45a00e746 --- /dev/null +++ b/crypto/err/err_locl.h @@ -0,0 +1,68 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +static ossl_inline void err_get_slot(ERR_STATE *es) +{ + es->top = (es->top + 1) % ERR_NUM_ERRORS; + if (es->top == es->bottom) + es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS; +} + +static ossl_inline void err_clear_data(ERR_STATE *es, size_t i, int deall) +{ + if (es->err_data_flags[i] & ERR_TXT_MALLOCED) { + if (deall) { + OPENSSL_free(es->err_data[i]); + es->err_data[i] = NULL; + es->err_data_size[i] = 0; + es->err_data_flags[i] = 0; + } else if (es->err_data[i] != NULL) { + es->err_data[i][0] = '\0'; + } + } else { + es->err_data[i] = NULL; + es->err_data_size[i] = 0; + es->err_data_flags[i] = 0; + } +} + +static ossl_inline void err_set_error(ERR_STATE *es, size_t i, + int lib, int reason) +{ + es->err_buffer[i] = ERR_PACK(lib, 0, reason); +} + +static ossl_inline void err_set_debug(ERR_STATE *es, size_t i, + const char *file, int line, + const char *fn) +{ + es->err_file[i] = file; + es->err_line[i] = line; + es->err_func[i] = fn; +} + +static ossl_inline void err_set_data(ERR_STATE *es, size_t i, + void *data, size_t datasz, int flags) +{ + es->err_data[i] = data; + es->err_data_size[i] = datasz; + es->err_data_flags[i] = flags; +} + +static ossl_inline void err_clear(ERR_STATE *es, size_t i, int deall) +{ + err_clear_data(es, i, (deall)); + es->err_flags[i] = 0; + es->err_buffer[i] = 0; + es->err_file[i] = NULL; + es->err_line[i] = -1; +} diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 0b4dcfc8aa..c17b0ddefc 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -91,8 +91,8 @@ static int parse_name(OPENSSL_CTX *ctx, const char *t[], int create, for (;;) { if (!ossl_isalpha(*s)) { - PROPerr(PROP_F_PARSE_NAME, PROP_R_NOT_AN_IDENTIFIER); - ERR_add_error_data(2, "HERE-->", *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_IDENTIFIER, + "HERE-->%s", *t); return 0; } do { @@ -112,8 +112,7 @@ static int parse_name(OPENSSL_CTX *ctx, const char *t[], int create, } name[i] = '\0'; if (err) { - PROPerr(PROP_F_PARSE_NAME, PROP_R_NAME_TOO_LONG); - ERR_add_error_data(2, "HERE-->", *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NAME_TOO_LONG, "HERE-->%s", *t); return 0; } *t = skip_space(s); @@ -132,8 +131,8 @@ static int parse_number(const char *t[], PROPERTY_DEFINITION *res) v = v * 10 + (*s++ - '0'); } while (ossl_isdigit(*s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - PROPerr(PROP_F_PARSE_NUMBER, PROP_R_NOT_A_DECIMAL_DIGIT); - ERR_add_error_data(2, "HERE-->", *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT, + "HERE-->%s", *t); return 0; } *t = skip_space(s); @@ -157,8 +156,8 @@ static int parse_hex(const char *t[], PROPERTY_DEFINITION *res) v += ossl_tolower(*s) - 'a'; } while (ossl_isxdigit(*++s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - PROPerr(PROP_F_PARSE_HEX, PROP_R_NOT_AN_HEXADECIMAL_DIGIT); - ERR_add_error_data(2, "HERE-->", *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, + "HERE-->%s", *t); return 0; } *t = skip_space(s); @@ -178,8 +177,8 @@ static int parse_oct(const char *t[], PROPERTY_DEFINITION *res) v = (v << 3) + (*s - '0'); } while (ossl_isdigit(*++s) && *s != '9' && *s != '8'); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - PROPerr(PROP_F_PARSE_OCT, PROP_R_NOT_AN_OCTAL_DIGIT); - ERR_add_error_data(2, "HERE-->", *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT, + "HERE-->%s", *t); return 0; } *t = skip_space(s); @@ -204,18 +203,13 @@ static int parse_string(OPENSSL_CTX *ctx, const char *t[], char delim, s++; } if (*s == '\0') { - char buf[2] = { 0, 0 }; - - PROPerr(PROP_F_PARSE_STRING, - PROP_R_NO_MATCHING_STRING_DELIMETER); - buf[0] = delim; - ERR_add_error_data(3, "HERE-->", buf, *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_MATCHING_STRING_DELIMETER, + "HERE-->%c%s", delim, *t); return 0; } v[i] = '\0'; if (err) { - PROPerr(PROP_F_PARSE_STRING, PROP_R_STRING_TOO_LONG); - ERR_add_error_data(2, "HERE-->", *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_STRING_TOO_LONG, "HERE-->%s", *t); } else { res->v.str_val = ossl_property_value(ctx, v, create); } @@ -242,14 +236,13 @@ static int parse_unquoted(OPENSSL_CTX *ctx, const char *t[], s++; } if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - PROPerr(PROP_F_PARSE_UNQUOTED, PROP_R_NOT_AN_ASCII_CHARACTER); - ERR_add_error_data(2, "HERE-->", s); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_ASCII_CHARACTER, + "HERE-->%s", s); return 0; } v[i] = 0; if (err) { - PROPerr(PROP_F_PARSE_UNQUOTED, PROP_R_STRING_TOO_LONG); - ERR_add_error_data(2, "HERE-->", *t); + ERR_raise_data(ERR_LIB_PROP, PROP_R_STRING_TOO_LONG, "HERE-->%s", *t); } else { res->v.str_val = ossl_property_value(ctx, v, create); } @@ -358,14 +351,14 @@ OSSL_PROPERTY_LIST *ossl_parse_property(OPENSSL_CTX *ctx, const char *defn) goto err; prop->oper = PROPERTY_OPER_EQ; if (prop->name_idx == 0) { - PROPerr(PROP_F_OSSL_PARSE_PROPERTY, PROP_R_PARSE_FAILED); - ERR_add_error_data(2, "Unknown name HERE-->", start); + ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, + "Unknown name HERE-->%s", start); goto err; } if (match_ch(&s, '=')) { if (!parse_value(ctx, &s, prop, 1)) { - PROPerr(PROP_F_OSSL_PARSE_PROPERTY, PROP_R_NO_VALUE); - ERR_add_error_data(2, "HERE-->", start); + ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_VALUE, + "HERE-->%s", start); goto err; } } else { @@ -380,8 +373,8 @@ OSSL_PROPERTY_LIST *ossl_parse_property(OPENSSL_CTX *ctx, const char *defn) done = !match_ch(&s, ','); } if (*s != '\0') { - PROPerr(PROP_F_OSSL_PARSE_PROPERTY, PROP_R_TRAILING_CHARACTERS); - ERR_add_error_data(2, "HERE-->", s); + ERR_raise_data(ERR_LIB_PROP, PROP_R_TRAILING_CHARACTERS, + "HERE-->%s", s); goto err; } res = stack_to_property_list(sk); @@ -442,8 +435,8 @@ skip_value: done = !match_ch(&s, ','); } if (*s != '\0') { - PROPerr(PROP_F_OSSL_PARSE_QUERY, PROP_R_TRAILING_CHARACTERS); - ERR_add_error_data(2, "HERE-->", s); + ERR_raise_data(ERR_LIB_PROP, PROP_R_TRAILING_CHARACTERS, + "HERE-->%s", s); goto err; } res = stack_to_property_list(sk); diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 385a632653..803406d7f7 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -225,9 +225,8 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */ ossl_provider_free(prov); /* refcount -1 */ - CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW, - CRYPTO_R_PROVIDER_ALREADY_EXISTS); - ERR_add_error_data(2, "name=", name); + ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL, + "name=%s", name); return NULL; } @@ -438,8 +437,8 @@ static int provider_activate(OSSL_PROVIDER *prov) if (prov->init_function == NULL || !prov->init_function(prov, core_dispatch, &provider_dispatch, &prov->provctx)) { - CRYPTOerr(CRYPTO_F_PROVIDER_ACTIVATE, ERR_R_INIT_FAIL); - ERR_add_error_data(2, "name=", prov->name); + ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, NULL, + "name=%s", prov->name); #ifndef FIPS_MODE DSO_free(prov->module); prov->module = NULL; @@ -730,6 +729,21 @@ static const OSSL_PARAM param_types[] = { OSSL_PARAM_END }; +/* + * Forward declare all the functions that are provided aa dispatch. + * This ensures that the compiler will complain if they aren't defined + * with the correct signature. + */ +static OSSL_core_get_param_types_fn core_get_param_types; +static OSSL_core_get_params_fn core_get_params; +static OSSL_core_thread_start_fn core_thread_start; +static OSSL_core_get_library_context_fn core_get_libctx; +#ifndef FIPS_MODE +static OSSL_core_new_error_fn core_new_error; +static OSSL_core_set_error_debug_fn core_set_error_debug; +static OSSL_core_vset_error_fn core_vset_error; +#endif + static const OSSL_PARAM *core_get_param_types(const OSSL_PROVIDER *prov) { return param_types; @@ -758,7 +772,6 @@ static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) return 1; } -static OSSL_core_get_library_context_fn core_get_libctx; /* Check */ static OPENSSL_CTX *core_get_libctx(const OSSL_PROVIDER *prov) { return prov->libctx; @@ -776,8 +789,26 @@ static int core_thread_start(const OSSL_PROVIDER *prov, * ones. */ #ifndef FIPS_MODE -static void core_put_error(const OSSL_PROVIDER *prov, - uint32_t reason, const char *file, int line) +/* + * TODO(3.0) These error functions should use |prov| to select the proper + * library context to report in the correct error stack, at least if error + * stacks become tied to the library context. + * We cannot currently do that since there's no support for it in the + * ERR subsystem. + */ +static void core_new_error(const OSSL_PROVIDER *prov) +{ + ERR_new(); +} + +static void core_set_error_debug(const OSSL_PROVIDER *prov, + const char *file, int line, const char *func) +{ + ERR_set_debug(file, line, func); +} + +static void core_vset_error(const OSSL_PROVIDER *prov, + uint32_t reason, const char *fmt, va_list args) { /* * If the uppermost 8 bits are non-zero, it's an OpenSSL library @@ -785,27 +816,11 @@ static void core_put_error(const OSSL_PROVIDER *prov, * provider error and will be treated as such. */ if (ERR_GET_LIB(reason) != 0) { - ERR_PUT_error(ERR_GET_LIB(reason), - ERR_GET_FUNC(reason), - ERR_GET_REASON(reason), - file, line); + ERR_vset_error(ERR_GET_LIB(reason), ERR_GET_REASON(reason), fmt, args); } else { - ERR_PUT_error(prov->error_lib, 0, (int)reason, file, line); + ERR_vset_error(prov->error_lib, (int)reason, fmt, args); } } - -/* - * TODO(3.0) This, as well as core_put_error above, should use |prov| - * to select the proper library context to report in the correct error - * stack, at least if error stacks become tied to the library context. - * We cannot currently do that since there's no support for it in the - * ERR subsystem. - */ -static void core_add_error_vdata(const OSSL_PROVIDER *prov, - int num, va_list args) -{ - ERR_add_error_vdata(num, args); -} #endif /* @@ -818,8 +833,9 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT, (void (*)(void))core_get_libctx }, { OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start }, #ifndef FIPS_MODE - { OSSL_FUNC_CORE_PUT_ERROR, (void (*)(void))core_put_error }, - { OSSL_FUNC_CORE_ADD_ERROR_VDATA, (void (*)(void))core_add_error_vdata }, + { OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error }, + { OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug }, + { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error }, #endif { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc }, diff --git a/doc/man3/ERR_new.pod b/doc/man3/ERR_new.pod new file mode 100644 index 0000000000..80419da2c4 --- /dev/null +++ b/doc/man3/ERR_new.pod @@ -0,0 +1,78 @@ +=pod + +=head1 NAME + +ERR_new, ERR_set_debug, ERR_set_error, ERR_vset_error +- Error recording building blocks + +=head1 SYNOPSIS + + #include + + void ERR_new(void); + void ERR_set_debug(const char *file, int line, const char *func); + void ERR_set_error(int lib, int reason, const char *fmt, ...); + void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); + +=head1 DESCRIPTION + +The functions described here are generally not used directly, but +rather through macros such as L. +They can still be useful for anyone that wants to make their own +macros. + +ERR_new() allocates a new slot in the thread's error queue. + +ERR_set_debug() sets the debug information related to the current +error in the thread's error queue. +The values that can be given are the file name I, line in the +file I and the name of the function I where the error +occured. +The names must be constant, this function will only save away the +pointers, not copy the strings. + +ERR_set_error() sets the error information, which are the library +number I and the reason code I, and additional data as a +format string I and an arbitrary number of arguments. +The additional data is processed with L to form the +additional data string, which is allocated and store in the error +record. + +ERR_vset_error() works like ERR_set_error(), but takes a B +argument instead of a variable number of arguments. + +=head1 RETURN VALUES + +ERR_new, ERR_set_debug, ERR_set_error and ERR_vset_error +do not return any values. + +=head1 NOTES + +The library number is unique to each unit that records errors. +OpenSSL has a number of pre-allocated ones for its own uses, but +others may allocate their own library number dynamically with +L. + +Reason codes are unique within each library, and may have an +associated set of strings as a short description of the reason. +For dynamically allocated library numbers, reason strings are recorded +with L. + +Provider authors are supplied with core versions of these functions, +see L. + +=head1 SEE ALSO + +L, L, +L, L, L + +=head1 COPYRIGHT + +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/ERR_put_error.pod b/doc/man3/ERR_put_error.pod index c2913d5af4..729eb574ce 100644 --- a/doc/man3/ERR_put_error.pod +++ b/doc/man3/ERR_put_error.pod @@ -2,31 +2,41 @@ =head1 NAME -ERR_put_error, ERR_put_func_error, -ERR_add_error_data, ERR_add_error_vdata - record an error +ERR_raise, ERR_raise_data, +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata +- record an error =head1 SYNOPSIS #include - void ERR_put_error(int lib, int func, int reason, const char *file, int line); - void ERR_put_func_error(int lib, const char *func, int reason, - const char *file, int line); + void ERR_raise(int lib, int reason); + void ERR_raise_data(int lib, int reason, const char *fmt, ...); void ERR_add_error_data(int num, ...); void ERR_add_error_vdata(int num, va_list arg); +Deprecated since OpenSSL 3.0: + + void ERR_put_error(int lib, int func, int reason, const char *file, int line); + =head1 DESCRIPTION +ERR_raise() adds a new error to the thread's error queue. The +error occured in the library B for the reason given by the +B code. Furthermore, the name of the file, the line, and name +of the function where the error occured is saved with the error +record. + +ERR_raise_data() does the same thing as ERR_raise(), but also lets the +caller specify additional information as a format string B and an +arbitrary number of values, which are processed with L. + ERR_put_error() adds an error code to the thread's error queue. It signals that the error of reason code B occurred in function B of library B, in line number B of B. This function is usually called by a macro. -ERR_put_func_err() is similar except that the B is a string naming -a function external to OpenSSL, usually provided by the platform on which -OpenSSL and the application is running. - ERR_add_error_data() associates the concatenation of its B string arguments with the error code added last. ERR_add_error_vdata() is similar except the argument is a B. @@ -38,6 +48,8 @@ error messages for the error code. =head2 Reporting errors +=for comment TODO(3.0) should this be internal documentation? + Each sub-library has a specific macro XXXerr() that is used to report errors. Its first argument is a function code B, the second argument is a reason code B. Function codes are derived @@ -64,8 +76,12 @@ the ASN1err() macro. =head1 RETURN VALUES -ERR_put_error() and ERR_add_error_data() return -no values. +ERR_raise(), ERR_put_error(), ERR_add_error_data() and +ERR_add_error_vdata() return no values. + +=head1 NOTES + +ERR_raise() and ERR_put_error() are implemented as macros. =head1 SEE ALSO @@ -73,7 +89,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index e8e5d28560..aa1a3d634b 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -20,11 +20,12 @@ provider-base int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); int core_thread_start(const OSSL_PROVIDER *prov, OSSL_thread_stop_handler_fn handfn); - void core_put_error(const OSSL_PROVIDER *prov, - uint32_t reason, const char *file, int line); - void core_add_error_vdata(const OSSL_PROVIDER *prov, - int num, va_list args); OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov); + void core_new_error(const OSSL_PROVIDER *prov); + void core_set_error_debug(const OSSL_PROVIDER *prov, + const char *file, int line, const char *func); + void core_vset_error(const OSSL_PROVIDER *prov, + uint32_t reason, const char *fmt, va_list args); /* * Some OpenSSL functionality is directly offered to providers via @@ -89,9 +90,10 @@ provider): core_get_param_types OSSL_FUNC_CORE_GET_PARAM_TYPES core_get_params OSSL_FUNC_CORE_GET_PARAMS core_thread_start OSSL_FUNC_CORE_THREAD_START - core_put_error OSSL_FUNC_CORE_PUT_ERROR - core_add_error_vdata OSSL_FUNC_CORE_ADD_ERROR_VDATA core_get_library_context OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT + core_new_error OSSL_FUNC_CORE_NEW_ERROR + core_set_error_debug OSSL_FUNC_CORE_SET_ERROR_DEBUG + core_set_error OSSL_FUNC_CORE_SET_ERROR CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC CRYPTO_zalloc OSSL_FUNC_CRYPTO_ZALLOC CRYPTO_memdup OSSL_FUNC_CRYPTO_MEMDUP @@ -129,25 +131,47 @@ parameters. =for comment core_thread_start() TBA -core_put_error() is used to report an error back to the core, with +core_get_library_context() retrieves the library context in which the +B object I is stored. +This may sometimes be useful if the provider wishes to store a +reference to its context in the same library context. + +core_new_error(), core_set_error_debug() and core_set_error() are +building blocks for reporting an error back to the core, with reference to the provider object I. + +=over 4 + +=item core_new_error() + +allocates a new thread specific error record. + +This corresponds to the OpenSSL function L. + +=item core_set_error_debug() + +sets debugging information in the current thread specific error +record. +The debugging information includes the name of the file I, the +line I and the function name I where the error occured. + +This corresponds to the OpenSSL function L. + +=item core_set_error() + +sets the I for the error, along with any addition data. The I is a number defined by the provider and used to index the reason strings table that's returned by provider_get_reason_strings(). +The additional data is given as a format string I and a set of +arguments I, which are treated in the same manner as with +BIO_vsnprintf(). I and I may also be passed to indicate exactly where the error occured or was reported. -This corresponds to the OpenSSL function L. -core_add_error_vdata() is used to add additional text data to an -error already reported with core_put_error(). -It takes I strings in a B and concatenates them. -Provider authors will have to write the corresponding variadic -argument function. +This corresponds to the OpenSSL function L. -core_get_library_context() retrieves the library context in which the -B object I is stored. -This may sometimes be useful if the provider wishes to store a -reference to its context in the same library context. +=back CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(), CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(), diff --git a/engines/e_afalg_err.c b/engines/e_afalg_err.c index c436f10a41..4db6d660c9 100644 --- a/engines/e_afalg_err.c +++ b/engines/e_afalg_err.c @@ -66,5 +66,6 @@ static void ERR_AFALG_error(int function, int reason, char *file, int line) { if (lib_code == 0) lib_code = ERR_get_next_error_library(); - ERR_PUT_error(lib_code, function, reason, file, line); + ERR_raise(lib_code, reason); + ERR_set_debug(file, line, NULL); } diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c index acbec41d08..e2b1f7561f 100644 --- a/engines/e_capi_err.c +++ b/engines/e_capi_err.c @@ -89,5 +89,6 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line) { if (lib_code == 0) lib_code = ERR_get_next_error_library(); - ERR_PUT_error(lib_code, function, reason, file, line); + ERR_raise(lib_code, reason); + ERR_set_debug(file, line, NULL); } diff --git a/engines/e_dasync_err.c b/engines/e_dasync_err.c index 0920690af6..a2e6c0dc86 100644 --- a/engines/e_dasync_err.c +++ b/engines/e_dasync_err.c @@ -51,5 +51,6 @@ static void ERR_DASYNC_error(int function, int reason, char *file, int line) { if (lib_code == 0) lib_code = ERR_get_next_error_library(); - ERR_PUT_error(lib_code, function, reason, file, line); + ERR_raise(lib_code, reason); + ERR_set_debug(file, line, NULL); } diff --git a/engines/e_ossltest_err.c b/engines/e_ossltest_err.c index b81e00b43c..d9ee80cb83 100644 --- a/engines/e_ossltest_err.c +++ b/engines/e_ossltest_err.c @@ -51,5 +51,6 @@ static void ERR_OSSLTEST_error(int function, int reason, char *file, int line) { if (lib_code == 0) lib_code = ERR_get_next_error_library(); - ERR_PUT_error(lib_code, function, reason, file, line); + ERR_raise(lib_code, reason); + ERR_set_debug(file, line, NULL); } diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 3428ab59d9..0bbe92709c 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -66,17 +66,19 @@ OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov, # define OSSL_FUNC_CORE_THREAD_START 3 OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_PROVIDER *prov, OSSL_thread_stop_handler_fn handfn)) -# define OSSL_FUNC_CORE_PUT_ERROR 4 -OSSL_CORE_MAKE_FUNC(void,core_put_error, - (const OSSL_PROVIDER *prov, - uint32_t reason, const char *file, int line)) -# define OSSL_FUNC_CORE_ADD_ERROR_VDATA 5 -OSSL_CORE_MAKE_FUNC(void,core_add_error_vdata,(const OSSL_PROVIDER *prov, - int num, va_list args)) -# define OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT 6 +# define OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT 4 OSSL_CORE_MAKE_FUNC(OPENSSL_CTX *,core_get_library_context, (const OSSL_PROVIDER *prov)) - +# define OSSL_FUNC_CORE_NEW_ERROR 5 +OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_SET_ERROR_DEBUG 6 +OSSL_CORE_MAKE_FUNC(void,core_set_error_debug, + (const OSSL_PROVIDER *prov, + const char *file, int line, const char *func)) +# define OSSL_FUNC_CORE_VSET_ERROR 7 +OSSL_CORE_MAKE_FUNC(void,core_vset_error, + (const OSSL_PROVIDER *prov, + uint32_t reason, const char *fmt, va_list args)) /* Memory allocation, freeing, clearing. */ #define OSSL_FUNC_CRYPTO_MALLOC 10 diff --git a/include/openssl/err.h b/include/openssl/err.h index e84bc68a4e..142321d2c8 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -50,6 +50,7 @@ typedef struct err_state_st { int err_data_flags[ERR_NUM_ERRORS]; const char *err_file[ERR_NUM_ERRORS]; int err_line[ERR_NUM_ERRORS]; + const char *err_func[ERR_NUM_ERRORS]; int top, bottom; } ERR_STATE; @@ -107,49 +108,49 @@ typedef struct err_state_st { # define ERR_LIB_USER 128 # if ! OPENSSL_API_3 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,0,(r),OPENSSL_FILE,OPENSSL_LINE) -#endif -# define FUNCerr(f,r) ERR_PUT_func_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define ESSerr(f,r) ERR_PUT_error(ERR_LIB_ESS,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define PROPerr(f,r) ERR_PUT_error(ERR_LIB_PROP,0,(r),OPENSSL_FILE,OPENSSL_LINE) -# define PROVerr(f,r) ERR_PUT_error(ERR_LIB_PROV,0,(r),OPENSSL_FILE,OPENSSL_LINE) +# define SYSerr(f,r) ERR_raise(ERR_LIB_SYS,(r)) +# endif +# define FUNCerr(f,r) ERR_raise_data(ERR_LIB_SYS,(r),"calling function %s",(f)) +# define BNerr(f,r) ERR_raise(ERR_LIB_RSA,(r)) +# define RSAerr(f,r) ERR_raise(ERR_LIB_RSA,(r)) +# define DHerr(f,r) ERR_raise(ERR_LIB_DH,(r)) +# define EVPerr(f,r) ERR_raise(ERR_LIB_EVP,(r)) +# define BUFerr(f,r) ERR_raise(ERR_LIB_BUF,(r)) +# define OBJerr(f,r) ERR_raise(ERR_LIB_OBJ,(r)) +# define PEMerr(f,r) ERR_raise(ERR_LIB_PEM,(r)) +# define DSAerr(f,r) ERR_raise(ERR_LIB_DSA,(r)) +# define X509err(f,r) ERR_raise(ERR_LIB_X509,(r)) +# define ASN1err(f,r) ERR_raise(ERR_LIB_ASN1,(r)) +# define CONFerr(f,r) ERR_raise(ERR_LIB_CONF,(r)) +# define CRYPTOerr(f,r) ERR_raise(ERR_LIB_CRYPTO,(r)) +# define ECerr(f,r) ERR_raise(ERR_LIB_EC,(r)) +# define SSLerr(f,r) ERR_raise(ERR_LIB_SSL,(r)) +# define BIOerr(f,r) ERR_raise(ERR_LIB_BIO,(r)) +# define PKCS7err(f,r) ERR_raise(ERR_LIB_PKCS7,(r)) +# define X509V3err(f,r) ERR_raise(ERR_LIB_X509V3,(r)) +# define PKCS12err(f,r) ERR_raise(ERR_LIB_PKCS12,(r)) +# define RANDerr(f,r) ERR_raise(ERR_LIB_RAND,(r)) +# define DSOerr(f,r) ERR_raise(ERR_LIB_DSO,(r)) +# define ENGINEerr(f,r) ERR_raise(ERR_LIB_ENGINE,(r)) +# define OCSPerr(f,r) ERR_raise(ERR_LIB_OCSP,(r)) +# define UIerr(f,r) ERR_raise(ERR_LIB_UI,(r)) +# define COMPerr(f,r) ERR_raise(ERR_LIB_COMP,(r)) +# define ECDSAerr(f,r) ERR_raise(ERR_LIB_ECDSA,(r)) +# define ECDHerr(f,r) ERR_raise(ERR_LIB_ECDH,(r)) +# define OSSL_STOREerr(f,r) ERR_raise(ERR_LIB_OSSL_STORE,(r)) +# define FIPSerr(f,r) ERR_raise(ERR_LIB_FIPS,(r)) +# define CMSerr(f,r) ERR_raise(ERR_LIB_CMS,(r)) +# define CRMFerr(f,r) ERR_raise(ERR_LIB_CRMF,(r)) +# define CMPerr(f,r) ERR_raise(ERR_LIB_CMP,(r)) +# define TSerr(f,r) ERR_raise(ERR_LIB_TS,(r)) +# define HMACerr(f,r) ERR_raise(ERR_LIB_HMAC,(r)) +# define CTerr(f,r) ERR_raise(ERR_LIB_CT,(r)) +# define ASYNCerr(f,r) ERR_raise(ERR_LIB_ASYNC,(r)) +# define KDFerr(f,r) ERR_raise(ERR_LIB_KDF,(r)) +# define SM2err(f,r) ERR_raise(ERR_LIB_SM2,(r)) +# define ESSerr(f,r) ERR_raise(ERR_LIB_ESS,(r)) +# define PROPerr(f,r) ERR_raise(ERR_LIB_PROP,(r)) +# define PROVerr(f,r) ERR_raise(ERR_LIB_PROV,(r)) # define ERR_PACK(l,f,r) ( \ (((unsigned int)(l) & 0x0FF) << 24L) | \ @@ -235,9 +236,30 @@ typedef struct ERR_string_data_st { DEFINE_LHASH_OF(ERR_STRING_DATA); -void ERR_put_error(int lib, int func, int reason, const char *file, int line); -void ERR_put_func_error(int lib, const char *func, int reason, - const char *file, int line); +/* 12 lines and some on an 80 column terminal */ +#define ERR_MAX_DATA_SIZE 1024 + +/* Building blocks */ +void ERR_new(void); +void ERR_set_debug(const char *file, int line, const char *func); +void ERR_set_error(int lib, int reason, const char *fmt, ...); +void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); + +/* Main error raising functions */ +#define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) +#define ERR_raise_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC), \ + ERR_set_error) + +#if !OPENSSL_API_3 +/* Backward compatibility */ +#define ERR_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug((file), (line), NULL), \ + ERR_set_error((lib), (reason), NULL)) +#endif + void ERR_set_error_data(char *data, int flags); unsigned long ERR_get_error(void); diff --git a/include/openssl/opensslconf.h.in b/include/openssl/macros.h similarity index 70% copy from include/openssl/opensslconf.h.in copy to include/openssl/macros.h index b0d339ac9a..6b735b6b0b 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/macros.h @@ -1,7 +1,5 @@ /* - * {- join("\n * ", @autowarntext) -} - * - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,43 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include - -#ifndef HEADER_OPENSSLCONF_H -# define HEADER_OPENSSLCONF_H - -# ifdef __cplusplus -extern "C" { -# endif - -# ifdef OPENSSL_ALGORITHM_DEFINES -# error OPENSSL_ALGORITHM_DEFINES no longer supported -# endif - -/* - * OpenSSL was configured with the following options: - */ - -{- if (@{$config{openssl_sys_defines}}) { - foreach (@{$config{openssl_sys_defines}}) { - $OUT .= "# ifndef $_\n"; - $OUT .= "# define $_ 1\n"; - $OUT .= "# endif\n"; - } - } - foreach (@{$config{openssl_api_defines}}) { - (my $macro, my $value) = $_ =~ /^(.*?)=(.*?)$/; - $OUT .= "# define $macro $value\n"; - } - if (@{$config{openssl_feature_defines}}) { - foreach (@{$config{openssl_feature_defines}}) { - $OUT .= "# ifndef $_\n"; - $OUT .= "# define $_\n"; - $OUT .= "# endif\n"; - } - } - ""; --} +#ifndef OPENSSL_MACROS_H +# define OPENSSL_MACROS_H /* * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers @@ -162,23 +125,18 @@ extern "C" { # endif # endif -/* Generate 80386 code? */ -{- $config{processor} eq "386" ? "# define" : "# undef" -} I386_ONLY - -/* - * The following are cipher-specific, but are part of the public API. - */ -# if !defined(OPENSSL_SYS_UEFI) -{- $config{bn_ll} ? "# define" : "# undef" -} BN_LLONG -/* Only one for the following should be defined */ -{- $config{b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG -{- $config{b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT -{- $config{b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT +# ifndef OPENSSL_FUNC +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L +# define OPENSSL_FUNC __func__ +# elif defined(__STDC__) && defined(PEDANTIC) +# define OPENSSL_FUNC "(PEDANTIC disallows function name)" +# elif defined(_MSC_VER) || (defined(__GNUC__) && __GNUC__ >= 2) +# define OPENSSL_FUNC __FUNCTION__ +# elif defined(__FUNCSIG__) +# define OPENSSL_FUNC __FUNCSIG__ +# else +# define OPENSSL_FUNC "(unknown function)" +# endif # endif -# define RC4_INT {- $config{rc4_int} -} - -# ifdef __cplusplus -} -# endif -#endif /* HEADER_OPENSSLCONF_H */ +#endif /* OPENSSL_MACROS_H */ diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index b0d339ac9a..5673b5b963 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -47,121 +47,6 @@ extern "C" { ""; -} -/* - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers - * don't like that. This will hopefully silence them. - */ -# define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; - -/* - * Applications should use -DOPENSSL_API_COMPAT= to suppress the - * declarations of functions deprecated in or before . If this is - * undefined, the value of the macro OPENSSL_API_MIN above is the default. - * - * For any version number up until version 1.1.x, is expected to be - * the calculated version number 0xMNNFFPPSL. For version numbers 3.0.0 and - * on, is expected to be only the major version number (i.e. 3 for - * version 3.0.0). - */ -# ifndef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f; -# ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif -# endif -# endif - -/* - * We convert the OPENSSL_API_COMPAT value to an API level. The API level - * is the major version number for 3.0.0 and on. For earlier versions, it - * uses this scheme, which is close enough for our purposes: - * - * 0.x.y 0 (0.9.8 was the last release in this series) - * 1.0.x 1 (1.0.2 was the last release in this series) - * 1.1.x 2 (1.1.1 was the last release in this series) - */ - -/* In case someone defined both */ -# if defined(OPENSSL_API_COMPAT) && defined(OPENSSL_API_LEVEL) -# error "Disallowed to define both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL" -# endif - -# ifndef OPENSSL_API_COMPAT -# define OPENSSL_API_LEVEL OPENSSL_MIN_API -# else -# if (OPENSSL_API_COMPAT < 0x1000L) /* Major version numbers up to 16777215 */ -# define OPENSSL_API_LEVEL OPENSSL_API_COMPAT -# elif (OPENSSL_API_COMPAT & 0xF0000000L) == 0x00000000L -# define OPENSSL_API_LEVEL 0 -# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10000000L -# define OPENSSL_API_LEVEL 1 -# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10100000L -# define OPENSSL_API_LEVEL 2 -# else - /* Major number 3 to 15 */ -# define OPENSSL_API_LEVEL ((OPENSSL_API_COMPAT >> 28) & 0xF) -# endif -# endif - -/* - * Do not deprecate things to be deprecated in version 4.0 before the - * OpenSSL version number matches. - */ -# if OPENSSL_VERSION_MAJOR < 4 -# define DEPRECATEDIN_4(f) f; -# define OPENSSL_API_4 0 -# elif OPENSSL_API_LEVEL < 4 -# define DEPRECATEDIN_4(f) DECLARE_DEPRECATED(f) -# define OPENSSL_API_4 0 -# else -# define DEPRECATEDIN_4(f) -# define OPENSSL_API_4 1 -# endif - -# if OPENSSL_API_LEVEL < 3 -# define DEPRECATEDIN_3(f) DECLARE_DEPRECATED(f) -# define OPENSSL_API_3 0 -# else -# define DEPRECATEDIN_3(f) -# define OPENSSL_API_3 1 -# endif - -# if OPENSSL_API_LEVEL < 2 -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) -# define OPENSSL_API_1_1_0 0 -# else -# define DEPRECATEDIN_1_1_0(f) -# define OPENSSL_API_1_1_0 1 -# endif - -# if OPENSSL_API_LEVEL < 1 -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) -# define OPENSSL_API_1_0_0 0 -# else -# define DEPRECATEDIN_1_0_0(f) -# define OPENSSL_API_1_0_0 1 -# endif - -# if OPENSSL_API_LEVEL < 0 -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) -# define OPENSSL_API_0_9_8 0 -# else -# define DEPRECATEDIN_0_9_8(f) -# define OPENSSL_API_0_9_8 1 -# endif - -# ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -# endif - /* Generate 80386 code? */ {- $config{processor} eq "386" ? "# define" : "# undef" -} I386_ONLY @@ -178,6 +63,8 @@ extern "C" { # define RC4_INT {- $config{rc4_int} -} +#include + # ifdef __cplusplus } # endif diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 4c010c895e..b62bfeec39 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -39,8 +39,9 @@ extern OSSL_core_thread_start_fn *c_thread_start; static OSSL_core_get_param_types_fn *c_get_param_types; static OSSL_core_get_params_fn *c_get_params; OSSL_core_thread_start_fn *c_thread_start; -static OSSL_core_put_error_fn *c_put_error; -static OSSL_core_add_error_vdata_fn *c_add_error_vdata; +static OSSL_core_new_error_fn *c_new_error; +static OSSL_core_set_error_debug_fn *c_set_error_debug; +static OSSL_core_vset_error_fn *c_vset_error; static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; static OSSL_CRYPTO_free_fn *c_CRYPTO_free; @@ -305,11 +306,14 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CORE_THREAD_START: c_thread_start = OSSL_get_core_thread_start(in); break; - case OSSL_FUNC_CORE_PUT_ERROR: - c_put_error = OSSL_get_core_put_error(in); + case OSSL_FUNC_CORE_NEW_ERROR: + c_new_error = OSSL_get_core_new_error(in); break; - case OSSL_FUNC_CORE_ADD_ERROR_VDATA: - c_add_error_vdata = OSSL_get_core_add_error_vdata(in); + case OSSL_FUNC_CORE_SET_ERROR_DEBUG: + c_set_error_debug = OSSL_get_core_set_error_debug(in); + break; + case OSSL_FUNC_CORE_VSET_ERROR: + c_vset_error = OSSL_get_core_vset_error(in); break; case OSSL_FUNC_CRYPTO_MALLOC: c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); @@ -416,29 +420,28 @@ int fips_intern_provider_init(const OSSL_PROVIDER *provider, return 1; } -void ERR_put_error(int lib, int func, int reason, const char *file, int line) +void ERR_new(void) { - /* - * TODO(3.0) the first argument is currently NULL but is expected to - * be passed something else in the future, either an OSSL_PROVIDER or - * a OPENSSL_CTX pointer. - */ - c_put_error(NULL, ERR_PACK(lib, func, reason), file, line); - ERR_add_error_data(1, "(in the FIPS module)"); + c_new_error(NULL); +} + +void ERR_set_debug(const char *file, int line, const char *func) +{ + c_set_error_debug(NULL, file, line, func); } -void ERR_add_error_data(int num, ...) +void ERR_set_error(int lib, int reason, const char *fmt, ...) { va_list args; - va_start(args, num); - ERR_add_error_vdata(num, args); + va_start(args, fmt); + c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); va_end(args); } -void ERR_add_error_vdata(int num, va_list args) +void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) { - c_add_error_vdata(NULL, num, args); + c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); } const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index a35573c935..bd9277b71e 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -118,7 +118,8 @@ void ossl_statem_set_renegotiate(SSL *s) void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, int line) { - ERR_put_error(ERR_LIB_SSL, func, reason, file, line); + ERR_raise(ERR_LIB_SSL, reason); + ERR_set_debug(file, line, NULL); /* Override what ERR_raise set */ /* We shouldn't call SSLfatal() twice. Once is enough */ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) return; diff --git a/test/errtest.c b/test/errtest.c index 88ff860092..1a18335b6e 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -47,12 +47,14 @@ static int vdata_appends(void) /* Test that setting a platform error sets the right values. */ static int platform_error(void) { - const char *file = __FILE__, *f, *data; - const int line = __LINE__; + const char *file, *f, *data; + int line; int l; unsigned long e; - ERR_put_func_error(ERR_LIB_SYS, "exit", ERR_R_INTERNAL_ERROR, file, line); + file = __FILE__; + line = __LINE__ + 1; /* The error is generated on the next line */ + FUNCerr("exit", ERR_R_INTERNAL_ERROR); if (!TEST_ulong_ne(e = ERR_get_error_line_data(&f, &l, &data, NULL), 0) || !TEST_int_eq(ERR_GET_REASON(e), ERR_R_INTERNAL_ERROR) || !TEST_int_eq(l, line) diff --git a/util/libcrypto.num b/util/libcrypto.num index 81462480ca..a6c5097e1c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -998,7 +998,7 @@ OPENSSL_LH_get_down_load 1023 3_0_0 EXIST::FUNCTION: EVP_md4 1024 3_0_0 EXIST::FUNCTION:MD4 X509_set_subject_name 1025 3_0_0 EXIST::FUNCTION: i2d_PKCS8PrivateKey_nid_bio 1026 3_0_0 EXIST::FUNCTION: -ERR_put_error 1027 3_0_0 EXIST::FUNCTION: +ERR_put_error 1027 3_0_0 NOEXIST::FUNCTION: ERR_add_error_data 1028 3_0_0 EXIST::FUNCTION: X509_ALGORS_it 1029 3_0_0 EXIST::FUNCTION: MD5_Update 1030 3_0_0 EXIST::FUNCTION:MD5 @@ -4690,7 +4690,7 @@ EVP_KEYMGMT_up_ref 4795 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_free 4796 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_provider 4797 3_0_0 EXIST::FUNCTION: X509_PUBKEY_dup 4798 3_0_0 EXIST::FUNCTION: -ERR_put_func_error 4799 3_0_0 EXIST::FUNCTION: +ERR_put_func_error 4799 3_0_0 NOEXIST::FUNCTION: EVP_MD_name 4800 3_0_0 EXIST::FUNCTION: EVP_CIPHER_name 4801 3_0_0 EXIST::FUNCTION: EVP_MD_provider 4802 3_0_0 EXIST::FUNCTION: @@ -4700,3 +4700,7 @@ EVP_CIPHER_do_all_ex 4805 3_0_0 EXIST::FUNCTION: EVP_MD_do_all_ex 4806 3_0_0 EXIST::FUNCTION: EVP_KEYEXCH_provider 4807 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_available 4808 3_0_0 EXIST::FUNCTION: +ERR_new 4809 3_0_0 EXIST::FUNCTION: +ERR_set_debug 4810 3_0_0 EXIST::FUNCTION: +ERR_set_error 4811 3_0_0 EXIST::FUNCTION: +ERR_vset_error 4812 3_0_0 EXIST::FUNCTION: diff --git a/util/mkerr.pl b/util/mkerr.pl index 956b66179a..51e034703d 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -650,7 +650,8 @@ ${st}void ERR_${lib}_error(int function, int reason, char *file, int line) { if (lib_code == 0) lib_code = ERR_get_next_error_library(); - ERR_PUT_error(lib_code, function, reason, file, line); + ERR_raise(lib_code, reason); + ERR_set_debug(file, line, NULL); } EOF diff --git a/util/private.num b/util/private.num index 1e76dfb43c..82cb72e606 100644 --- a/util/private.num +++ b/util/private.num @@ -195,7 +195,10 @@ ERR_GET_LIB define ERR_GET_REASON define ERR_PACK define ERR_free_strings define deprecated 1.1.0 +ERR_put_error define deprecated 3.0 ERR_load_crypto_strings define deprecated 1.1.0 +ERR_raise define +ERR_raise_data define EVP_DigestSignUpdate define EVP_DigestVerifyUpdate define EVP_KDF_name define From builds at travis-ci.org Wed Jul 31 05:09:37 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 05:09:37 +0000 Subject: Errored: openssl/openssl#26974 (master - c361297) In-Reply-To: Message-ID: <5d412290d7313_43faf898f9774843fc@3185bb51-77dd-49ea-89f2-bd79250bdb0d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26974 Status: Errored Duration: 22 mins and 18 secs Commit: c361297 (master) Author: Richard Levitte Message: Avoid using ERR_put_error() directly in OpenSSL code If compiled with 'no-deprecated', ERR_put_error() is undefined. We had one spot where we were using it directly, because the file and line information was passed from elsewhere. Fortunately, it's possible to use ERR_raise() for that situation, and call ERR_set_debug() immediately after and thereby override the information that ERR_raise() stored in the error record. util/mkerr.pl needed a small adjustment to not generate code that won't compile in a 'no-deprecated' configuration. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9452) View the changeset: https://github.com/openssl/openssl/compare/35f6fe7ac4fb...c3612970465d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565800920?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 31 05:36:20 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 31 Jul 2019 05:36:20 +0000 Subject: Build completed: openssl master.26397 Message-ID: <20190731053620.1.3F355849088E8F61@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jul 31 05:51:37 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 31 Jul 2019 05:51:37 +0000 Subject: [openssl] master update Message-ID: <1564552297.695871.21044.nullmailer@dev.openssl.org> The branch master has been updated via 02c163ea8936d75c7334d81d86c2a713dea40371 (commit) from c3612970465d0a13f2fc5b47bc28ca18516a699d (commit) - Log ----------------------------------------------------------------- commit 02c163ea8936d75c7334d81d86c2a713dea40371 Author: Pauli Date: Wed Jul 31 07:19:33 2019 +1000 Check for NULL return from zalloc in dh_dupctx. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9485) ----------------------------------------------------------------------- Summary of changes: providers/common/exchange/dh_exch.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/providers/common/exchange/dh_exch.c b/providers/common/exchange/dh_exch.c index b4bfd5f419..62041daab3 100644 --- a/providers/common/exchange/dh_exch.c +++ b/providers/common/exchange/dh_exch.c @@ -106,6 +106,8 @@ static void *dh_dupctx(void *vpdhctx) PROV_DH_CTX *dstctx; dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) + return NULL; *dstctx = *srcctx; if (dstctx->dh != NULL && !DH_up_ref(dstctx->dh)) { From builds at travis-ci.org Wed Jul 31 06:19:54 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 06:19:54 +0000 Subject: Errored: openssl/openssl#26977 (master - 02c163e) In-Reply-To: Message-ID: <5d41330a433d1_43faf89633a94957a6@3185bb51-77dd-49ea-89f2-bd79250bdb0d.mail> Build Update for openssl/openssl ------------------------------------- Build: #26977 Status: Errored Duration: 27 mins and 21 secs Commit: 02c163e (master) Author: Pauli Message: Check for NULL return from zalloc in dh_dupctx. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9485) View the changeset: https://github.com/openssl/openssl/compare/c3612970465d...02c163ea8936 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565815311?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 31 06:45:20 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 31 Jul 2019 06:45:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1564555520.236054.17410.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 35f6fe7ac4 Fix BIO_printf format warnings 62cc845fc9 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c 11dbdc0714 Document the provider CIPHER operation d753cc333d Fix coverity 1452084 Fix coverity 1452083 10f8b36874 ERR: re-use the err_data field when possible Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha3_prov.c:110: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ossl_prov_util_nid_to_name': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:171: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:206: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:188: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:182: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:214: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:221: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:212: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:293: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:297: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:290: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:301: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:307: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:310: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:313: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:386: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:391: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_library_context': /home/openssl/run-checker/enable-fuzz-afl/../openssl/include/openssl/core_numbers.h:77: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `fips_intern_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:403: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:406: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:415: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `ERR_put_error': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:419: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_data': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:431: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `ERR_add_error_vdata': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:439: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `FIPS_get_provider': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:444: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:452: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:453: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:455: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:460: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:465: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:470: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:475: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_clear_realloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:480: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_malloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:486: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_zalloc': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:491: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:496: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_clear_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:501: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `CRYPTO_secure_allocated': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:506: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_new': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:60: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_prov_ossl_ctx_free': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:67: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:148: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:153: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:158: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:160: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:161: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:163: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:164: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:167: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:255: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:7191: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Wed Jul 31 07:33:29 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 31 Jul 2019 07:33:29 +0000 Subject: [openssl] master update Message-ID: <1564558409.248862.19569.nullmailer@dev.openssl.org> The branch master has been updated via faea3bd1339ac1029ab2bc746dfb7c891366d653 (commit) from 02c163ea8936d75c7334d81d86c2a713dea40371 (commit) - Log ----------------------------------------------------------------- commit faea3bd1339ac1029ab2bc746dfb7c891366d653 Author: Richard Levitte Date: Wed Jul 31 06:59:37 2019 +0200 Document recent changes in NEWS and CHANGES More should be added there Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/9486) ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ NEWS | 3 +++ 2 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index 80ad49ee7c..dd230d60b5 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,14 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Introduced new error raising macros, ERR_raise() and ERR_raise_data(), + where the former acts as a replacement for ERR_put_error(), and the + latter replaces the combination ERR_put_error()+ERR_add_error_data(). + ERR_raise_data() adds more flexibility by taking a format string and + an arbitrary number of arguments following it, to be processed with + BIO_snprintf(). + [Richard Levitte] + *) Introduced a new function, OSSL_PROVIDER_available(), which can be used to check if a named provider is loaded and available. When called, it will also activate all fallback providers if such are still present. diff --git a/NEWS b/NEWS index aeb2eb7426..0463af6e25 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] + o Added error raising macros, ERR_raise() and ERR_raise_data(). + o Deprecated ERR_put_error(). + o Added OSSL_PROVIDER_available(), to check provider availibility. o Added 'openssl mac' that uses the EVP_MAC API. o Added 'openssl kdf' that uses the EVP_KDF API. o Add OPENSSL_info() and 'openssl info' to get built-in data. From no-reply at appveyor.com Wed Jul 31 07:39:12 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 31 Jul 2019 07:39:12 +0000 Subject: Build failed: openssl master.26403 Message-ID: <20190731073912.1.1C91017156AAF35A@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 31 07:59:41 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 07:59:41 +0000 Subject: Errored: openssl/openssl#26984 (master - faea3bd) In-Reply-To: Message-ID: <5d414a6ce2797_43fc4b2dd122c13479@f927ebe1-865a-4553-8501-745190d9997c.mail> Build Update for openssl/openssl ------------------------------------- Build: #26984 Status: Errored Duration: 23 mins and 3 secs Commit: faea3bd (master) Author: Richard Levitte Message: Document recent changes in NEWS and CHANGES More should be added there Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/9486) View the changeset: https://github.com/openssl/openssl/compare/02c163ea8936...faea3bd1339a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565843657?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 31 08:05:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 31 Jul 2019 08:05:48 +0000 Subject: Build completed: openssl master.26404 Message-ID: <20190731080548.1.56CDF87588C4C860@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Wed Jul 31 09:16:51 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 31 Jul 2019 09:16:51 +0000 Subject: [web] master update Message-ID: <1564564611.389244.6277.nullmailer@dev.openssl.org> The branch master has been updated via b9cdda6cdbe4e87b1e2db37b23cddaca5fb7da9a (commit) from e6ce68d75408edac4a22e85dc3af43444bc7fefc (commit) - Log ----------------------------------------------------------------- commit b9cdda6cdbe4e87b1e2db37b23cddaca5fb7da9a Author: Matt Caswell Date: Wed Jul 31 09:38:46 2019 +0100 Correct typo in security advisory Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/135) ----------------------------------------------------------------------- Summary of changes: news/secadv/20190730.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/secadv/20190730.txt b/news/secadv/20190730.txt index 0714a04..cff9b85 100644 --- a/news/secadv/20190730.txt +++ b/news/secadv/20190730.txt @@ -42,7 +42,7 @@ The 1.1.1 and 1.1.0 mitigation set more appropriate defaults for mingw, while the 1.0.2 mitigation documents the issue and provides enhanced examples. -This issue was reported by Rich Mirth. The fix was developed by +This issue was reported by Rich Mirch. The fix was developed by Richard Levitte from the OpenSSL development team. It was reported to OpenSSL on 9th Jun 2019. From pauli at openssl.org Wed Jul 31 09:17:18 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 31 Jul 2019 09:17:18 +0000 Subject: [openssl] master update Message-ID: <1564564638.588192.7094.nullmailer@dev.openssl.org> The branch master has been updated via 8c00f267b8df1a8c70eff8198de40aa561299e48 (commit) from faea3bd1339ac1029ab2bc746dfb7c891366d653 (commit) - Log ----------------------------------------------------------------- commit 8c00f267b8df1a8c70eff8198de40aa561299e48 Author: FdaSilvaYY Date: Wed Jul 31 19:14:12 2019 +1000 CAdES : lowercase name for now internal methods. CAdES : rework CAdES signing API. Make it private, as it is unused outside library bounds. Fix varous doc-nits. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_ess.c | 12 +++++------- crypto/cms/cms_sd.c | 7 +++++-- crypto/err/openssl.txt | 4 ++-- .../providercommon.h => crypto/include/internal/cms_int.h | 7 +++---- crypto/include/internal/ess_int.h | 9 +++++++++ .../man3/cms_add1_signing_cert.pod} | 13 +++++++------ doc/man3/X509_dup.pod | 6 ++++++ doc/man3/d2i_X509.pod | 4 ++++ include/openssl/cms.h | 3 --- include/openssl/ess.h | 7 ------- util/libcrypto.num | 4 ---- util/missingcrypto.txt | 10 ---------- util/missingcrypto111.txt | 10 ---------- 13 files changed, 41 insertions(+), 55 deletions(-) copy providers/common/include/internal/providercommon.h => crypto/include/internal/cms_int.h (64%) rename doc/{man3/CMS_add1_signing_cert.pod => internal/man3/cms_add1_signing_cert.pod} (69%) diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 95e3628d9c..8f80f6ba5d 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -17,6 +17,7 @@ #include #include "cms_lcl.h" #include "internal/ess_int.h" +#include "internal/cms_int.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) @@ -339,12 +340,10 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) } /* - * Add signer certificate's V2 digest to a SignerInfo - * structure + * Add signer certificate's V2 digest |sc| to a SignerInfo structure |si| */ -int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 *sc) +int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp; @@ -373,11 +372,10 @@ int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, } /* - * Add signer certificate's digest to a SignerInfo - * structure + * Add signer certificate's digest |sc| to a SignerInfo structure |si| */ -int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) +int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 40a3356359..4de750bd72 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -14,9 +14,12 @@ #include #include #include +#include #include "cms_lcl.h" #include "internal/asn1_int.h" #include "internal/evp_int.h" +#include "internal/cms_int.h" +#include "internal/ess_int.h" /* CMS SignedData Utilities */ @@ -355,13 +358,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if ((sc = ESS_SIGNING_CERT_new_init(signer, NULL, 1)) == NULL) goto err; - add_sc = CMS_add1_signing_cert(si, sc); + add_sc = cms_add1_signing_cert(si, sc); ESS_SIGNING_CERT_free(sc); } else { if ((sc2 = ESS_SIGNING_CERT_V2_new_init(md, signer, NULL, 1)) == NULL) goto err; - add_sc = CMS_add1_signing_cert_v2(si, sc2); + add_sc = cms_add1_signing_cert_v2(si, sc2); ESS_SIGNING_CERT_V2_free(sc2); } if (!add_sc) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index ede1c57a7b..d172f4c288 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -246,8 +246,8 @@ CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime -CMS_F_CMS_ADD1_SIGNING_CERT:181:CMS_add1_signing_cert -CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:CMS_add1_signing_cert_v2 +CMS_F_CMS_ADD1_SIGNING_CERT:181:cms_add1_signing_cert +CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:cms_add1_signing_cert_v2 CMS_F_CMS_COMPRESS:104:CMS_compress CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio diff --git a/providers/common/include/internal/providercommon.h b/crypto/include/internal/cms_int.h similarity index 64% copy from providers/common/include/internal/providercommon.h copy to crypto/include/internal/cms_int.h index d54fafa971..c630991d68 100644 --- a/providers/common/include/internal/providercommon.h +++ b/crypto/include/internal/cms_int.h @@ -7,8 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include +/* internal CMS-ESS related stuff */ -const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx); - -const char *ossl_prov_util_nid_to_name(int nid); +int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); +int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); diff --git a/crypto/include/internal/ess_int.h b/crypto/include/internal/ess_int.h index 26476ae984..ac6c5c61d7 100644 --- a/crypto/include/internal/ess_int.h +++ b/crypto/include/internal/ess_int.h @@ -12,9 +12,18 @@ ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si); int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed); + ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si); int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, + X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed); + /*- * IssuerSerial ::= SEQUENCE { * issuer GeneralNames, diff --git a/doc/man3/CMS_add1_signing_cert.pod b/doc/internal/man3/cms_add1_signing_cert.pod similarity index 69% rename from doc/man3/CMS_add1_signing_cert.pod rename to doc/internal/man3/cms_add1_signing_cert.pod index 035e679d2c..a825c07190 100644 --- a/doc/man3/CMS_add1_signing_cert.pod +++ b/doc/internal/man3/cms_add1_signing_cert.pod @@ -2,7 +2,7 @@ =head1 NAME -CMS_add1_signing_cert, CMS_add1_signing_cert_v2 +cms_add1_signing_cert, cms_add1_signing_cert_v2 - add ESS signing-certificate signed attribute to a CMS_SignerInfo data structure @@ -10,15 +10,15 @@ CMS_SignerInfo data structure #include - int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); + int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); - int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2); + int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2); =head1 DESCRIPTION -CMS_add1_signing_cert() adds an ESS Signing Certificate B (version 1) signed +cms_add1_signing_cert() adds an ESS Signing Certificate B (version 1) signed attribute to the CMS_SignerInfo B. -CMS_add1_signing_cert_v2() adds an ESS Signing Certificate B (version 2) signed +cms_add1_signing_cert_v2() adds an ESS Signing Certificate B (version 2) signed attribute to the CMS_SignerInfo B. The ESS Signing Certificate attributes version 1 and 2 are defined in RFC 5035 which updates Section 5.4 of RFC 2634. @@ -31,7 +31,8 @@ For a fuller description see L). =head1 RETURN VALUES -CMS_add1_signing_cert() and CMS_add1_signing_cert_v2() return 1 if attribute is added or 0 if an error occurred. +cms_add1_signing_cert() and cms_add1_signing_cert_v2() return 1 if attribute +is added or 0 if an error occurred. =head1 COPYRIGHT diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 19fb7a7a9b..e6ee557e8f 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -52,12 +52,18 @@ EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, +ESS_CERT_ID_V2_dup, +ESS_CERT_ID_V2_free, +ESS_CERT_ID_V2_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, +ESS_SIGNING_CERT_V2_dup, +ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 36a5e8f6db..3075b0d0ef 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -63,8 +63,10 @@ d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, +d2i_ESS_CERT_ID_V2, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, +d2i_ESS_SIGNING_CERT_V2, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, @@ -249,8 +251,10 @@ i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, +i2d_ESS_CERT_ID_V2, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, +i2d_ESS_SIGNING_CERT_V2, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, diff --git a/include/openssl/cms.h b/include/openssl/cms.h index 64002e4d46..608b6d7cac 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -16,7 +16,6 @@ # include # include # include -# include # ifdef __cplusplus extern "C" { # endif @@ -285,8 +284,6 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const void *bytes, int len); void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos, int type); -int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); -int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, diff --git a/include/openssl/ess.h b/include/openssl/ess.h index fb5e45c46d..f13b5395a8 100644 --- a/include/openssl/ess.h +++ b/include/openssl/ess.h @@ -41,9 +41,6 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID) DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT, ESS_SIGNING_CERT) DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) -ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed); DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2) @@ -52,10 +49,6 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT_V2) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT_V2, ESS_SIGNING_CERT_V2) DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, - X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed); # ifdef __cplusplus } diff --git a/util/libcrypto.num b/util/libcrypto.num index a6c5097e1c..63cab3225c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4476,10 +4476,6 @@ ASYNC_WAIT_CTX_get_callback 4581 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_set_callback 4582 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_set_status 4583 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_status 4584 3_0_0 EXIST::FUNCTION: -CMS_add1_signing_cert 4585 3_0_0 EXIST::FUNCTION:CMS -CMS_add1_signing_cert_v2 4586 3_0_0 EXIST::FUNCTION:CMS -ESS_SIGNING_CERT_new_init 4587 3_0_0 EXIST::FUNCTION: -ESS_SIGNING_CERT_V2_new_init 4588 3_0_0 EXIST::FUNCTION: ERR_load_ESS_strings 4589 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_new_id 4590 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_free 4591 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index a227b1082a..05eee92d27 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -474,12 +474,6 @@ ERR_load_X509_strings ERR_load_strings_const ERR_set_error_data ERR_unload_strings -ESS_CERT_ID_V2_dup -ESS_CERT_ID_V2_free -ESS_CERT_ID_V2_new -ESS_SIGNING_CERT_V2_dup -ESS_SIGNING_CERT_V2_free -ESS_SIGNING_CERT_V2_new ESS_SIGNING_CERT_V2_new_init ESS_SIGNING_CERT_new_init EVP_CIPHER_CTX_buf_noconst @@ -1456,8 +1450,6 @@ b2i_PublicKey_bio conf_ssl_get conf_ssl_get_cmd conf_ssl_name_find -d2i_ESS_CERT_ID_V2 -d2i_ESS_SIGNING_CERT_V2 d2i_X509_bio d2i_X509_fp err_free_strings_int @@ -1469,8 +1461,6 @@ i2a_ASN1_STRING i2b_PVK_bio i2b_PrivateKey_bio i2b_PublicKey_bio -i2d_ESS_CERT_ID_V2 -i2d_ESS_SIGNING_CERT_V2 i2d_PrivateKey_bio i2d_PrivateKey_fp i2d_X509_bio diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt index 1fb924bc70..e544c1b3c7 100644 --- a/util/missingcrypto111.txt +++ b/util/missingcrypto111.txt @@ -485,12 +485,6 @@ ERR_load_X509_strings ERR_load_strings_const ERR_set_error_data ERR_unload_strings -ESS_CERT_ID_V2_dup -ESS_CERT_ID_V2_free -ESS_CERT_ID_V2_new -ESS_SIGNING_CERT_V2_dup -ESS_SIGNING_CERT_V2_free -ESS_SIGNING_CERT_V2_new EVP_CIPHER_CTX_buf_noconst EVP_CIPHER_CTX_clear_flags EVP_CIPHER_CTX_copy @@ -1571,8 +1565,6 @@ b2i_PublicKey_bio conf_ssl_get conf_ssl_get_cmd conf_ssl_name_find -d2i_ESS_CERT_ID_V2 -d2i_ESS_SIGNING_CERT_V2 d2i_X509_bio d2i_X509_fp err_free_strings_int @@ -1584,8 +1576,6 @@ i2a_ASN1_STRING i2b_PVK_bio i2b_PrivateKey_bio i2b_PublicKey_bio -i2d_ESS_CERT_ID_V2 -i2d_ESS_SIGNING_CERT_V2 i2d_PrivateKey_bio i2d_PrivateKey_fp i2d_X509_bio From builds at travis-ci.org Wed Jul 31 09:37:50 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 09:37:50 +0000 Subject: Errored: openssl/openssl#26993 (master - 8c00f26) In-Reply-To: Message-ID: <5d41616def90b_43fc4b017b7f415851d@f927ebe1-865a-4553-8501-745190d9997c.mail> Build Update for openssl/openssl ------------------------------------- Build: #26993 Status: Errored Duration: 19 mins and 56 secs Commit: 8c00f26 (master) Author: FdaSilvaYY Message: CAdES : lowercase name for now internal methods. CAdES : rework CAdES signing API. Make it private, as it is unused outside library bounds. Fix varous doc-nits. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre View the changeset: https://github.com/openssl/openssl/compare/faea3bd1339a...8c00f267b8df View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565879700?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Wed Jul 31 10:38:24 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 31 Jul 2019 10:38:24 +0000 Subject: [openssl] master update Message-ID: <1564569504.690171.13599.nullmailer@dev.openssl.org> The branch master has been updated via e870791a4d6aea3a0275396bd01da629cb6f4ac8 (commit) from 8c00f267b8df1a8c70eff8198de40aa561299e48 (commit) - Log ----------------------------------------------------------------- commit e870791a4d6aea3a0275396bd01da629cb6f4ac8 Author: Shane Lontis Date: Wed Jul 31 20:34:26 2019 +1000 Add evp_util macros Also added EVP_CTRL_RET_UNSUPPORTED define (so magic numbers can be removed) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9464) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 2 ++ crypto/evp/evp_enc.c | 8 ++--- crypto/evp/evp_err.c | 4 +++ crypto/evp/evp_lib.c | 10 +++---- crypto/evp/evp_locl.h | 3 ++ crypto/evp/evp_utils.c | 76 +++++++++++++++++++++++++++++++++++------------- include/openssl/evperr.h | 5 ++++ 7 files changed, 78 insertions(+), 30 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d172f4c288..6b52193895 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2421,6 +2421,8 @@ EVP_R_BAD_DECRYPT:100:bad decrypt EVP_R_BAD_KEY_LENGTH:195:bad key length EVP_R_BUFFER_TOO_SMALL:155:buffer too small EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed +EVP_R_CANNOT_GET_PARAMETERS:197:cannot get parameters +EVP_R_CANNOT_SET_PARAMETERS:198:cannot set parameters EVP_R_CIPHER_NOT_GCM_MODE:184:cipher not gcm mode EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b2c0a260e6..8f5175b525 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -926,7 +926,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen); ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params); - if (ok != -2) + if (ok != EVP_CTRL_RET_UNSUPPORTED) return ok; /* TODO(3.0) legacy code follows */ @@ -960,7 +960,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { - int ret = -2; /* Unsupported */ + int ret = EVP_CTRL_RET_UNSUPPORTED; int set_params = 1; size_t sz; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; @@ -981,7 +981,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */ default: - return -2; /* Unsupported */ + return EVP_CTRL_RET_UNSUPPORTED; case EVP_CTRL_GET_IV: set_params = 0; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, @@ -1039,7 +1039,7 @@ legacy: } ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if (ret == -1) { + if (ret == EVP_CTRL_RET_UNSUPPORTED) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); return 0; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 92df593821..749f189be3 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -23,6 +23,10 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_GET_PARAMETERS), + "cannot get parameters"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_SET_PARAMETERS), + "cannot set parameters"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_NOT_GCM_MODE), "cipher not gcm mode"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR), diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 9091f8b475..e6daf684be 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -224,7 +224,7 @@ int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) @@ -310,7 +310,7 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) @@ -367,7 +367,7 @@ int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &v); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) @@ -391,7 +391,7 @@ int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) @@ -402,7 +402,7 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_nid(const EVP_CIPHER *cipher) diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 848ef299ca..17ab24c07a 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -11,6 +11,9 @@ #include +#define EVP_CTRL_RET_UNSUPPORTED -1 + + struct evp_md_ctx_st { const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c index c3b5520593..e24bee1c0c 100644 --- a/crypto/evp/evp_utils.c +++ b/crypto/evp/evp_utils.c @@ -17,31 +17,65 @@ #include "internal/evp_int.h" /* evp_locl.h needs it */ #include "evp_locl.h" -int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[]) -{ - if (ciph->prov == NULL) - return -2; - if (ciph->get_params == NULL) - return -1; - return ciph->get_params(params); +/* + * EVP_CTRL_RET_UNSUPPORTED = -1 is the returned value from any ctrl function + * where the control command isn't supported, and an alternative code path + * may be chosen. + * Since these functions are used to implement ctrl functionality, we + * use the same value, and other callers will have to compensate. + */ +#define PARAM_CHECK(obj, func, errfunc) \ + if (obj->prov == NULL) \ + return EVP_CTRL_RET_UNSUPPORTED; \ + if (obj->func == NULL) { \ + errfunc(); \ + return 0; \ + } + +#define PARAM_FUNC(name, func, type, err) \ +int name (const type *obj, OSSL_PARAM params[]) \ +{ \ + PARAM_CHECK(obj, func, err) \ + return obj->func(params); \ +} + +#define PARAM_CTX_FUNC(name, func, type, err) \ +int name (const type *obj, void *provctx, OSSL_PARAM params[]) \ +{ \ + PARAM_CHECK(obj, func, err) \ + return obj->func(provctx, params); \ } -int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]) +#define PARAM_FUNCTIONS(type, \ + getname, getfunc, \ + getctxname, getctxfunc, \ + setctxname, setctxfunc) \ + PARAM_FUNC(getname, getfunc, type, geterr) \ + PARAM_CTX_FUNC(getctxname, getctxfunc, type, geterr) \ + PARAM_CTX_FUNC(setctxname, setctxfunc, type, seterr) + +/* + * These error functions are a workaround for the error scripts, which + * currently require that XXXerr method appears inside a function (not a macro). + */ +static void geterr(void) { - if (ciph->prov == NULL) - return -2; - if (ciph->ctx_get_params == NULL) - return -1; - return ciph->ctx_get_params(provctx, params); + EVPerr(0, EVP_R_CANNOT_GET_PARAMETERS); } -int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]) +static void seterr(void) { - if (ciph->prov == NULL) - return -2; - if (ciph->ctx_set_params == NULL) - return -1; - return ciph->ctx_set_params(provctx, params); + EVPerr(0, EVP_R_CANNOT_SET_PARAMETERS); } + +PARAM_FUNCTIONS(EVP_CIPHER, + evp_do_ciph_getparams, get_params, + evp_do_ciph_ctx_getparams, ctx_get_params, + evp_do_ciph_ctx_setparams, ctx_set_params) + +#if 0 +PARAM_FUNCTIONS(EVP_MD, + evp_do_md_getparams, get_params, + evp_do_md_ctx_getparams, ctx_get_params, + evp_do_md_ctx_setparams, ctx_set_params) +#endif diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 8b46d76ec1..34966f84cd 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -73,6 +73,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_KDF_CTRL_STR 0 # define EVP_F_EVP_KDF_CTX_NEW 0 # define EVP_F_EVP_KDF_CTX_NEW_ID 0 +# define EVP_F_EVP_KEYEXCH_FETCH 0 +# define EVP_F_EVP_KEYEXCH_FROM_DISPATCH 0 # define EVP_F_EVP_MAC_CTRL 0 # define EVP_F_EVP_MAC_CTRL_STR 0 # define EVP_F_EVP_MAC_CTX_DUP 0 @@ -100,6 +102,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_DECRYPT_OLD 0 # define EVP_F_EVP_PKEY_DERIVE 0 # define EVP_F_EVP_PKEY_DERIVE_INIT 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT_EX 0 # define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 # define EVP_F_EVP_PKEY_ENCRYPT 0 # define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 @@ -168,6 +171,8 @@ int ERR_load_EVP_strings(void); # define EVP_R_BAD_KEY_LENGTH 195 # define EVP_R_BUFFER_TOO_SMALL 155 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CANNOT_GET_PARAMETERS 197 +# define EVP_R_CANNOT_SET_PARAMETERS 198 # define EVP_R_CIPHER_NOT_GCM_MODE 184 # define EVP_R_CIPHER_PARAMETER_ERROR 122 # define EVP_R_COMMAND_NOT_SUPPORTED 147 From shane.lontis at oracle.com Wed Jul 31 10:58:57 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 31 Jul 2019 10:58:57 +0000 Subject: [openssl] master update Message-ID: <1564570737.696304.19307.nullmailer@dev.openssl.org> The branch master has been updated via faa9dcd4d468441422254ab2d887bb267e0245b6 (commit) from e870791a4d6aea3a0275396bd01da629cb6f4ac8 (commit) - Log ----------------------------------------------------------------- commit faa9dcd4d468441422254ab2d887bb267e0245b6 Author: Shane Lontis Date: Wed Jul 31 20:56:34 2019 +1000 Rename X509_STORE ptr stored in opaque struct X509_STORE_CTX Change name from 'ctx' to 'store' to remove ctx->ctx from code. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9405) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/x509_int.h | 2 +- crypto/x509/x509_lu.c | 10 +++++----- crypto/x509/x509_vfy.c | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index f6897e1421..11a776953b 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -197,7 +197,7 @@ struct x509_st { * kept and passed around. */ struct x509_store_ctx_st { /* X509_STORE_CTX */ - X509_STORE *ctx; + X509_STORE *store; /* The following are set by the caller */ /* The cert to check */ X509 *cert; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index d3c1fef22c..3a90ce288e 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -289,7 +289,7 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { - X509_STORE *store = vs->ctx; + X509_STORE *store = vs->store; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; int i, j; @@ -533,7 +533,7 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509) *sk = NULL; X509 *x; X509_OBJECT *obj; - X509_STORE *store = ctx->ctx; + X509_STORE *store = ctx->store; if (store == NULL) return NULL; @@ -586,7 +586,7 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); X509_CRL *x; X509_OBJECT *obj, *xobj = X509_OBJECT_new(); - X509_STORE *store = ctx->ctx; + X509_STORE *store = ctx->store; /* Always do lookup to possibly add new CRLs to cache */ if (sk == NULL @@ -665,7 +665,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; - X509_STORE *store = ctx->ctx; + X509_STORE *store = ctx->store; int i, ok, idx, ret; if (obj == NULL) @@ -900,5 +900,5 @@ void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx) X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) { - return ctx->ctx; + return ctx->store; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index bbf61d44b2..0282c7aa9e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1276,7 +1276,7 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) /* Don't allow recursive CRL path validation */ if (ctx->parent) return 0; - if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) + if (!X509_STORE_CTX_init(&crl_ctx, ctx->store, x, ctx->untrusted)) return -1; crl_ctx.crls = ctx->crls; @@ -2201,7 +2201,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, { int ret = 1; - ctx->ctx = store; + ctx->store = store; ctx->cert = x509; ctx->untrusted = chain; ctx->crls = NULL; From builds at travis-ci.org Wed Jul 31 11:00:19 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 11:00:19 +0000 Subject: Errored: openssl/openssl#26997 (master - e870791) In-Reply-To: Message-ID: <5d4174c33230c_43fa602b7af38168536@dd62e73d-787e-4da5-9a83-afbec8be6045.mail> Build Update for openssl/openssl ------------------------------------- Build: #26997 Status: Errored Duration: 21 mins and 11 secs Commit: e870791 (master) Author: Shane Lontis Message: Add evp_util macros Also added EVP_CTRL_RET_UNSUPPORTED define (so magic numbers can be removed) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9464) View the changeset: https://github.com/openssl/openssl/compare/8c00f267b8df...e870791a4d6a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565910234?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 31 11:22:12 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 11:22:12 +0000 Subject: Errored: openssl/openssl#26999 (master - faa9dcd) In-Reply-To: Message-ID: <5d4179e48382_43fd2a96d6f1c1880b8@750a9f16-7838-4e6f-8b90-fc4cebf40ab9.mail> Build Update for openssl/openssl ------------------------------------- Build: #26999 Status: Errored Duration: 22 mins and 37 secs Commit: faa9dcd (master) Author: Shane Lontis Message: Rename X509_STORE ptr stored in opaque struct X509_STORE_CTX Change name from 'ctx' to 'store' to remove ctx->ctx from code. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9405) View the changeset: https://github.com/openssl/openssl/compare/e870791a4d6a...faa9dcd4d468 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565916995?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Jul 31 11:22:17 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 31 Jul 2019 11:22:17 +0000 Subject: [openssl] master update Message-ID: <1564572137.444936.26866.nullmailer@dev.openssl.org> The branch master has been updated via 189dbdd99416a481d49a43bd7f4a8ab90bef1e85 (commit) from faa9dcd4d468441422254ab2d887bb267e0245b6 (commit) - Log ----------------------------------------------------------------- commit 189dbdd99416a481d49a43bd7f4a8ab90bef1e85 Author: Richard Levitte Date: Wed Jul 31 09:27:05 2019 +0200 ERR: fix err_data_size inconsistencies In ERR_add_error_vdata(), the size of err_data had 1 added to it in some spots, which could lead to buffer overflow. In ERR_vset_error(), ERR_MAX_DATA_SIZE was used instead of buf_size in the BIO_vsnprintf() call, which would lead to a buffer overflow if such a large buffer couldn't be allocated. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9491) ----------------------------------------------------------------------- Summary of changes: crypto/err/err.c | 6 +++--- crypto/err/err_blocks.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index f129c1c7d6..24549e3a49 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -795,18 +795,18 @@ void ERR_add_error_vdata(int num, va_list args) if (arg == NULL) arg = ""; len += strlen(arg); - if (len > size) { + if (len >= size) { char *p; size = len + 20; - p = OPENSSL_realloc(str, size + 1); + p = OPENSSL_realloc(str, size); if (p == NULL) { OPENSSL_free(str); return; } str = p; } - OPENSSL_strlcat(str, arg, (size_t)size + 1); + OPENSSL_strlcat(str, arg, (size_t)size); } if (!err_set_error_data_int(str, size, flags, 0)) OPENSSL_free(str); diff --git a/crypto/err/err_blocks.c b/crypto/err/err_blocks.c index 49086bd0c2..cf1bb9708a 100644 --- a/crypto/err/err_blocks.c +++ b/crypto/err/err_blocks.c @@ -85,7 +85,7 @@ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) } if (buf != NULL) { - printed_len = BIO_vsnprintf(buf, ERR_MAX_DATA_SIZE, fmt, args); + printed_len = BIO_vsnprintf(buf, buf_size, fmt, args); } if (printed_len < 0) printed_len = 0; From nic.tuv at gmail.com Wed Jul 31 11:43:52 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Wed, 31 Jul 2019 11:43:52 +0000 Subject: [openssl] master update Message-ID: <1564573432.342994.32604.nullmailer@dev.openssl.org> The branch master has been updated via f5b7f99e690b1875e6d047acc435f0029642bfeb (commit) from 189dbdd99416a481d49a43bd7f4a8ab90bef1e85 (commit) - Log ----------------------------------------------------------------- commit f5b7f99e690b1875e6d047acc435f0029642bfeb Author: Nicola Tuveri Date: Sun Jul 28 16:13:30 2019 +0300 Temporary workaround for ectest.c for [extended tests] [extended tests] This is a temporary workaround for issue #9251, which contains a full discussion of the real problem. As a temporary workaround, we test `EC_GROUP_new_from_ecparameters()` against a curve that does not currently have alternative implementations. The proper fix is dependant on resolution of issue #8615 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9474) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ectest.c b/test/ectest.c index 50f8c63f0a..43ac905a64 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1820,7 +1820,7 @@ static int parameter_test(void) unsigned char *buf = NULL; int r = 0, len; - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp224r1)) + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1)) || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) From no-reply at appveyor.com Wed Jul 31 11:49:53 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 31 Jul 2019 11:49:53 +0000 Subject: Build failed: openssl master.26427 Message-ID: <20190731114953.1.863904B03A5D4036@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 31 11:53:46 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 11:53:46 +0000 Subject: Errored: openssl/openssl#27002 (master - 189dbdd) In-Reply-To: Message-ID: <5d418149ed4f0_43f82922a9a3c27593a@75320245-41bf-43d3-9b17-331a4f738c34.mail> Build Update for openssl/openssl ------------------------------------- Build: #27002 Status: Errored Duration: 24 mins and 49 secs Commit: 189dbdd (master) Author: Richard Levitte Message: ERR: fix err_data_size inconsistencies In ERR_add_error_vdata(), the size of err_data had 1 added to it in some spots, which could lead to buffer overflow. In ERR_vset_error(), ERR_MAX_DATA_SIZE was used instead of buf_size in the BIO_vsnprintf() call, which would lead to a buffer overflow if such a large buffer couldn't be allocated. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9491) View the changeset: https://github.com/openssl/openssl/compare/faa9dcd4d468...189dbdd99416 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565925455?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Wed Jul 31 11:58:06 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 31 Jul 2019 11:58:06 +0000 Subject: [openssl] master update Message-ID: <1564574286.570580.4590.nullmailer@dev.openssl.org> The branch master has been updated via a672a02a6443a29aa368c0d8abeebc809c1a9f28 (commit) from f5b7f99e690b1875e6d047acc435f0029642bfeb (commit) - Log ----------------------------------------------------------------- commit a672a02a6443a29aa368c0d8abeebc809c1a9f28 Author: Shane Lontis Date: Wed Jul 31 21:55:16 2019 +1000 Add gcm ciphers (aes and aria) to providers. The code has been modularized so that it can be shared by algorithms. A fixed size IV is now used instead of being allocated. The IV is not set into the low level struct now until the update (it uses an iv_state for this purpose). Hardware specific methods have been added to a PROV_GCM_HW object. The S390 code has been changed to just contain methods that can be accessed in a modular way. There are equivalent generic methods also for the other platforms. Reviewed-by: Matt Caswell Reviewed-by: Patrick Steuer (Merged from https://github.com/openssl/openssl/pull/9231) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 3 + crypto/evp/evp_enc.c | 8 +- crypto/evp/evp_lib.c | 8 +- crypto/modes/build.info | 4 +- doc/man3/EVP_EncryptInit.pod | 2 + providers/common/ciphers/aes.c | 107 ++-- providers/common/ciphers/aes_basic.c | 8 +- providers/common/ciphers/build.info | 8 +- providers/common/ciphers/ciphers_gcm.h | 120 +++++ providers/common/ciphers/ciphers_locl.h | 43 +- providers/common/ciphers/gcm.c | 580 +++++++++++++++++++++ providers/common/ciphers/gcm_hw.c | 307 +++++++++++ providers/common/ciphers/gcm_s390x.c | 303 +++++++++++ providers/common/include/internal/provider_algs.h | 8 + .../common/include/internal/providercommonerr.h | 3 + providers/common/provider_err.c | 3 + providers/default/defltprov.c | 8 + providers/fips/fipsprov.c | 3 + 18 files changed, 1467 insertions(+), 59 deletions(-) create mode 100644 providers/common/ciphers/ciphers_gcm.h create mode 100644 providers/common/ciphers/gcm.c create mode 100644 providers/common/ciphers/gcm_hw.c create mode 100644 providers/common/ciphers/gcm_s390x.c diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 6b52193895..caa47324bf 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2694,7 +2694,10 @@ PROV_R_BAD_DECRYPT:100:bad decrypt PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter +PROV_R_INVALID_AAD:108:invalid aad +PROV_R_INVALID_IVLEN:109:invalid ivlen PROV_R_INVALID_KEYLEN:105:invalid keylen +PROV_R_INVALID_TAG:110:invalid tag PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 8f5175b525..87c7bb0995 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -163,6 +163,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_aes_256_ctr: case NID_aes_192_ctr: case NID_aes_128_ctr: + case NID_aes_256_gcm: + case NID_aes_192_gcm: + case NID_aes_128_gcm: + case NID_aria_256_gcm: + case NID_aria_192_gcm: + case NID_aria_128_gcm: break; default: goto legacy; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index e6daf684be..d112eaf65a 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -315,7 +315,13 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { - return EVP_CIPHER_iv_length(ctx->cipher); + int ok, v = EVP_CIPHER_iv_length(ctx->cipher); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v); + ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + + return ok != 0 ? v : -1; } const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) diff --git a/crypto/modes/build.info b/crypto/modes/build.info index 81525a9916..a93586690c 100644 --- a/crypto/modes/build.info +++ b/crypto/modes/build.info @@ -48,9 +48,9 @@ IF[{- !$disabled{asm} -}] ENDIF ENDIF -$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c $MODESASM +$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c $MODESASM SOURCE[../../libcrypto]=$COMMON \ - cts128.c gcm128.c ccm128.c xts128.c wrap128.c ocb128.c siv128.c + cts128.c ccm128.c xts128.c wrap128.c ocb128.c siv128.c DEFINE[../../libcrypto]=$MODESDEF SOURCE[../../providers/fips]=$COMMON DEFINE[../../providers/fips]=$MODESDEF diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 083bba7996..e46d401746 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -165,6 +165,8 @@ all parameters to NULL except B in an initial call and supply the remaining parameters in subsequent calls, all of which have B set to NULL. This is done when the default cipher parameters are not appropriate. +For EVP_CIPH_GCM_MODE the IV will be generated internally if it is not +specified. EVP_EncryptUpdate() encrypts B bytes from the buffer B and writes the encrypted version to B. This function can be called diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index a151a8b393..a211694a88 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -13,6 +13,7 @@ #include #include #include +#include #include "internal/cryptlib.h" #include "internal/provider_algs.h" #include "ciphers_locl.h" @@ -248,50 +249,63 @@ static int aes_cipher(void *vctx, return 1; } -#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \ - static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ - static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ - { \ - OSSL_PARAM *p; \ - \ - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); \ - if (p != NULL) { \ - if (!OSSL_PARAM_set_int(p, EVP_CIPH_##UCMODE##_MODE)) \ - return 0; \ - } \ - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); \ - if (p != NULL) { \ - if (!OSSL_PARAM_set_ulong(p, (flags))) \ - return 0; \ - } \ - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); \ - if (p != NULL) { \ - if (!OSSL_PARAM_set_int(p, (kbits) / 8)) \ - return 0; \ - } \ - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); \ - if (p != NULL) { \ - if (!OSSL_PARAM_set_int(p, (blkbits) / 8)) \ - return 0; \ - } \ - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); \ - if (p != NULL) { \ - if (!OSSL_PARAM_set_int(p, (ivbits) / 8)) \ - return 0; \ - } \ - \ - return 1; \ - } \ - static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \ - static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \ - { \ - PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ - \ - ctx->pad = 1; \ - ctx->keylen = ((kbits) / 8); \ - ctx->ciph = PROV_AES_CIPHER_##lcmode(ctx->keylen); \ - ctx->mode = EVP_CIPH_##UCMODE##_MODE; \ - return ctx; \ +static void *aes_new_ctx(void *provctx, size_t mode, size_t kbits, + const PROV_AES_CIPHER *ciph) +{ + PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + ctx->pad = 1; + ctx->keylen = kbits / 8; + ctx->ciph = ciph; + ctx->mode = mode; + return ctx; +} + +int aes_get_params(OSSL_PARAM params[], int md, unsigned long flags, + int kbits, int blkbits, int ivbits) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, md)) + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); + if (p != NULL) { + if (!OSSL_PARAM_set_ulong(p, flags)) + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, kbits / 8)) + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, blkbits / 8)) + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, ivbits / 8)) + return 0; + } + return 1; +} + +#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \ + static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ + static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return aes_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, kbits, \ + blkbits, ivbits); \ + } \ + static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \ + static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \ + { \ + return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, \ + PROV_AES_CIPHER_##lcmode(kbits / 8)); \ } /* ECB */ @@ -351,6 +365,11 @@ static int aes_ctx_get_params(void *vctx, OSSL_PARAM params[]) PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; OSSL_PARAM *p; + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, AES_BLOCK_SIZE)) + return 0; + } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) { PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER); diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c index a1ca5a9be2..f2ba2f3c24 100644 --- a/providers/common/ciphers/aes_basic.c +++ b/providers/common/ciphers/aes_basic.c @@ -6,18 +6,16 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ - +#include +#include #include #include #include -#include -#include #include -#include "internal/modes_int.h" -#include "internal/evp_int.h" #include #include #include "ciphers_locl.h" +#include "internal/evp_int.h" #include "internal/providercommonerr.h" #include "internal/aes_platform.h" diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info index fd49ccb994..8916a22469 100644 --- a/providers/common/ciphers/build.info +++ b/providers/common/ciphers/build.info @@ -1,8 +1,8 @@ LIBS=../../../libcrypto -SOURCE[../../../libcrypto]=\ - block.c aes.c aes_basic.c +$COMMON=block.c aes.c aes_basic.c gcm.c gcm_hw.c + +SOURCE[../../../libcrypto]=$COMMON INCLUDE[../../../libcrypto]=. ../../../crypto -SOURCE[../../fips]=\ - block.c aes.c aes_basic.c +SOURCE[../../fips]=$COMMON INCLUDE[../../fips]=. ../../../crypto diff --git a/providers/common/ciphers/ciphers_gcm.h b/providers/common/ciphers/ciphers_gcm.h new file mode 100644 index 0000000000..badab28aea --- /dev/null +++ b/providers/common/ciphers/ciphers_gcm.h @@ -0,0 +1,120 @@ + +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +typedef struct prov_gcm_hw_st PROV_GCM_HW; + +#define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */ +#define GCM_IV_MAX_SIZE 64 +#define GCM_TAG_MAX_SIZE 16 + +typedef struct prov_gcm_ctx_st { + int enc; /* Set to 1 if we are encrypting or 0 otherwise */ + int mode; /* The mode that we are using */ + size_t keylen; + int ivlen; + size_t ivlen_min; + int taglen; + int key_set; /* Set if key initialised */ + int iv_state; /* set to one of IV_STATE_XXX */ + int iv_gen_rand; /* No IV was specified, so generate a rand IV */ + int iv_gen; /* It is OK to generate IVs */ + int tls_aad_pad_sz; + int tls_aad_len; /* TLS AAD length */ + uint64_t tls_enc_records; /* Number of TLS records encrypted */ + + /* + * num contains the number of bytes of |iv| which are valid for modes that + * manage partial blocks themselves. + */ + size_t num; + size_t bufsz; /* Number of bytes in buf */ + uint64_t flags; + + unsigned int pad : 1; /* Whether padding should be used or not */ + + unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */ + unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */ + + OPENSSL_CTX *libctx; /* needed for rand calls */ + const PROV_GCM_HW *hw; /* hardware specific methods */ + GCM128_CONTEXT gcm; + ctr128_f ctr; + const void *ks; +} PROV_GCM_CTX; + +typedef struct prov_aes_gcm_ctx_st { + PROV_GCM_CTX base; /* must be first entry in struct */ + union { + OSSL_UNION_ALIGN; + AES_KEY ks; + } ks; /* AES key schedule to use */ + + /* Platform specific data */ + union { + int dummy; +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) + struct { + union { + OSSL_UNION_ALIGN; + S390X_KMA_PARAMS kma; + } param; + unsigned int fc; + unsigned char ares[16]; + unsigned char mres[16]; + unsigned char kres[16]; + int areslen; + int mreslen; + int kreslen; + int res; + } s390x; +#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ + } plat; +} PROV_AES_GCM_CTX; + +OSSL_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen)); +OSSL_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv, + size_t ivlen)); +OSSL_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx, + const unsigned char *aad, size_t aadlen)); +OSSL_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx, + const unsigned char *in, size_t len, + unsigned char *out)); +OSSL_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag)); +OSSL_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad, + size_t aad_len, const unsigned char *in, + size_t in_len, unsigned char *out, + unsigned char *tag, size_t taglen)); +struct prov_gcm_hw_st { + OSSL_GCM_setkey_fn setkey; + OSSL_GCM_setiv_fn setiv; + OSSL_GCM_aadupdate_fn aadupdate; + OSSL_GCM_cipherupdate_fn cipherupdate; + OSSL_GCM_cipherfinal_fn cipherfinal; + OSSL_GCM_oneshot_fn oneshot; +}; +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits); + +#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) + +#include "internal/aria.h" + +typedef struct prov_aria_gcm_ctx_st { + PROV_GCM_CTX base; /* must be first entry in struct */ + union { + OSSL_UNION_ALIGN; + ARIA_KEY ks; + } ks; +} PROV_ARIA_GCM_CTX; +const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits); + +#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ diff --git a/providers/common/ciphers/ciphers_locl.h b/providers/common/ciphers/ciphers_locl.h index 49248f099c..91033eb262 100644 --- a/providers/common/ciphers/ciphers_locl.h +++ b/providers/common/ciphers/ciphers_locl.h @@ -1,4 +1,3 @@ - /* * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * @@ -8,12 +7,46 @@ * https://www.openssl.org/source/license.html */ +#include #include -#include +#include #include "internal/cryptlib.h" +#include "internal/modes_int.h" + +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +/*- + * KMA-GCM-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-11) + */ +typedef struct S390X_kma_params_st { + unsigned char reserved[12]; + union { + unsigned int w; + unsigned char b[4]; + } cv; /* 32 bit counter value */ + union { + unsigned long long g[2]; + unsigned char b[16]; + } t; /* tag */ + unsigned char h[16]; /* hash subkey */ + unsigned long long taadl; /* total AAD length */ + unsigned long long tpcl; /* total plaintxt/ciphertxt len */ + union { + unsigned long long g[2]; + unsigned int w[4]; + } j0; /* initial counter value */ + unsigned char k[32]; /* key */ +} S390X_KMA_PARAMS; + +#endif typedef struct prov_aes_cipher_st PROV_AES_CIPHER; +#define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ +#define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */ +#define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */ +#define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */ + typedef struct prov_aes_key_st { union { OSSL_UNION_ALIGN; @@ -93,6 +126,10 @@ struct prov_aes_cipher_st { size_t inl); }; +#define OSSL_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args + +#include "ciphers_gcm.h" + const PROV_AES_CIPHER *PROV_AES_CIPHER_ecb(size_t keylen); const PROV_AES_CIPHER *PROV_AES_CIPHER_cbc(size_t keylen); const PROV_AES_CIPHER *PROV_AES_CIPHER_ofb(size_t keylen); @@ -107,3 +144,5 @@ int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, const unsigned char **in, size_t *inlen); void padblock(unsigned char *buf, size_t *buflen, size_t blocksize); int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize); +int aes_get_params(OSSL_PARAM params[], int md, unsigned long flags, + int kbits, int blkbits, int ivbits); diff --git a/providers/common/ciphers/gcm.c b/providers/common/ciphers/gcm.c new file mode 100644 index 0000000000..235d81a932 --- /dev/null +++ b/providers/common/ciphers/gcm.c @@ -0,0 +1,580 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/rand_int.h" +#include "internal/provider_algs.h" +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" +#include "ciphers_locl.h" + +/* TODO(3.0) Figure out what flags are really needed */ +#define AEAD_GCM_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) + +static OSSL_OP_cipher_encrypt_init_fn gcm_einit; +static OSSL_OP_cipher_decrypt_init_fn gcm_dinit; +static OSSL_OP_cipher_ctx_get_params_fn gcm_ctx_get_params; +static OSSL_OP_cipher_ctx_set_params_fn gcm_ctx_set_params; +static OSSL_OP_cipher_cipher_fn gcm_cipher; +static OSSL_OP_cipher_update_fn gcm_stream_update; +static OSSL_OP_cipher_final_fn gcm_stream_final; + +static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len); +static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv, + size_t len); +static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, + const unsigned char *in, size_t len); +static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out, + size_t *padlen, const unsigned char *in, + size_t len); + +static void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, + const PROV_GCM_HW *hw, size_t ivlen_min) +{ + ctx->pad = 1; + ctx->mode = EVP_CIPH_GCM_MODE; + ctx->taglen = -1; + ctx->tls_aad_len = -1; + ctx->ivlen_min = ivlen_min; + ctx->ivlen = (EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN); + ctx->keylen = keybits / 8; + ctx->hw = hw; + ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); +} + +static void gcm_deinitctx(PROV_GCM_CTX *ctx) +{ + OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv)); +} + +static int gcm_init(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen, int enc) +{ + PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + + ctx->enc = enc; + + if (iv != NULL) { + if (ivlen < ctx->ivlen_min || ivlen > sizeof(ctx->iv)) { + PROVerr(0, PROV_R_INVALID_IVLEN); + return 0; + } + ctx->ivlen = ivlen; + memcpy(ctx->iv, iv, ctx->ivlen); + ctx->iv_state = IV_STATE_BUFFERED; + } + + if (key != NULL) { + if (keylen != ctx->keylen) { + PROVerr(0, PROV_R_INVALID_KEYLEN); + return 0; + } + return ctx->hw->setkey(ctx, key, ctx->keylen); + } + return 1; +} + +static int gcm_einit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + return gcm_init(vctx, key, keylen, iv, ivlen, 1); +} + +static int gcm_dinit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + return gcm_init(vctx, key, keylen, iv, ivlen, 0); +} + +static int gcm_ctx_get_params(void *vctx, OSSL_PARAM params[]) +{ + PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + OSSL_PARAM *p; + size_t sz; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, ctx->ivlen)) + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { + PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); + if (p != NULL) { + if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1) + return 0; + if (ctx->ivlen != (int)p->data_size) { + PROVerr(0, PROV_R_INVALID_IVLEN); + return 0; + } + if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)) { + PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) { + PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); + if (p != NULL) { + sz = p->data_size; + if (sz == 0 || sz > EVP_GCM_TLS_TAG_LEN || !ctx->enc || ctx->taglen < 0) { + PROVerr(0, PROV_R_INVALID_TAG); + return 0; + } + if (!OSSL_PARAM_set_octet_string(p, ctx->buf, sz)) { + PROVerr(0, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } + return 1; +} + +static int gcm_ctx_set_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + const OSSL_PARAM *p; + size_t sz; + void *vp; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); + if (p != NULL) { + vp = ctx->buf; + if (!OSSL_PARAM_get_octet_string(p, &vp, EVP_GCM_TLS_TAG_LEN, &sz)) { + PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + if (sz == 0 || ctx->enc) { + PROVerr(0, PROV_R_INVALID_TAG); + return 0; + } + ctx->taglen = sz; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); + if (p != NULL) { + if (!OSSL_PARAM_get_size_t(p, &sz)) { + PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + if (sz == 0 || sz > sizeof(ctx->iv)) { + PROVerr(0, PROV_R_INVALID_IVLEN); + return 0; + } + ctx->ivlen = sz; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) { + PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + sz = gcm_tls_init(ctx, p->data, p->data_size); + if (sz == 0) { + PROVerr(0, PROV_R_INVALID_AAD); + return 0; + } + ctx->tls_aad_pad_sz = sz; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) { + PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + if (gcm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) { + PROVerr(0, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + } + + return 1; +} + +static int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, + size_t inl) +{ + PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + + if (outsize < inl) { + PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return -1; + } + + if (gcm_cipher_internal(ctx, out, outl, in, inl) <= 0) { + PROVerr(0, PROV_R_CIPHER_OPERATION_FAILED); + return -1; + } + return 1; +} + +static int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) +{ + PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + int i; + + i = gcm_cipher_internal(ctx, out, outl, NULL, 0); + if (i <= 0) + return 0; + + *outl = 0; + return 1; +} + +static int gcm_cipher(void *vctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) +{ + PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + + if (outsize < inl) { + PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return -1; + } + + if (gcm_cipher_internal(ctx, out, outl, in, inl) <= 0) + return -1; + + *outl = inl; + return 1; +} + +/* + * See SP800-38D (GCM) Section 8 "Uniqueness requirement on IVS and keys" + * + * See also 8.2.2 RBG-based construction. + * Random construction consists of a free field (which can be NULL) and a + * random field which will use a DRBG that can return at least 96 bits of + * entropy strength. (The DRBG must be seeded by the FIPS module). + */ +static int gcm_iv_generate(PROV_GCM_CTX *ctx, int offset) +{ + int sz = ctx->ivlen - offset; + + /* Must be at least 96 bits */ + if (sz <= 0 || ctx->ivlen < GCM_IV_DEFAULT_SIZE) + return 0; + + /* Use DRBG to generate random iv */ + if (rand_bytes_ex(ctx->libctx, ctx->iv + offset, sz) <= 0) + return 0; + ctx->iv_state = IV_STATE_BUFFERED; + ctx->iv_gen_rand = 1; + return 1; +} + +static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out, + size_t *padlen, const unsigned char *in, + size_t len) +{ + size_t olen = 0; + int rv = 0; + const PROV_GCM_HW *hw = ctx->hw; + + if (ctx->tls_aad_len >= 0) + return gcm_tls_cipher(ctx, out, padlen, in, len); + + if (!ctx->key_set || ctx->iv_state == IV_STATE_FINISHED) + goto err; + + /* + * FIPS requires generation of AES-GCM IV's inside the FIPS module. + * The IV can still be set externally (the security policy will state that + * this is not FIPS compliant). There are some applications + * where setting the IV externally is the only option available. + */ + if (ctx->iv_state == IV_STATE_UNINITIALISED) { + if (!ctx->enc || !gcm_iv_generate(ctx, 0)) + goto err; + } + + if (ctx->iv_state == IV_STATE_BUFFERED) { + if (!hw->setiv(ctx, ctx->iv, ctx->ivlen)) + goto err; + ctx->iv_state = IV_STATE_COPIED; + } + + if (in != NULL) { + /* The input is AAD if out is NULL */ + if (out == NULL) { + if (!hw->aadupdate(ctx, in, len)) + goto err; + } else { + /* The input is ciphertext OR plaintext */ + if (!hw->cipherupdate(ctx, in, len, out)) + goto err; + } + } else { + /* Finished when in == NULL */ + if (!hw->cipherfinal(ctx, ctx->buf)) + goto err; + ctx->iv_state = IV_STATE_FINISHED; /* Don't reuse the IV */ + goto finish; + } + olen = len; +finish: + rv = 1; +err: + *padlen = olen; + return rv; +} + +static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len) +{ + unsigned char *buf; + size_t len; + + if (aad_len != EVP_AEAD_TLS1_AAD_LEN) + return 0; + + /* Save the aad for later use. */ + buf = dat->buf; + memcpy(buf, aad, aad_len); + dat->tls_aad_len = aad_len; + dat->tls_enc_records = 0; + + len = buf[aad_len - 2] << 8 | buf[aad_len - 1]; + /* Correct length for explicit iv. */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; + + /* If decrypting correct for tag too. */ + if (!dat->enc) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; + len -= EVP_GCM_TLS_TAG_LEN; + } + buf[aad_len - 2] = (unsigned char)(len >> 8); + buf[aad_len - 1] = (unsigned char)(len & 0xff); + /* Extra padding: tag appended to record. */ + return EVP_GCM_TLS_TAG_LEN; +} + +static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv, + size_t len) +{ + /* Special case: -1 length restores whole IV */ + if (len == (size_t)-1) { + memcpy(ctx->iv, iv, ctx->ivlen); + ctx->iv_gen = 1; + ctx->iv_state = IV_STATE_BUFFERED; + return 1; + } + /* Fixed field must be at least 4 bytes and invocation field at least 8 */ + if ((len < EVP_GCM_TLS_FIXED_IV_LEN) + || (ctx->ivlen - (int)len) < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; + if (len > 0) + memcpy(ctx->iv, iv, len); + if (ctx->enc + && rand_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len) <= 0) + return 0; + ctx->iv_gen = 1; + ctx->iv_state = IV_STATE_BUFFERED; + return 1; +} + +/* increment counter (64-bit int) by 1 */ +static void ctr64_inc(unsigned char *counter) +{ + int n = 8; + unsigned char c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c > 0) + return; + } while (n > 0); +} + +/* + * Handle TLS GCM packet format. This consists of the last portion of the IV + * followed by the payload and finally the tag. On encrypt generate IV, + * encrypt payload and write the tag. On verify retrieve IV, decrypt payload + * and verify tag. + */ +static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, + const unsigned char *in, size_t len) +{ + int rv = 0, arg = EVP_GCM_TLS_EXPLICIT_IV_LEN; + size_t plen = 0; + unsigned char *tag = NULL; + + if (!ctx->key_set) + goto err; + + /* Encrypt/decrypt must be performed in place */ + if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) + goto err; + + /* + * Check for too many keys as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness + * Requirements from SP 800-38D". The requirements is for one party to the + * communication to fail after 2^64 - 1 keys. We do this on the encrypting + * side only. + */ + if (ctx->enc && ++ctx->tls_enc_records == 0) { + PROVerr(0, EVP_R_TOO_MANY_RECORDS); + goto err; + } + + if (ctx->iv_gen == 0) + goto err; + /* + * Set IV from start of buffer or generate IV and write to start of + * buffer. + */ + if (ctx->enc) { + if (!ctx->hw->setiv(ctx, ctx->iv, ctx->ivlen)) + goto err; + if (arg > ctx->ivlen) + arg = ctx->ivlen; + memcpy(out, ctx->iv + ctx->ivlen - arg, arg); + /* + * Invocation field will be at least 8 bytes in size and so no need + * to check wrap around or increment more than last 8 bytes. + */ + ctr64_inc(ctx->iv + ctx->ivlen - 8); + } else { + memcpy(ctx->iv + ctx->ivlen - arg, out, arg); + if (!ctx->hw->setiv(ctx, ctx->iv, ctx->ivlen)) + goto err; + } + ctx->iv_state = IV_STATE_COPIED; + + /* Fix buffer and length to point to payload */ + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + + tag = ctx->enc ? out + len : (unsigned char *)in + len; + if (!ctx->hw->oneshot(ctx, ctx->buf, ctx->tls_aad_len, in, len, out, tag, + EVP_GCM_TLS_TAG_LEN)) { + if (!ctx->enc) + OPENSSL_cleanse(out, len); + goto err; + } + if (ctx->enc) + plen = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + else + plen = len; + + rv = 1; +err: + ctx->iv_state = IV_STATE_FINISHED; + ctx->tls_aad_len = -1; + *padlen = plen; + return rv; +} + +#define IMPLEMENT_cipher(alg, lcmode, UCMODE, flags, kbits, blkbits, ivbits) \ + static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ + static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return aes_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \ + kbits, blkbits, ivbits); \ + } \ + static OSSL_OP_cipher_newctx_fn alg##kbits##gcm_newctx; \ + static void *alg##kbits##gcm_newctx(void *provctx) \ + { \ + return alg##_gcm_newctx(provctx, kbits); \ + } \ + const OSSL_DISPATCH alg##kbits##gcm_functions[] = { \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))gcm_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))gcm_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))gcm_stream_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))gcm_stream_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))gcm_cipher }, \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void)) alg##kbits##gcm_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_gcm_freectx }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, \ + (void (*)(void))gcm_ctx_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, \ + (void (*)(void))gcm_ctx_set_params }, \ + { 0, NULL } \ + } + +static void *aes_gcm_newctx(void *provctx, size_t keybits) +{ + PROV_AES_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + gcm_initctx(provctx, (PROV_GCM_CTX *)ctx, keybits, + PROV_AES_HW_gcm(keybits), 8); + return ctx; +} + +static OSSL_OP_cipher_freectx_fn aes_gcm_freectx; +static void aes_gcm_freectx(void *vctx) +{ + PROV_AES_GCM_CTX *ctx = (PROV_AES_GCM_CTX *)vctx; + + gcm_deinitctx((PROV_GCM_CTX *)ctx); + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +/* aes128gcm_functions */ +IMPLEMENT_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 128, 8, 96); +/* aes192gcm_functions */ +IMPLEMENT_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 192, 8, 96); +/* aes256gcm_functions */ +IMPLEMENT_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 256, 8, 96); + +#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) + +static void *aria_gcm_newctx(void *provctx, size_t keybits) +{ + PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + gcm_initctx(provctx, (PROV_GCM_CTX *)ctx, keybits, + PROV_ARIA_HW_gcm(keybits), 4); + return ctx; +} + +static OSSL_OP_cipher_freectx_fn aria_gcm_freectx; +static void aria_gcm_freectx(void *vctx) +{ + PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx; + + gcm_deinitctx((PROV_GCM_CTX *)ctx); + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +/* aria128gcm_functions */ +IMPLEMENT_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 128, 8, 96); +/* aria192gcm_functions */ +IMPLEMENT_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 192, 8, 96); +/* aria256gcm_functions */ +IMPLEMENT_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 256, 8, 96); + +#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ diff --git a/providers/common/ciphers/gcm_hw.c b/providers/common/ciphers/gcm_hw.c new file mode 100644 index 0000000000..e8c5f66e4c --- /dev/null +++ b/providers/common/ciphers/gcm_hw.c @@ -0,0 +1,307 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "ciphers_locl.h" +#include "internal/aes_platform.h" + +static const PROV_GCM_HW aes_gcm; + +static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen); +static int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad, + size_t aad_len); +static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag); +static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, + const unsigned char *in, size_t in_len, + unsigned char *out, unsigned char *tag, size_t tag_len); +static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, + size_t len, unsigned char *out); + +#define SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ + ctx->ks = ks; \ + fn_set_enc_key(key, keylen * 8, ks); \ + CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \ + ctx->ctr = (ctr128_f)fn_ctr; \ + ctx->key_set = 1; + +#if defined(AESNI_CAPABLE) + +/* AES-NI section */ +static int aesni_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + AES_KEY *ks = &actx->ks.ks; + + SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt, + aesni_ctr32_encrypt_blocks); + return 1; +} + +static const PROV_GCM_HW aesni_gcm = { + aesni_gcm_init_key, + gcm_setiv, + gcm_aad_update, + gcm_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; + +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + return AESNI_CAPABLE ? &aesni_gcm : &aes_gcm; +} + +#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) + +/* Fujitsu SPARC64 X support */ + +static int t4_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + ctr128_f ctr; + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + AES_KEY *ks = &actx->ks.ks; + + + switch (keylen) { + case 16: + ctr = (ctr128_f)aes128_t4_ctr32_encrypt; + break; + case 24: + ctr = (ctr128_f)aes192_t4_ctr32_encrypt; + break; + case 32: + ctr = (ctr128_f)aes256_t4_ctr32_encrypt; + break; + default: + return 0; + } + + SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr); + return 1; +} + +static const PROV_GCM_HW t4_aes_gcm = { + t4_aes_gcm_init_key, + gcm_setiv, + gcm_aad_update, + gcm_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + return SPARC_AES_CAPABLE ? &t4_aes_gcm : &aes_gcm; +} + +#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +# include "gcm_s390x.c" +#else +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + return &aes_gcm; +} +#endif + +static int generic_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + AES_KEY *ks = &actx->ks.ks; + +# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { +# ifdef HWAES_ctr32_encrypt_blocks + SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, + HWAES_ctr32_encrypt_blocks); +# else + SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL); +# endif /* HWAES_ctr32_encrypt_blocks */ + } else +# endif /* HWAES_CAPABLE */ + +# ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) { + SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, + bsaes_ctr32_encrypt_blocks); + } else +# endif /* BSAES_CAPABLE */ + +# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL); + } else +# endif /* VPAES_CAPABLE */ + + { +# ifdef AES_CTR_ASM + SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, AES_ctr32_encrypt); +# else + SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL); +# endif /* AES_CTR_ASM */ + } + ctx->key_set = 1; + return 1; +} + +static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen) +{ + CRYPTO_gcm128_setiv(&ctx->gcm, iv, ivlen); + return 1; +} + +static int gcm_aad_update(PROV_GCM_CTX *ctx, + const unsigned char *aad, size_t aad_len) +{ + return CRYPTO_gcm128_aad(&ctx->gcm, aad, aad_len) == 0; +} + +static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, + size_t len, unsigned char *out) +{ + if (ctx->enc) { + if (ctx->ctr != NULL) { +#if defined(AES_GCM_ASM) + size_t bulk = 0; + + if (len >= 32 && AES_GCM_ASM(ctx)) { + size_t res = (16 - ctx->gcm.mres) % 16; + + if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res)) + return 0; + bulk = aesni_gcm_encrypt(in + res, out + res, len - res, + ctx->gcm.key, + ctx->gcm.Yi.c, ctx->gcm.Xi.u); + ctx->gcm.len.u[1] += bulk; + bulk += res; + } + if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, + len - bulk, ctx->ctr)) + return 0; +#else + if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr)) + return 0; +#endif /* AES_GCM_ASM */ + } else { + if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) + return 0; + } + } else { + if (ctx->ctr != NULL) { +#if defined(AES_GCM_ASM) + size_t bulk = 0; + + if (len >= 16 && AES_GCM_ASM(ctx)) { + size_t res = (16 - ctx->gcm.mres) % 16; + + if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res)) + return -1; + + bulk = aesni_gcm_decrypt(in + res, out + res, len - res, + ctx->gcm.key, + ctx->gcm.Yi.c, ctx->gcm.Xi.u); + ctx->gcm.len.u[1] += bulk; + bulk += res; + } + if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, + len - bulk, ctx->ctr)) + return 0; +#else + if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr)) + return 0; +#endif /* AES_GCM_ASM */ + } else { + if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len)) + return 0; + } + } + return 1; +} + +static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag) +{ + if (ctx->enc) { + CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE); + ctx->taglen = GCM_TAG_MAX_SIZE; + } else { + if (ctx->taglen < 0 + || CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0) + return 0; + } + return 1; +} + +static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, + const unsigned char *in, size_t in_len, + unsigned char *out, unsigned char *tag, size_t tag_len) +{ + int ret = 0; + + /* Use saved AAD */ + if (!ctx->hw->aadupdate(ctx, aad, aad_len)) + goto err; + if (!ctx->hw->cipherupdate(ctx, in, in_len, out)) + goto err; + ctx->taglen = GCM_TAG_MAX_SIZE; + if (!ctx->hw->cipherfinal(ctx, tag)) + goto err; + ret = 1; + +err: + return ret; +} + +static const PROV_GCM_HW aes_gcm = { + generic_aes_gcm_init_key, + gcm_setiv, + gcm_aad_update, + gcm_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; + +#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) + +static int aria_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx; + ARIA_KEY *ks = &actx->ks.ks; + + SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL); + return 1; +} + +static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, + size_t len, unsigned char *out) +{ + if (ctx->enc) { + if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) + return 0; + } else { + if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len)) + return 0; + } + return 1; +} + +static const PROV_GCM_HW aria_gcm = { + aria_gcm_init_key, + gcm_setiv, + gcm_aad_update, + aria_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; +const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits) +{ + return &aria_gcm; +} + +#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ diff --git a/providers/common/ciphers/gcm_s390x.c b/providers/common/ciphers/gcm_s390x.c new file mode 100644 index 0000000000..0ced60037d --- /dev/null +++ b/providers/common/ciphers/gcm_s390x.c @@ -0,0 +1,303 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * IBM S390X AES GCM support + * Note this file is included by aes_gcm_hw.c + */ + +/* iv + padding length for iv lengths != 12 */ +#define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) + +static int s390x_aes_gcm_init_key(PROV_GCM_CTX *ctx, + const unsigned char *key, size_t keylen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + + ctx->key_set = 1; + memcpy(&actx->plat.s390x.param.kma.k, key, keylen); + actx->plat.s390x.fc = S390X_AES_FC(keylen); + if (!ctx->enc) + actx->plat.s390x.fc |= S390X_DECRYPT; + return 1; +} + +static int s390x_aes_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, + size_t ivlen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; + + kma->t.g[0] = 0; + kma->t.g[1] = 0; + kma->tpcl = 0; + kma->taadl = 0; + actx->plat.s390x.mreslen = 0; + actx->plat.s390x.areslen = 0; + actx->plat.s390x.kreslen = 0; + + if (ivlen == AES_GCM_IV_DEFAULT_SIZE) { + memcpy(&kma->j0, iv, ivlen); + kma->j0.w[3] = 1; + kma->cv.w = 1; + } else { + unsigned long long ivbits = ivlen << 3; + size_t len = S390X_gcm_ivpadlen(ivlen); + unsigned char iv_zero_pad[S390X_gcm_ivpadlen(AES_GCM_IV_MAX_SIZE)]; + /* + * The IV length needs to be zero padded to be a multiple of 16 bytes + * followed by 8 bytes of zeros and 8 bytes for the IV length. + * The GHASH of this value can then be calculated. + */ + memcpy(iv_zero_pad, iv, ivlen); + memset(iv_zero_pad + ivlen, 0, len - ivlen); + memcpy(iv_zero_pad + len - sizeof(ivbits), &ivbits, sizeof(ivbits)); + /* + * Calculate the ghash of the iv - the result is stored into the tag + * param. + */ + s390x_kma(iv_zero_pad, len, NULL, 0, NULL, actx->plat.s390x.fc, kma); + actx->plat.s390x.fc |= S390X_KMA_HS; /* The hash subkey is set */ + + /* Copy the 128 bit GHASH result into J0 and clear the tag */ + kma->j0.g[0] = kma->t.g[0]; + kma->j0.g[1] = kma->t.g[1]; + kma->t.g[0] = 0; + kma->t.g[1] = 0; + /* Set the 32 bit counter */ + kma->cv.w = kma->j0.w[3]; + } + return 1; +} + +static int s390x_aes_gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; + unsigned char out[AES_BLOCK_SIZE]; + int rc; + + kma->taadl <<= 3; + kma->tpcl <<= 3; + s390x_kma(actx->plat.s390x.ares, actx->plat.s390x.areslen, + actx->plat.s390x.mres, actx->plat.s390x.mreslen, out, + actx->plat.s390x.fc | S390X_KMA_LAAD | S390X_KMA_LPC, kma); + + /* gctx->mres already returned to the caller */ + OPENSSL_cleanse(out, actx->plat.s390x.mreslen); + + if (ctx->enc) { + ctx->taglen = AES_GCM_TAG_MAX_SIZE; + memcpy(tag, kma->t.b, ctx->taglen); + rc = 1; + } else { + if (ctx->taglen < 0) + rc = 0; + else + rc = (CRYPTO_memcmp(tag, kma->t.b, ctx->taglen) == 0); + } + return rc; +} + +static int s390x_aes_gcm_one_shot(PROV_GCM_CTX *ctx, + unsigned char *aad, size_t aad_len, + const unsigned char *in, size_t in_len, + unsigned char *out, + unsigned char *tag, size_t taglen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; + int rc; + + kma->taadl = aad_len << 3; + kma->tpcl = in_len << 3; + s390x_kma(aad, aad_len, in, in_len, out, + actx->plat.s390x.fc | S390X_KMA_LAAD | S390X_KMA_LPC, kma); + + if (ctx->enc) { + memcpy(tag, kma->t.b, taglen); + rc = 1; + } else { + rc = (CRYPTO_memcmp(tag, kma->t.b, taglen) == 0); + } + return rc; +} + +/* + * Process additional authenticated data. Returns 1 on success. Code is + * big-endian. + */ +static int s390x_aes_gcm_aad_update(PROV_GCM_CTX *ctx, + const unsigned char *aad, size_t len) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; + unsigned long long alen; + int n, rem; + + /* If already processed pt/ct then error */ + if (kma->tpcl != 0) + return 0; + + /* update the total aad length */ + alen = kma->taadl + len; + if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len)) + return 0; + kma->taadl = alen; + + /* check if there is any existing aad data from a previous add */ + n = actx->plat.s390x.areslen; + if (n) { + /* add additional data to a buffer until it has 16 bytes */ + while (n && len) { + actx->plat.s390x.ares[n] = *aad; + ++aad; + --len; + n = (n + 1) & 0xf; + } + /* ctx->ares contains a complete block if offset has wrapped around */ + if (!n) { + s390x_kma(actx->plat.s390x.ares, 16, NULL, 0, NULL, + actx->plat.s390x.fc, kma); + actx->plat.s390x.fc |= S390X_KMA_HS; + } + actx->plat.s390x.areslen = n; + } + + /* If there are leftover bytes (< 128 bits) save them for next time */ + rem = len & 0xf; + /* Add any remaining 16 byte blocks (128 bit each) */ + len &= ~(size_t)0xf; + if (len) { + s390x_kma(aad, len, NULL, 0, NULL, actx->plat.s390x.fc, kma); + actx->plat.s390x.fc |= S390X_KMA_HS; + aad += len; + } + + if (rem) { + actx->plat.s390x.areslen = rem; + + do { + --rem; + actx->plat.s390x.ares[rem] = aad[rem]; + } while (rem); + } + return 1; +} + +/*- + * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 1 for + * success. Code is big-endian. + */ +static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, + const unsigned char *in, size_t len, + unsigned char *out) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; + const unsigned char *inptr; + unsigned long long mlen; + union { + unsigned int w[4]; + unsigned char b[16]; + } buf; + size_t inlen; + int n, rem, i; + + mlen = kma->tpcl + len; + if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) + return 0; + kma->tpcl = mlen; + + n = actx->plat.s390x.mreslen; + if (n) { + inptr = in; + inlen = len; + while (n && inlen) { + actx->plat.s390x.mres[n] = *inptr; + n = (n + 1) & 0xf; + ++inptr; + --inlen; + } + /* ctx->mres contains a complete block if offset has wrapped around */ + if (!n) { + s390x_kma(actx->plat.s390x.ares, actx->plat.s390x.areslen, + actx->plat.s390x.mres, 16, buf.b, + actx->plat.s390x.fc | S390X_KMA_LAAD, kma); + actx->plat.s390x.fc |= S390X_KMA_HS; + actx->plat.s390x.areslen = 0; + + /* previous call already encrypted/decrypted its remainder, + * see comment below */ + n = actx->plat.s390x.mreslen; + while (n) { + *out = buf.b[n]; + n = (n + 1) & 0xf; + ++out; + ++in; + --len; + } + actx->plat.s390x.mreslen = 0; + } + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kma(actx->plat.s390x.ares, actx->plat.s390x.areslen, in, len, out, + actx->plat.s390x.fc | S390X_KMA_LAAD, kma); + in += len; + out += len; + actx->plat.s390x.fc |= S390X_KMA_HS; + actx->plat.s390x.areslen = 0; + } + + /*- + * If there is a remainder, it has to be saved such that it can be + * processed by kma later. However, we also have to do the for-now + * unauthenticated encryption/decryption part here and now... + */ + if (rem) { + if (!actx->plat.s390x.mreslen) { + buf.w[0] = kma->j0.w[0]; + buf.w[1] = kma->j0.w[1]; + buf.w[2] = kma->j0.w[2]; + buf.w[3] = kma->cv.w + 1; + s390x_km(buf.b, 16, actx->plat.s390x.kres, + actx->plat.s390x.fc & 0x1f, &kma->k); + } + + n = actx->plat.s390x.mreslen; + for (i = 0; i < rem; i++) { + actx->plat.s390x.mres[n + i] = in[i]; + out[i] = in[i] ^ actx->plat.s390x.kres[n + i]; + } + actx->plat.s390x.mreslen += rem; + } + return 1; +} + +static const PROV_GCM_HW s390x_aes_gcm = { + s390x_aes_gcm_init_key, + s390x_aes_gcm_setiv, + s390x_aes_gcm_aad_update, + s390x_aes_gcm_cipher_update, + s390x_aes_gcm_cipher_final, + s390x_aes_gcm_one_shot +}; + +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + if ((keybits == 128 && S390X_aes_128_gcm_CAPABLE) + || (keybits == 192 && S390X_aes_192_gcm_CAPABLE) + || (keybits == 256 && S390X_aes_256_gcm_CAPABLE)) + return &s390x_aes_gcm; + return &aes_gcm; +} diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index 80946ca6e2..741b07b750 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -57,6 +57,14 @@ extern const OSSL_DISPATCH aes128cfb8_functions[]; extern const OSSL_DISPATCH aes256ctr_functions[]; extern const OSSL_DISPATCH aes192ctr_functions[]; extern const OSSL_DISPATCH aes128ctr_functions[]; +extern const OSSL_DISPATCH aes256gcm_functions[]; +extern const OSSL_DISPATCH aes192gcm_functions[]; +extern const OSSL_DISPATCH aes128gcm_functions[]; +#ifndef OPENSSL_NO_ARIA +extern const OSSL_DISPATCH aria256gcm_functions[]; +extern const OSSL_DISPATCH aria192gcm_functions[]; +extern const OSSL_DISPATCH aria128gcm_functions[]; +#endif /* OPENSSL_NO_ARIA */ /* Key management */ extern const OSSL_DISPATCH dh_keymgmt_functions[]; diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h index d1af68f57b..c52dbd30f8 100644 --- a/providers/common/include/internal/providercommonerr.h +++ b/providers/common/include/internal/providercommonerr.h @@ -49,7 +49,10 @@ int ERR_load_PROV_strings(void); # define PROV_R_CIPHER_OPERATION_FAILED 102 # define PROV_R_FAILED_TO_GET_PARAMETER 103 # define PROV_R_FAILED_TO_SET_PARAMETER 104 +# define PROV_R_INVALID_AAD 108 +# define PROV_R_INVALID_IVLEN 109 # define PROV_R_INVALID_KEYLEN 105 +# define PROV_R_INVALID_TAG 110 # define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 # define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 320aee8a10..7f07625a59 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -23,7 +23,10 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "failed to get parameter"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), "failed to set parameter"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IVLEN), "invalid ivlen"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEYLEN), "invalid keylen"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), "output buffer too small"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 95534b1155..6e4c94c61c 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -111,6 +111,14 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "AES-256-CTR", "default=yes", aes256ctr_functions }, { "AES-192-CTR", "default=yes", aes192ctr_functions }, { "AES-128-CTR", "default=yes", aes128ctr_functions }, + { "id-aes256-GCM", "default=yes", aes256gcm_functions }, + { "id-aes192-GCM", "default=yes", aes192gcm_functions }, + { "id-aes128-GCM", "default=yes", aes128gcm_functions }, +#ifndef OPENSSL_NO_ARIA + { "ARIA-256-GCM", "default=yes", aria256gcm_functions }, + { "ARIA-192-GCM", "default=yes", aria192gcm_functions }, + { "ARIA-128-GCM", "default=yes", aria128gcm_functions }, +#endif /* OPENSSL_NO_ARIA */ { NULL, NULL, NULL } }; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index b62bfeec39..d82074fd20 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -250,6 +250,9 @@ static const OSSL_ALGORITHM fips_ciphers[] = { { "AES-256-CTR", "fips=yes", aes256ctr_functions }, { "AES-192-CTR", "fips=yes", aes192ctr_functions }, { "AES-128-CTR", "fips=yes", aes128ctr_functions }, + { "id-aes256-GCM", "fips=yes", aes256gcm_functions }, + { "id-aes192-GCM", "fips=yes", aes192gcm_functions }, + { "id-aes128-GCM", "fips=yes", aes128gcm_functions }, { NULL, NULL, NULL } }; From builds at travis-ci.org Wed Jul 31 12:17:26 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 12:17:26 +0000 Subject: Failed: openssl/openssl#27008 (master - f5b7f99) In-Reply-To: Message-ID: <5d4186d5dce12_43fa55a85df742285b1@f97fb11d-1bbf-4212-ab99-a74c0f4b291d.mail> Build Update for openssl/openssl ------------------------------------- Build: #27008 Status: Failed Duration: 23 mins and 9 secs Commit: f5b7f99 (master) Author: Nicola Tuveri Message: Temporary workaround for ectest.c for [extended tests] [extended tests] This is a temporary workaround for issue #9251, which contains a full discussion of the real problem. As a temporary workaround, we test `EC_GROUP_new_from_ecparameters()` against a curve that does not currently have alternative implementations. The proper fix is dependant on resolution of issue #8615 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9474) View the changeset: https://github.com/openssl/openssl/compare/189dbdd99416...f5b7f99e690b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565933732?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 31 12:40:35 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 12:40:35 +0000 Subject: Failed: openssl/openssl#27009 (master - a672a02) In-Reply-To: Message-ID: <5d418c4386c3_43fd01e36922c1399c7@15a913fb-19f5-46ba-8cbd-234861f76cd4.mail> Build Update for openssl/openssl ------------------------------------- Build: #27009 Status: Failed Duration: 31 mins and 15 secs Commit: a672a02 (master) Author: Shane Lontis Message: Add gcm ciphers (aes and aria) to providers. The code has been modularized so that it can be shared by algorithms. A fixed size IV is now used instead of being allocated. The IV is not set into the low level struct now until the update (it uses an iv_state for this purpose). Hardware specific methods have been added to a PROV_GCM_HW object. The S390 code has been changed to just contain methods that can be accessed in a modular way. There are equivalent generic methods also for the other platforms. Reviewed-by: Matt Caswell Reviewed-by: Patrick Steuer (Merged from https://github.com/openssl/openssl/pull/9231) View the changeset: https://github.com/openssl/openssl/compare/f5b7f99e690b...a672a02a6443 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565939318?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Wed Jul 31 14:06:37 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Wed, 31 Jul 2019 14:06:37 +0000 Subject: [openssl] master update Message-ID: <1564581997.924348.29370.nullmailer@dev.openssl.org> The branch master has been updated via 7408f6759f1b0100438ca236ea8f549454aaf2d5 (commit) from a672a02a6443a29aa368c0d8abeebc809c1a9f28 (commit) - Log ----------------------------------------------------------------- commit 7408f6759f1b0100438ca236ea8f549454aaf2d5 Author: David von Oheimb Date: Fri Jul 26 11:03:12 2019 +0200 make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9466) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_err.c | 2 ++ crypto/dsa/dsa_ossl.c | 8 ++++++++ crypto/ec/ecdh_ossl.c | 2 +- crypto/ec/ecdsa_ossl.c | 14 +++++++++++--- crypto/err/openssl.txt | 2 ++ crypto/rsa/rsa_err.c | 2 ++ crypto/rsa/rsa_ossl.c | 10 ++++++++++ include/openssl/dsaerr.h | 1 + include/openssl/rsaerr.h | 1 + 9 files changed, 38 insertions(+), 4 deletions(-) diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 211908c19c..5b0b71507f 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -22,6 +22,8 @@ static const ERR_STRING_DATA DSA_str_reasons[] = { "invalid digest type"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index a9384a0f03..08f2e9f025 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -72,6 +72,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) reason = DSA_R_MISSING_PARAMETERS; goto err; } + if (dsa->priv_key == NULL) { + reason = DSA_R_MISSING_PRIVATE_KEY; + goto err; + } ret = DSA_SIG_new(); if (ret == NULL) @@ -195,6 +199,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS); return 0; } + if (dsa->priv_key == NULL) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PRIVATE_KEY); + return 0; + } k = BN_new(); l = BN_new(); diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index 61789f4f0c..d1330d8a50 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -58,7 +58,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, priv_key = EC_KEY_get0_private_key(ecdh); if (priv_key == NULL) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE); + ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_MISSING_PRIVATE_KEY); goto err; } diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index a488d5c86d..b5aba77a4f 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -41,11 +41,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, const EC_GROUP *group; int ret = 0; int order_bits; + const BIGNUM *priv_key; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) { + ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_MISSING_PRIVATE_KEY); + return 0; + } if (!EC_KEY_can_sign(eckey)) { ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); @@ -83,8 +88,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, /* get random k */ do { if (dgst != NULL) { - if (!BN_generate_dsa_nonce(k, order, - EC_KEY_get0_private_key(eckey), + if (!BN_generate_dsa_nonce(k, order, priv_key, dgst, dlen, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_RANDOM_NUMBER_GENERATION_FAILED); @@ -162,10 +166,14 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); - if (group == NULL || priv_key == NULL) { + if (group == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER); return NULL; } + if (priv_key == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY); + return NULL; + } if (!EC_KEY_can_sign(eckey)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index caa47324bf..9644323888 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2291,6 +2291,7 @@ DSA_R_DECODE_ERROR:104:decode error DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type DSA_R_INVALID_PARAMETERS:112:invalid parameters DSA_R_MISSING_PARAMETERS:101:missing parameters +DSA_R_MISSING_PRIVATE_KEY:111:missing private key DSA_R_MODULUS_TOO_LARGE:103:modulus too large DSA_R_NO_PARAMETERS_SET:107:no parameters set DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error @@ -2787,6 +2788,7 @@ RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small RSA_R_LAST_OCTET_INVALID:134:last octet invalid RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed +RSA_R_MISSING_PRIVATE_KEY:179:missing private key RSA_R_MODULUS_TOO_LARGE:105:modulus too large RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 50409de865..5923073056 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -86,6 +86,8 @@ static const ERR_STRING_DATA RSA_str_reasons[] = { {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED), "mgf1 digest not allowed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R), "mp coefficient not inverse of r"}, diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index e6876de60b..29bd97bd1b 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -321,6 +321,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } + if (rsa->d == NULL) { + RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_MISSING_PRIVATE_KEY); + BN_free(d); + goto err; + } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, @@ -438,6 +443,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } + if (rsa->d == NULL) { + RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_MISSING_PRIVATE_KEY); + BN_free(d); + goto err; + } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h index bc542bf558..76ef96acf7 100644 --- a/include/openssl/dsaerr.h +++ b/include/openssl/dsaerr.h @@ -63,6 +63,7 @@ int ERR_load_DSA_strings(void); # define DSA_R_INVALID_DIGEST_TYPE 106 # define DSA_R_INVALID_PARAMETERS 112 # define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 # define DSA_R_MODULUS_TOO_LARGE 103 # define DSA_R_NO_PARAMETERS_SET 107 # define DSA_R_PARAMETER_ENCODING_ERROR 105 diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h index a7fa9195aa..51f69e7919 100644 --- a/include/openssl/rsaerr.h +++ b/include/openssl/rsaerr.h @@ -142,6 +142,7 @@ int ERR_load_RSA_strings(void); # define RSA_R_KEY_PRIME_NUM_INVALID 165 # define RSA_R_KEY_SIZE_TOO_SMALL 120 # define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 # define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 # define RSA_R_MODULUS_TOO_LARGE 105 # define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 From openssl at openssl.org Wed Jul 31 14:12:37 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 31 Jul 2019 14:12:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1564582357.328810.25504.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 35f6fe7ac4 Fix BIO_printf format warnings 62cc845fc9 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c 11dbdc0714 Document the provider CIPHER operation d753cc333d Fix coverity 1452084 Fix coverity 1452083 10f8b36874 ERR: re-use the err_data field when possible Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1574, 237 wallclock secs ( 1.83 usr 0.35 sys + 228.16 cusr 20.93 csys = 251.27 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From nic.tuv at gmail.com Wed Jul 31 14:19:15 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Wed, 31 Jul 2019 14:19:15 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564582755.364753.483.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ffc2b6373aabcdcfbb0ac725a00a907834202c4f (commit) from 74f4cc0276b8fe003c036544219a0371266fc32c (commit) - Log ----------------------------------------------------------------- commit ffc2b6373aabcdcfbb0ac725a00a907834202c4f Author: David von Oheimb Date: Fri Jul 26 11:03:12 2019 +0200 make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9466) (cherry picked from commit 7408f6759f1b0100438ca236ea8f549454aaf2d5) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_err.c | 2 ++ crypto/dsa/dsa_ossl.c | 8 ++++++++ crypto/ec/ecdh_ossl.c | 2 +- crypto/ec/ecdsa_ossl.c | 14 +++++++++++--- crypto/err/openssl.txt | 2 ++ crypto/rsa/rsa_err.c | 2 ++ crypto/rsa/rsa_ossl.c | 10 ++++++++++ include/openssl/dsaerr.h | 1 + include/openssl/rsaerr.h | 1 + 9 files changed, 38 insertions(+), 4 deletions(-) diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 8f97f6f3f9..a7176af8ac 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -52,6 +52,8 @@ static const ERR_STRING_DATA DSA_str_reasons[] = { "invalid digest type"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index cefda5a450..9361fbdf0c 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -72,6 +72,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) reason = DSA_R_MISSING_PARAMETERS; goto err; } + if (dsa->priv_key == NULL) { + reason = DSA_R_MISSING_PRIVATE_KEY; + goto err; + } ret = DSA_SIG_new(); if (ret == NULL) @@ -195,6 +199,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS); return 0; } + if (dsa->priv_key == NULL) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PRIVATE_KEY); + return 0; + } k = BN_new(); l = BN_new(); diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index 5608c62b2a..ab51ee7138 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -58,7 +58,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, priv_key = EC_KEY_get0_private_key(ecdh); if (priv_key == NULL) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE); + ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_MISSING_PRIVATE_KEY); goto err; } diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index e35c7600d8..554420449f 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -41,11 +41,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, const EC_GROUP *group; int ret = 0; int order_bits; + const BIGNUM *priv_key; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) { + ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_MISSING_PRIVATE_KEY); + return 0; + } if (!EC_KEY_can_sign(eckey)) { ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); @@ -83,8 +88,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, /* get random k */ do { if (dgst != NULL) { - if (!BN_generate_dsa_nonce(k, order, - EC_KEY_get0_private_key(eckey), + if (!BN_generate_dsa_nonce(k, order, priv_key, dgst, dlen, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_RANDOM_NUMBER_GENERATION_FAILED); @@ -162,10 +166,14 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); - if (group == NULL || priv_key == NULL) { + if (group == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER); return NULL; } + if (priv_key == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY); + return NULL; + } if (!EC_KEY_can_sign(eckey)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 722a08773a..a433b03240 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2101,6 +2101,7 @@ DSA_R_DECODE_ERROR:104:decode error DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type DSA_R_INVALID_PARAMETERS:112:invalid parameters DSA_R_MISSING_PARAMETERS:101:missing parameters +DSA_R_MISSING_PRIVATE_KEY:111:missing private key DSA_R_MODULUS_TOO_LARGE:103:modulus too large DSA_R_NO_PARAMETERS_SET:107:no parameters set DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error @@ -2536,6 +2537,7 @@ RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small RSA_R_LAST_OCTET_INVALID:134:last octet invalid RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed +RSA_R_MISSING_PRIVATE_KEY:179:missing private key RSA_R_MODULUS_TOO_LARGE:105:modulus too large RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 62fd9e0b11..228e071216 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -174,6 +174,8 @@ static const ERR_STRING_DATA RSA_str_reasons[] = { {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED), "mgf1 digest not allowed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R), "mp coefficient not inverse of r"}, diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 33be9ea8cb..c8c3b7886a 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -321,6 +321,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } + if (rsa->d == NULL) { + RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_MISSING_PRIVATE_KEY); + BN_free(d); + goto err; + } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, @@ -438,6 +443,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } + if (rsa->d == NULL) { + RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_MISSING_PRIVATE_KEY); + BN_free(d); + goto err; + } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h index 772ee2c13e..495a1ac89d 100644 --- a/include/openssl/dsaerr.h +++ b/include/openssl/dsaerr.h @@ -61,6 +61,7 @@ int ERR_load_DSA_strings(void); # define DSA_R_INVALID_DIGEST_TYPE 106 # define DSA_R_INVALID_PARAMETERS 112 # define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 # define DSA_R_MODULUS_TOO_LARGE 103 # define DSA_R_NO_PARAMETERS_SET 107 # define DSA_R_PARAMETER_ENCODING_ERROR 105 diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h index b3cb035c8e..59b15e13e9 100644 --- a/include/openssl/rsaerr.h +++ b/include/openssl/rsaerr.h @@ -130,6 +130,7 @@ int ERR_load_RSA_strings(void); # define RSA_R_KEY_PRIME_NUM_INVALID 165 # define RSA_R_KEY_SIZE_TOO_SMALL 120 # define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 # define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 # define RSA_R_MODULUS_TOO_LARGE 105 # define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 From builds at travis-ci.org Wed Jul 31 14:40:18 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 14:40:18 +0000 Subject: Still Failing: openssl/openssl#27015 (master - 7408f67) In-Reply-To: Message-ID: <5d41a8522a55f_43fc4b012ff5c2475eb@f927ebe1-865a-4553-8501-745190d9997c.mail> Build Update for openssl/openssl ------------------------------------- Build: #27015 Status: Still Failing Duration: 26 mins and 37 secs Commit: 7408f67 (master) Author: David von Oheimb Message: make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9466) View the changeset: https://github.com/openssl/openssl/compare/a672a02a6443...7408f6759f1b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/565994910?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 31 14:50:26 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 14:50:26 +0000 Subject: Still Failing: openssl/openssl#27016 (OpenSSL_1_1_1-stable - ffc2b63) In-Reply-To: Message-ID: <5d41aab228922_43fa5575d09082735db@f97fb11d-1bbf-4212-ab99-a74c0f4b291d.mail> Build Update for openssl/openssl ------------------------------------- Build: #27016 Status: Still Failing Duration: 23 mins and 52 secs Commit: ffc2b63 (OpenSSL_1_1_1-stable) Author: David von Oheimb Message: make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9466) (cherry picked from commit 7408f6759f1b0100438ca236ea8f549454aaf2d5) View the changeset: https://github.com/openssl/openssl/compare/74f4cc0276b8...ffc2b6373aab View the full build log and details: https://travis-ci.org/openssl/openssl/builds/566001276?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 31 15:02:29 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 31 Jul 2019 15:02:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1564585349.204075.19592.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 35f6fe7ac4 Fix BIO_printf format warnings 62cc845fc9 Use OPENSSL_strlcpy instead of strncpy in e_afalg.c 11dbdc0714 Document the provider CIPHER operation d753cc333d Fix coverity 1452084 Fix coverity 1452083 10f8b36874 ERR: re-use the err_data field when possible Build log ended with (last 100 lines): ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. Dubious, test returned 255 (wstat 65280, 0xff00) All 8 subtests passed (less 5 skipped subtests: 3 okay) ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/70-test_sslextension.t (Wstat: 65280 Tests: 9 Failed: 1) Failed test: 9 Non-zero exit status: 255 Parse errors: Bad plan. You planned 8 tests but ran 9. ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1574, 236 wallclock secs ( 1.84 usr 0.39 sys + 226.38 cusr 20.60 csys = 249.21 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Wed Jul 31 16:31:57 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 31 Jul 2019 16:31:57 +0000 Subject: [openssl] master update Message-ID: <1564590717.728112.29691.nullmailer@dev.openssl.org> The branch master has been updated via 0c789f59f117ccbb30ffc621216ba776117c7c61 (commit) from 7408f6759f1b0100438ca236ea8f549454aaf2d5 (commit) - Log ----------------------------------------------------------------- commit 0c789f59f117ccbb30ffc621216ba776117c7c61 Author: joe2018Outlookcom Date: Wed Jul 31 13:46:02 2019 +0800 Fix warning C4164 in MSVC. Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared. Fixes #9487 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9488) ----------------------------------------------------------------------- Summary of changes: crypto/whrlpool/wp_block.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index 14327f16de..574ac124d4 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -87,6 +87,7 @@ typedef unsigned long long u64; #ifndef PEDANTIC # if defined(_MSC_VER) # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# include # pragma intrinsic(_rotl64) # define ROTATE(a,n) _rotl64((a),n) # endif From matt at openssl.org Wed Jul 31 16:35:04 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 31 Jul 2019 16:35:04 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564590904.389141.31533.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ca33a43fe21ace99a7e689f40a90e3ad42e794a0 (commit) from ffc2b6373aabcdcfbb0ac725a00a907834202c4f (commit) - Log ----------------------------------------------------------------- commit ca33a43fe21ace99a7e689f40a90e3ad42e794a0 Author: joe2018Outlookcom Date: Wed Jul 31 13:46:02 2019 +0800 Fix warning C4164 in MSVC. Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared. Fixes #9487 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9488) (cherry picked from commit 0c789f59f117ccbb30ffc621216ba776117c7c61) ----------------------------------------------------------------------- Summary of changes: crypto/whrlpool/wp_block.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index 0cc92a3b01..f4f994bc47 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -87,6 +87,7 @@ typedef unsigned long long u64; #ifndef PEDANTIC # if defined(_MSC_VER) # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# include # pragma intrinsic(_rotl64) # define ROTATE(a,n) _rotl64((a),n) # endif From builds at travis-ci.org Wed Jul 31 16:52:23 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 16:52:23 +0000 Subject: Still Failing: openssl/openssl#27021 (master - 0c789f5) In-Reply-To: Message-ID: <5d41c74711d2b_43fd0268368241963d3@15a913fb-19f5-46ba-8cbd-234861f76cd4.mail> Build Update for openssl/openssl ------------------------------------- Build: #27021 Status: Still Failing Duration: 19 mins and 43 secs Commit: 0c789f5 (master) Author: joe2018Outlookcom Message: Fix warning C4164 in MSVC. Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared. Fixes #9487 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9488) View the changeset: https://github.com/openssl/openssl/compare/7408f6759f1b...0c789f59f117 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/566063637?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jul 31 17:03:27 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 17:03:27 +0000 Subject: Still Failing: openssl/openssl#27022 (OpenSSL_1_1_1-stable - ca33a43) In-Reply-To: Message-ID: <5d41c9df1dfe2_43fa5575d02783165c4@f97fb11d-1bbf-4212-ab99-a74c0f4b291d.mail> Build Update for openssl/openssl ------------------------------------- Build: #27022 Status: Still Failing Duration: 24 mins and 37 secs Commit: ca33a43 (OpenSSL_1_1_1-stable) Author: joe2018Outlookcom Message: Fix warning C4164 in MSVC. Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared. Fixes #9487 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9488) (cherry picked from commit 0c789f59f117ccbb30ffc621216ba776117c7c61) View the changeset: https://github.com/openssl/openssl/compare/ffc2b6373aab...ca33a43fe21a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/566064758?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 31 17:36:40 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 31 Jul 2019 17:36:40 +0000 Subject: Build failed: openssl master.26442 Message-ID: <20190731173640.1.CCD21F46D6064A79@appveyor.com> An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Wed Jul 31 17:51:30 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 31 Jul 2019 17:51:30 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1564595490.880097.18258.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a5c83db4ae3b3a94cdb88658280c36b6a74377ef (commit) from ca33a43fe21ace99a7e689f40a90e3ad42e794a0 (commit) - Log ----------------------------------------------------------------- commit a5c83db4ae3b3a94cdb88658280c36b6a74377ef Author: Antoine C?ur Date: Tue Jul 2 22:29:29 2019 +0800 Fix Typos CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9295) ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 +- Configurations/15-ios.conf | 2 +- Configurations/50-win-onecore.conf | 2 +- Configurations/common0.tmpl | 2 +- apps/pkcs12.c | 2 +- apps/speed.c | 2 +- apps/storeutl.c | 2 +- crypto/aes/asm/aes-s390x.pl | 4 ++-- crypto/asn1/a_time.c | 2 +- crypto/bio/bss_dgram.c | 2 +- crypto/bn/asm/mips.pl | 2 +- crypto/bn/bn_div.c | 2 +- crypto/bn/bn_lcl.h | 2 +- crypto/dsa/dsa_ossl.c | 2 +- crypto/ec/asm/ecp_nistz256-x86_64.pl | 2 +- crypto/ec/asm/x25519-ppc64.pl | 4 ++-- crypto/ec/ec_lcl.h | 2 +- crypto/ec/ecp_nistp521.c | 2 +- crypto/ec/ecx_meth.c | 2 +- crypto/init.c | 2 +- crypto/lhash/lhash.c | 6 +++--- crypto/rand/drbg_lib.c | 2 +- crypto/rand/rand_lib.c | 2 +- crypto/rsa/rsa_gen.c | 2 +- crypto/sha/asm/sha512-sparcv9.pl | 2 +- crypto/sm2/sm2_sign.c | 4 ++-- crypto/store/loader_file.c | 4 ++-- demos/bio/descrip.mms | 2 +- demos/evp/aesgcm.c | 2 +- doc/man3/ADMISSIONS.pod | 2 +- doc/man3/BIO_s_mem.pod | 2 +- doc/man3/EVP_DigestSignInit.pod | 2 +- doc/man3/EVP_DigestVerifyInit.pod | 2 +- doc/man3/EVP_md5.pod | 2 +- doc/man3/OSSL_STORE_LOADER.pod | 2 +- doc/man3/OSSL_STORE_expect.pod | 2 +- doc/man3/RAND_DRBG_set_callbacks.pod | 2 +- doc/man3/SSL_CTX_set_cipher_list.pod | 2 +- doc/man3/SSL_SESSION_get0_hostname.pod | 2 +- include/internal/thread_once.h | 2 +- include/internal/tsan_assist.h | 2 +- test/asn1_time_test.c | 4 ++-- test/drbgtest.c | 2 +- test/dtlstest.c | 2 +- test/ssltestlib.c | 2 +- test/tls13secretstest.c | 2 +- util/perl/OpenSSL/Test.pm | 4 ++-- 47 files changed, 55 insertions(+), 55 deletions(-) diff --git a/CHANGES b/CHANGES index 27302057df..5bc8ebd6c6 100644 --- a/CHANGES +++ b/CHANGES @@ -362,7 +362,7 @@ SSL_set_ciphersuites() [Matt Caswell] - *) Memory allocation failures consistenly add an error to the error + *) Memory allocation failures consistently add an error to the error stack. [Rich Salz] diff --git a/Configurations/15-ios.conf b/Configurations/15-ios.conf index 1bb9f48d06..f404077fda 100644 --- a/Configurations/15-ios.conf +++ b/Configurations/15-ios.conf @@ -1,6 +1,6 @@ #### iPhoneOS/iOS # -# It takes recent enough XCode to use following two targets. It shouldn't +# It takes recent enough Xcode to use following two targets. It shouldn't # be a problem by now, but if they don't work, original targets below # that depend on manual definition of environment variables should still # work... diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf index 51cb3819cb..d478f42b0f 100644 --- a/Configurations/50-win-onecore.conf +++ b/Configurations/50-win-onecore.conf @@ -1,6 +1,6 @@ # Windows OneCore targets. # -# OneCore is new API stability "contract" that transends Desktop, IoT and +# OneCore is new API stability "contract" that transcends Desktop, IoT and # Mobile[?] Windows editions. It's a set up "umbrella" libraries that # export subset of Win32 API that are common to all Windows 10 devices. # diff --git a/Configurations/common0.tmpl b/Configurations/common0.tmpl index 03acb3e0b3..852b1fb3e8 100644 --- a/Configurations/common0.tmpl +++ b/Configurations/common0.tmpl @@ -22,7 +22,7 @@ our @generated = sort ( ( grep { defined $unified_info{generate}->{$_} } sort keys %generatables ), - # Scripts are assumed to be generated, so add thhem too + # Scripts are assumed to be generated, so add them too ( grep { defined $unified_info{sources}->{$_} } @{$unified_info{scripts}} ) ); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 719a309a86..d0600b3760 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -838,7 +838,7 @@ static int alg_print(const X509_ALGOR *alg) goto done; } BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, " - "Block size(r): %ld, Paralelizm(p): %ld", + "Block size(r): %ld, Parallelism(p): %ld", ASN1_STRING_length(kdf->salt), ASN1_INTEGER_get(kdf->costParameter), ASN1_INTEGER_get(kdf->blockSize), diff --git a/apps/speed.c b/apps/speed.c index 8d4b1695d8..20149506cc 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1790,7 +1790,7 @@ int speed_main(int argc, char **argv) } buflen = lengths[size_num - 1]; - if (buflen < 36) /* size of random vector in RSA bencmark */ + if (buflen < 36) /* size of random vector in RSA benchmark */ buflen = 36; buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); diff --git a/apps/storeutl.c b/apps/storeutl.c index 50007f6e8b..7dbf9dec93 100644 --- a/apps/storeutl.c +++ b/apps/storeutl.c @@ -125,7 +125,7 @@ int storeutl_main(int argc, char *argv[]) } /* * If expected wasn't set at this point, it means the map - * isn't syncronised with the possible options leading here. + * isn't synchronised with the possible options leading here. */ OPENSSL_assert(expected != 0); } diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 0c40059066..933a447b5c 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -38,14 +38,14 @@ # Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided # for 128-bit keys, if hardware support is detected. -# Januray 2009. +# January 2009. # # Add support for hardware AES192/256 and reschedule instructions to # minimize/avoid Address Generation Interlock hazard and to favour # dual-issue z10 pipeline. This gave ~25% improvement on z10 and # almost 50% on z9. The gain is smaller on z10, because being dual- # issue z10 makes it impossible to eliminate the interlock condition: -# critial path is not long enough. Yet it spends ~24 cycles per byte +# critical path is not long enough. Yet it spends ~24 cycles per byte # processed with 128-bit key. # # Unlike previous version hardware support detection takes place only diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 1babb96360..25c060cf8e 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -67,7 +67,7 @@ static void determine_days(struct tm *tm) } c = y / 100; y %= 100; - /* Zeller's congruance */ + /* Zeller's congruence */ tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7; } diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index d5fe5bb5a8..26441c9ddf 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -784,7 +784,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The * value has been updated to a non-clashing value. However to preserve - * binary compatiblity we now respond to both the old value and the new one + * binary compatibility we now respond to both the old value and the new one */ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: case BIO_CTRL_DGRAM_SET_PEEK_MODE: diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 38b796e375..a205189eb6 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -801,7 +801,7 @@ $code.=<<___; #if 0 /* * The bn_div_3_words entry point is re-used for constant-time interface. - * Implementation is retained as hystorical reference. + * Implementation is retained as historical reference. */ .align 5 .globl bn_div_3_words diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 3a6fa0a1b1..44948c99b2 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -258,7 +258,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, * * - availability of constant-time bn_div_3_words; * - dividend is at least as "wide" as divisor, limb-wise, zero-padded - * if so requied, which shouldn't be a privacy problem, because + * if so required, which shouldn't be a privacy problem, because * divisor's length is considered public; */ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 8a36db2e8b..6ec39ed41e 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -295,7 +295,7 @@ struct bn_gencb_st { (b) > 23 ? 3 : 1) /* - * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache + * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache * line width of the target processor is at least the following value. */ # define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 9361fbdf0c..16161dcadf 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -256,7 +256,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * one bit longer than the modulus. * * There are some concerns about the efficacy of doing this. More - * specificly refer to the discussion starting with: + * specifically refer to the discussion starting with: * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 * The fix is to rework BN so these gymnastics aren't required. */ diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index 87149e7f68..10ccc6414a 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1301,7 +1301,7 @@ ecp_nistz256_ord_mul_montx: ################################# reduction mulx 8*0+128(%r14), $t0, $t1 - adcx $t0, $acc3 # guranteed to be zero + adcx $t0, $acc3 # guaranteed to be zero adox $t1, $acc4 mulx 8*1+128(%r14), $t0, $t1 diff --git a/crypto/ec/asm/x25519-ppc64.pl b/crypto/ec/asm/x25519-ppc64.pl index 3773cb27cd..bd9bf8ab11 100755 --- a/crypto/ec/asm/x25519-ppc64.pl +++ b/crypto/ec/asm/x25519-ppc64.pl @@ -451,7 +451,7 @@ x25519_fe64_tobytes: and $t0,$t0,$t1 sldi $a3,$a3,1 add $t0,$t0,$t1 # compare to modulus in the same go - srdi $a3,$a3,1 # most signifcant bit cleared + srdi $a3,$a3,1 # most significant bit cleared addc $a0,$a0,$t0 addze $a1,$a1 @@ -462,7 +462,7 @@ x25519_fe64_tobytes: sradi $t0,$a3,63 # most significant bit -> mask sldi $a3,$a3,1 andc $t0,$t1,$t0 - srdi $a3,$a3,1 # most signifcant bit cleared + srdi $a3,$a3,1 # most significant bit cleared subi $rp,$rp,1 subfc $a0,$t0,$a0 diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 119255f1dc..e4189d7328 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -154,7 +154,7 @@ struct ec_method_st { int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); /*- - * 'field_inv' computes the multipicative inverse of a in the field, + * 'field_inv' computes the multiplicative inverse of a in the field, * storing the result in r. * * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index e31b85c5f7..1e45f1eec5 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1269,7 +1269,7 @@ static void point_add(felem x3, felem y3, felem z3, * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb * 71e913863f7, in that case the penultimate intermediate is -9G and * the final digit is also -9G. Since this only happens for a single - * scalar, the timing leak is irrelevent. (Any attacker who wanted to + * scalar, the timing leak is irrelevant. (Any attacker who wanted to * check whether a secret scalar was that exact value, can already do * so.) */ diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index e4cac99e2d..c87419b5db 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -532,7 +532,7 @@ static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); if (alg2) X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); - /* Algorithm idetifiers set: carry on as normal */ + /* Algorithm identifiers set: carry on as normal */ return 3; } diff --git a/crypto/init.c b/crypto/init.c index 62626a707e..46839e768f 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -40,7 +40,7 @@ static int stopped = 0; * destructor for threads terminating before libcrypto is initialized or * after it's de-initialized. Access to the key doesn't have to be * serialized for the said threads, because they didn't use libcrypto - * and it doesn't matter if they pick "impossible" or derefernce real + * and it doesn't matter if they pick "impossible" or dereference real * key value and pull NULL past initialization in the first thread that * intends to use libcrypto. */ diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 8d9f933df3..ed66f5af5c 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -19,14 +19,14 @@ /* * A hashing implementation that appears to be based on the linear hashing - * alogrithm: + * algorithm: * https://en.wikipedia.org/wiki/Linear_hashing * * Litwin, Witold (1980), "Linear hashing: A new tool for file and table * addressing", Proc. 6th Conference on Very Large Databases: 212-223 - * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf + * https://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf * - * From the wikipedia article "Linear hashing is used in the BDB Berkeley + * From the Wikipedia article "Linear hashing is used in the BDB Berkeley * database system, which in turn is used by many software systems such as * OpenLDAP, using a C implementation derived from the CACM article and first * published on the Usenet in 1988 by Esmond Pitt." diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index df1e260261..7d0c8027fd 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -318,7 +318,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, /* * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy * and nonce in 1 call by increasing the entropy with 50% and increasing - * the minimum length to accomadate the length of the nonce. + * the minimum length to accommodate the length of the nonce. * We do this in case a nonce is require and get_nonce is NULL. */ if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) { diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 48da2b9539..23bb2e68b1 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -367,7 +367,7 @@ void rand_cleanup_int(void) } /* - * RAND_close_seed_files() ensures that any seed file decriptors are + * RAND_close_seed_files() ensures that any seed file descriptors are * closed after use. */ void RAND_keep_random_devices_open(int keep) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 4997a632f2..2b81808860 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -250,7 +250,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, * * This strategy has the following goals: * - * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key + * 1. 1024-bit factors are efficient when using 3072 and 4096-bit key * 2. stay the same logic with normal 2-prime key */ bitse -= bitsr[i]; diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl index 4432bda65a..b4f92002f1 100644 --- a/crypto/sha/asm/sha512-sparcv9.pl +++ b/crypto/sha/asm/sha512-sparcv9.pl @@ -27,7 +27,7 @@ # over 2x than 32-bit code. X[16] resides on stack, but access to it # is scheduled for L2 latency and staged through 32 least significant # bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI -# duality. Nevetheless it's ~40% faster than SHA256, which is pretty +# duality. Nevertheless it's ~40% faster than SHA256, which is pretty # good [optimal coefficient is 50%]. # # SHA512 on UltraSPARC T1. diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 0f9c14cb5f..de33607761 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -313,12 +313,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, /* * B1: verify whether r' in [1,n-1], verification failed if not - * B2: vefify whether s' in [1,n-1], verification failed if not + * B2: verify whether s' in [1,n-1], verification failed if not * B3: set M'~=ZA || M' * B4: calculate e'=Hv(M'~) * B5: calculate t = (r' + s') modn, verification failed if t=0 * B6: calculate the point (x1', y1')=[s']G + [t]PA - * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed + * B7: calculate R=(e'+x1') modn, verification pass if yes, otherwise failed */ ECDSA_SIG_get0(sig, &r, &s); diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 1ebbe9fe7a..41e25457e5 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -172,7 +172,7 @@ typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, typedef int (*file_eof_fn)(void *handler_ctx); /* * The destroy_ctx function is used to destroy the handler_ctx that was - * intiated by a repeatable try_decode fuction. This is only used when + * initiated by a repeatable try_decode function. This is only used when * the handler is marked repeatable. */ typedef void (*file_destroy_ctx_fn)(void **handler_ctx); @@ -470,7 +470,7 @@ static FILE_HANDLER PrivateKey_handler = { }; /* - * Public key decoder. Only supports SubjectPublicKeyInfo formated keys. + * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys. */ static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, const char *pem_header, diff --git a/demos/bio/descrip.mms b/demos/bio/descrip.mms index d49725ffd1..44ca2febc6 100644 --- a/demos/bio/descrip.mms +++ b/demos/bio/descrip.mms @@ -37,7 +37,7 @@ server-arg.exe : server-arg.obj server-cmod.exe : server-cmod.obj server-conf.exe : server-conf.obj -# Stoopid MMS doesn't infer this automatically... +# MMS doesn't infer this automatically... client-arg.obj : client-arg.c client-conf.obj : client-conf.c saccept.obj : saccept.c diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c index 46d9a5639b..4c10632984 100644 --- a/demos/evp/aesgcm.c +++ b/demos/evp/aesgcm.c @@ -84,7 +84,7 @@ void aes_gcm_decrypt(void) EVP_CIPHER_CTX *ctx; int outlen, tmplen, rv; unsigned char outbuf[1024]; - printf("AES GCM Derypt:\n"); + printf("AES GCM Decrypt:\n"); printf("Ciphertext:\n"); BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct)); ctx = EVP_CIPHER_CTX_new(); diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod index 5dcf72e201..a1d4a3b5d1 100644 --- a/doc/man3/ADMISSIONS.pod +++ b/doc/man3/ADMISSIONS.pod @@ -130,7 +130,7 @@ ADMISSION_SYNTAX_set0_contentsOfAdmissions() functions free any existing value and set the pointer to the specified value. The B type has an authority name, authority object, and a -stack of B items. +stack of B items. The ADMISSIONS_get0_admissionAuthority(), ADMISSIONS_get0_namingAuthority(), and ADMISSIONS_get0_professionInfos() functions return pointers to those values within the object. diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod index 9c62955e0f..6517177d4b 100644 --- a/doc/man3/BIO_s_mem.pod +++ b/doc/man3/BIO_s_mem.pod @@ -109,7 +109,7 @@ Calling BIO_reset() on a read write memory BIO with BIO_FLAGS_NONCLEAR_RST flag set can have unexpected outcome when the reads and writes to the BIO are intertwined. As documented above the BIO will be reset to the state after the last completed write operation. The effects of reads -preceeding that write operation cannot be undone. +preceding that write operation cannot be undone. Calling BIO_get_mem_ptr() prior to a BIO_reset() call with BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation. diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 4f3b03e7de..096e1823fc 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -35,7 +35,7 @@ EVP_MD_CTX is freed). The digest B may be NULL if the signing algorithm supports it. -No B will be created by EVP_DigsetSignInit() if the passed B +No B will be created by EVP_DigestSignInit() if the passed B has already been assigned one via L. See also L. Only EVP_PKEY types that support signing can be used with these functions. This diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 02d6632ce5..05b99bb913 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -32,7 +32,7 @@ being passed to EVP_DigestVerifyInit() (which means the EVP_PKEY_CTX is created inside EVP_DigestVerifyInit() and it will be freed automatically when the EVP_MD_CTX is freed). -No B will be created by EVP_DigsetSignInit() if the passed B +No B will be created by EVP_DigestSignInit() if the passed B has already been assigned one via L. See also L. EVP_DigestVerifyUpdate() hashes B bytes of data at B into the diff --git a/doc/man3/EVP_md5.pod b/doc/man3/EVP_md5.pod index 725fcbf5e2..f042b412f2 100644 --- a/doc/man3/EVP_md5.pod +++ b/doc/man3/EVP_md5.pod @@ -29,7 +29,7 @@ The MD5 algorithm which produces a 128-bit output from a given input. =item EVP_md5_sha1() -A hash algorithm of SSL v3 that combines MD5 with SHA-1 as decirbed in RFC +A hash algorithm of SSL v3 that combines MD5 with SHA-1 as described in RFC 6101. WARNING: this algorithm is not intended for non-SSL usage. diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 1503754114..c886142eed 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -95,7 +95,7 @@ manner possible according to the scheme the loader implements, it also takes a B and associated data, to be used any time something needs to be prompted for. Furthermore, this function is expected to initialize what needs to be -initialized, to create a privata data store (B, see +initialized, to create a private data store (B, see above), and to return it. If something goes wrong, this function is expected to return NULL. diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod index 154472a76b..0b336a3d5a 100644 --- a/doc/man3/OSSL_STORE_expect.pod +++ b/doc/man3/OSSL_STORE_expect.pod @@ -32,7 +32,7 @@ grained search of objects. OSSL_STORE_supports_search() checks if the loader of the given OSSL_STORE context supports the given search type. -See L for information on the +See L for information on the supported search criterion types. OSSL_STORE_expect() and OSSL_STORE_find I be called before the first diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod index 3da051e696..55e9a8b7af 100644 --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -114,7 +114,7 @@ In other words, prediction resistance is currently not supported yet by the DRBG The derivation function is disabled during initialization by calling the RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. For more information on the derivation function and when it can be omitted, -see [NIST SP 800-90A Rev. 1]. Roughly speeking it can be omitted if the random +see [NIST SP 800-90A Rev. 1]. Roughly speaking it can be omitted if the random source has "full entropy", i.e., contains 8 bits of entropy per byte. Even if a nonce is required, the B() and B() diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod index 59c6b4bdc9..78dd428b5d 100644 --- a/doc/man3/SSL_CTX_set_cipher_list.pod +++ b/doc/man3/SSL_CTX_set_cipher_list.pod @@ -31,7 +31,7 @@ B. SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for B. This is a simple colon (":") separated list of TLSv1.3 -ciphersuite names in order of perference. Valid TLSv1.3 ciphersuite names are: +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: =over 4 diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index 989c997882..c4d285371e 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -6,7 +6,7 @@ SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected -- get and set SNI and ALPN data ssociated with a session +- get and set SNI and ALPN data associated with a session =head1 SYNOPSIS diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h index 8a25d04d2d..8f8aa6e1c4 100644 --- a/include/internal/thread_once.h +++ b/include/internal/thread_once.h @@ -72,7 +72,7 @@ * function defined via DEFINE_ONCE_STATIC where both functions use the same * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function * is used only one of the primary or the alternative initialiser function will - * ever be called - and that function will be called exactly once. Definitition + * ever be called - and that function will be called exactly once. Definition * of an alternative initialiser function MUST occur AFTER the definition of the * primary initialiser function. * diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h index d41ebb341a..cc30162eb7 100644 --- a/include/internal/tsan_assist.h +++ b/include/internal/tsan_assist.h @@ -18,7 +18,7 @@ * if (var == NOT_YET_INITIALIZED) * var = function_returning_same_value(); * - * This does work provided that loads and stores are single-instuction + * This does work provided that loads and stores are single-instruction * operations (and integer ones are on *all* supported platforms), but * it upsets Thread Sanitizer. Suggested solution is * diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c index 1df630f2da..a9a898a246 100644 --- a/test/asn1_time_test.c +++ b/test/asn1_time_test.c @@ -24,8 +24,8 @@ struct testdata { int expected_type; /* expected type after set/set_string_gmt */ int check_result; /* check result */ time_t t; /* expected time_t*/ - int cmp_result; /* compariston to baseline result */ - int convert_result; /* convertion result */ + int cmp_result; /* comparison to baseline result */ + int convert_result; /* conversion result */ }; static struct testdata tbl_testdata_pos[] = { diff --git a/test/drbgtest.c b/test/drbgtest.c index 0782a7c045..76d9e93955 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -293,7 +293,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) * Personalisation string tests */ - /* Test detection of too large personlisation string */ + /* Test detection of too large personalisation string */ if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0) goto err; diff --git a/test/dtlstest.c b/test/dtlstest.c index 9e6ed44382..ab4d4c15c0 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -96,7 +96,7 @@ static int test_dtls_unprocessed(int testidx) /* * Create the connection. We use "create_bare_ssl_connection" here so that - * we can force the connection to not do "SSL_read" once partly conencted. + * we can force the connection to not do "SSL_read" once partly connected. * We don't want to accidentally read the dummy records we injected because * they will fail to decrypt. */ diff --git a/test/ssltestlib.c b/test/ssltestlib.c index e1038620ac..456afdf471 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -920,7 +920,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) /* * We attempt to read some data on the client side which we expect to fail. * This will ensure we have received the NewSessionTicket in TLSv1.3 where - * appropriate. We do this twice because there are 2 NewSesionTickets. + * appropriate. We do this twice because there are 2 NewSessionTickets. */ for (i = 0; i < 2; i++) { if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index f04ee142a1..9368b1cdc5 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -27,7 +27,7 @@ #define KEYLEN 16 /* - * Based on the test vectors availble in: + * Based on the test vectors available in: * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06 */ diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 43c43447de..4eaea099d6 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -165,13 +165,13 @@ C takes some additional options OPTS that affect the subdirectory: =item B 0|1> -When set to 1 (or any value that perl preceives as true), the subdirectory +When set to 1 (or any value that perl perceives as true), the subdirectory will be created if it doesn't already exist. This happens before BLOCK is executed. =item B 0|1> -When set to 1 (or any value that perl preceives as true), the subdirectory +When set to 1 (or any value that perl perceives as true), the subdirectory will be cleaned out and removed. This happens both before and after BLOCK is executed. From builds at travis-ci.org Wed Jul 31 18:09:27 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 31 Jul 2019 18:09:27 +0000 Subject: Still Failing: openssl/openssl#27024 (OpenSSL_1_1_1-stable - a5c83db) In-Reply-To: Message-ID: <5d41d9574d45e_43fc4b32d78fc31893c@f927ebe1-865a-4553-8501-745190d9997c.mail> Build Update for openssl/openssl ------------------------------------- Build: #27024 Status: Still Failing Duration: 17 mins and 13 secs Commit: a5c83db (OpenSSL_1_1_1-stable) Author: Antoine C?ur Message: Fix Typos CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9295) View the changeset: https://github.com/openssl/openssl/compare/ca33a43fe21a...a5c83db4ae3b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/566097031?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 31 20:45:23 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 31 Jul 2019 20:45:23 +0000 Subject: Build failed: openssl master.26450 Message-ID: <20190731204523.1.17A71DBD313BD726@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 31 22:11:06 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 31 Jul 2019 22:11:06 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings Message-ID: <1564611066.317215.26246.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings Commit log since last time: 0c789f59f1 Fix warning C4164 in MSVC. 7408f6759f make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA a672a02a64 Add gcm ciphers (aes and aria) to providers. f5b7f99e69 Temporary workaround for ectest.c for [extended tests] 189dbdd994 ERR: fix err_data_size inconsistencies faa9dcd4d4 Rename X509_STORE ptr stored in opaque struct X509_STORE_CTX e870791a4d Add evp_util macros 8c00f267b8 CAdES : lowercase name for now internal methods. CAdES : rework CAdES signing API. Make it private, as it is unused outside library bounds. Fix varous doc-nits. faea3bd133 Document recent changes in NEWS and CHANGES 02c163ea89 Check for NULL return from zalloc in dh_dupctx. c361297046 Avoid using ERR_put_error() directly in OpenSSL code 036913b107 Adapt the FIPS provider to use the new core error functions 49c6434673 Refactor provider support for reporting errors add8c8e964 ERR: Remove ERR_put_func_error() and reimplement ERR_put_error() as a macro ed57f7f935 ERR: Implement the macros ERR_raise() and ERR_raise_data() and use them 7c0e20dc6f ERR: Add new building blocks for reporting errors 8a4dc425cc ERR: refactor useful inner macros to err_locl.h. Add function name field e039ca38c8 Move some macros from include/openssl/opensslconf.h.in, add OPENSSL_FUNC Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=174, Tests=1659, 287 wallclock secs ( 2.92 usr 0.45 sys + 267.34 cusr 23.84 csys = 294.55 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2