From levitte at openssl.org Sun Aug 1 02:58:21 2021 From: levitte at openssl.org (Richard Levitte) Date: Sun, 01 Aug 2021 02:58:21 +0000 Subject: [web] master update Message-ID: <1627786701.725962.22896.nullmailer@dev.openssl.org> The branch master has been updated via e2ba17260f0cc0a1fd1b0c20bf5238a4795076df (commit) from ac35d06e77a972cafbebc4ec233d3fd9525206e6 (commit) - Log ----------------------------------------------------------------- commit e2ba17260f0cc0a1fd1b0c20bf5238a4795076df Author: Richard Levitte Date: Fri Jul 30 12:28:54 2021 +0200 Force the production of .inc files that are produced from the personel DB We have the option to also make this depend on that database, but the diverse scripts need to be adapted to make use of that instead of querying the data through our REST API. That's another piece of work. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/252) ----------------------------------------------------------------------- Summary of changes: Makefile | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 9eedcec..27d99ae 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,14 @@ SNAP = $(CHECKOUTS)/openssl ## Where releases are found. RELEASEDIR = /var/www/openssl/source +## The OMC repository checkout can be used for dependencies. +## By default, we don't assume it, as not everyone has access to it. +## If you have it, do 'make PERSONDB=PATH/TO/omc/persondb.yaml' where +## PATH/TO/omc is the checked out OMC repository. +## We let it be FORCE by default... This forces the production of files +## that depend on this database, instead of just conditionally. +PERSONDB=FORCE + ###################################################################### ## ## Release series. These represent our release branches, and are @@ -186,17 +194,17 @@ sitemap sitemap.txt: @rm -f sitemap.txt ./bin/mk-sitemap master $(SERIES) > sitemap.txt -community/committers.inc: +community/committers.inc: $(PERSONDB) @rm -f $@ wget -q https://api.openssl.org/0/Group/commit/Members ./bin/mk-committers $@ @rm -f Members -community/otc.inc: +community/otc.inc: $(PERSONDB) ./bin/mk-omc -n -t 'OTC Members' otc otc-inactive > $@ -community/omc.inc: +community/omc.inc: $(PERSONDB) ./bin/mk-omc -n -e -l -p -t 'OMC Members' omc omc-inactive > $@ -community/omc-alumni.inc: +community/omc-alumni.inc: $(PERSONDB) ./bin/mk-omc -n -l -t 'OMC Alumni' omc-alumni omc-emeritus > $@ docs/faq.inc: $(wildcard docs/faq-[0-9]-*.txt) bin/mk-faq @@ -332,4 +340,4 @@ source/old/index.html: source/old/index.html.tt bin/from-tt # than the tarballs that are moved into their respective directory, # we must declare them phony, or they will not be regenerated when # they should. -.PHONY : $(SRCLISTS) +.PHONY : $(SRCLISTS) FORCE From scan-admin at coverity.com Sun Aug 1 07:49:19 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 01 Aug 2021 07:49:19 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <610651fea7dc0_5ca942b0f794759b0528c2@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D5XiK_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFoHEbYVhJ5dlavN4W2xDJAgInxLRNdEE7ok7sb75XSPDo6eKz0nwUvLtdCJu8SvNsE9D0chHBXSUvl3agq1vphV1O0YSsJ0gBhol-2Fl0yARItK8hooW3IZUdduj3BdwuUD6uvuvV6HxbvjVvIWfDHe2kvd2-2FER354kR-2Bk0DBpaPwBEiEocxIojS2QPbDLrQJhg-3D Build ID: 400000 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Aug 1 07:53:21 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 01 Aug 2021 07:53:21 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <610652f0836ea_5cbd62b0f794759b052840@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DaO6M_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH8D-2Fro5B26Lb48rlqyM8qxS4Cw6lGl1jahH6dxQJrKDTi6AE2cOVwMSiD4y9vwILmGlMcF2Wo2B5Ej5Co6uyg7GRESZUiN4IbBI4v1JwPNNSiqjQjYlgGZLhbb6-2Bb1D0PBbBFQx-2F5zAYIxMoTAmUkCOZ60w1x3Gcadf4vNp2aPWWdDpsHpf0UNG3PsXphsLu4-3D Build ID: 400001 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 2 07:49:14 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 02 Aug 2021 07:49:14 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6107a37a38db3_797242b0c670c19a09952c@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DE2aP_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHn8RUfZO72g5qfUD06jQ4VPyczQcaKGcKfTddTLH3d9oa-2B-2FiW0cIuXHAb9anDpqGFQAfZasCjD6WwOyI6ZhDAuzv29-2F10T7y4B-2FUb3I46lvpMvnndmUM-2BXjaci0a2tcEYJ9C1CZ7dTRehJtXW-2BMd8atrY1i3yAYQaorNoLdKN8kNVpOMNI5IUqVIMaAfZgpPQ-3D Build ID: 400183 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 2 07:52:56 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 02 Aug 2021 07:52:56 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6107a457c2e39_798502b0c670c19a0995ed@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D5SSr_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE9YtfjlkkhVEu6ZgKKOu1uM6oBNNNvdrK1xi8-2BH1k09Hn6jnJeRKudPz4ZN4WwgrtNf6pQK9rRpmGwYJgdFzoLmnKhOcn9Z-2FRMkL1DymFtKTa5V7GpJfF1v-2B0gwdtB059vXN9y1mk5XxVFLRm7KI1rBYRAP5DfTpVT5T53FvstaSFIvfZiStWRwAukodjrdTs-3D Build ID: 400184 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Mon Aug 2 09:21:47 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Mon, 02 Aug 2021 09:21:47 +0000 Subject: [openssl] master update Message-ID: <1627896107.209367.15784.nullmailer@dev.openssl.org> The branch master has been updated via ab98861e919b8f8f7fee3f2d44ef3b4b05908a25 (commit) from 2625807aff370830b55c0fb71b63357e8523733e (commit) - Log ----------------------------------------------------------------- commit ab98861e919b8f8f7fee3f2d44ef3b4b05908a25 Author: Tanzinul Islam Date: Sat Jul 31 18:28:34 2021 +0100 Redefine getpid() -> _getpid() only for MSVC This was introduced in 814b5133e for MSVC. C++Builder doesn't need it. Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16192) ----------------------------------------------------------------------- Summary of changes: apps/lib/s_socket.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 6884fd86cd..dbeebb54c5 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -27,12 +27,12 @@ typedef unsigned int u_int; #endif #ifdef _WIN32 -/* - * With MSVC, certain POSIX functions have been renamed to have an underscore - * prefix. - */ # include -# define getpid _getpid + +/* MSVC renamed some POSIX functions to have an underscore prefix. */ +# ifdef _MSC_VER +# define getpid _getpid +# endif #endif #ifndef OPENSSL_NO_SOCK From scan-admin at coverity.com Tue Aug 3 07:49:40 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 03 Aug 2021 07:49:40 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6108f51445f04_9789a2b2485f5f9b882787@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DWYzL_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHhVchbitCYNcNPYSe5fjdmz0WTe93XfeVqa-2FypZNRGrzhZbf9OlX0YXHPWBByEL-2FR0WJXyjYvgtb63cS3Jkf-2BzIIACLHDU7kl3hzRSBvypVnw8006vWP9a4MR-2Fe-2BeGeogqou10VbpURnN-2BUUgbIvDvgcGG5CkmMSS7mFtLP58ZQivR0Iaq7M1r-2BZzu9pKUomI-3D Build ID: 400366 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Tue Aug 3 07:53:27 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 03 Aug 2021 07:53:27 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6108f5f6d6a88_979ca2b2485f5f9b88277e@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DFy4E_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGhlviRdg2vARl0RkzxZibJoYI1gsPmCzwGsjTMmRJ9-2Fwc4JRgVsmtN-2BE8e9BC4kmZg7auxpgwuQrTP4thUeHqO738u65kkWZXWphql4ao25B3DACIe9evjonSmX6ayWmRlUR9vtFiJ1W1C-2BMYvKyiVlGS1MiBKVRrtucm-2BMOt4VAvLVmGOlbUyyndaAZ50Dpg-3D Build ID: 400367 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Tue Aug 3 20:07:27 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Tue, 03 Aug 2021 20:07:27 +0000 Subject: [openssl] master update Message-ID: <1628021247.698920.17675.nullmailer@dev.openssl.org> The branch master has been updated via 6b38d7dc1bccc708279ca5091ebc28cd4bdf225d (commit) from ab98861e919b8f8f7fee3f2d44ef3b4b05908a25 (commit) - Log ----------------------------------------------------------------- commit 6b38d7dc1bccc708279ca5091ebc28cd4bdf225d Author: Dmitry Belyavskiy Date: Mon Aug 2 17:00:51 2021 +0200 If we have passed the private key, don't copy it implicitly Fixes #16197 Reviewed-by: David von Oheimb Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16199) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 2 +- doc/man1/openssl-req.pod.in | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/apps/req.c b/apps/req.c index eb286f8a8e..5524092f2c 100644 --- a/apps/req.c +++ b/apps/req.c @@ -686,7 +686,7 @@ int req_main(int argc, char **argv) EVP_PKEY_CTX_free(genctx); genctx = NULL; } - if (keyout == NULL) { + if (keyout == NULL && keyfile == NULL) { keyout = NCONF_get_string(req_conf, section, KEYFILE); if (keyout == NULL) ERR_clear_error(); diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 7897610818..75d0da1743 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -205,11 +205,12 @@ See L for details. =item B<-keyout> I This gives the filename to write any private key to that has been newly created -or read from B<-key>. -If the B<-keyout> option is not given the filename specified in the -configuration file with the B option is used, if present. -If a new key is generated and no filename is specified -the key is written to standard output. +or read from B<-key>. If neither the B<-keyout> option nor the B<-key> option +are given then the filename specified in the configuration file with the +B option is used, if present. Thus, if you want to write the +private key and the B<-key> option is provided, you should provide the +B<-keyout> option explicitly. If a new key is generated and no filename is +specified the key is written to standard output. =item B<-noenc> From pauli at openssl.org Tue Aug 3 22:18:10 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 03 Aug 2021 22:18:10 +0000 Subject: [openssl] master update Message-ID: <1628029090.365957.8892.nullmailer@dev.openssl.org> The branch master has been updated via 92c03668c0cd77434006b613e3429888a0a8ecfe (commit) from 6b38d7dc1bccc708279ca5091ebc28cd4bdf225d (commit) - Log ----------------------------------------------------------------- commit 92c03668c0cd77434006b613e3429888a0a8ecfe Author: Pauli Date: Thu Jul 29 09:55:09 2021 +1000 Add config_diagnostics to our configuration files. The change to a more configuration based approach to enable FIPS mode operation highlights a shortcoming in the default should do something approach we've taken for bad configuration files. Currently, a bad configuration file will be automatically loaded and once the badness is detected, it will silently stop processing the configuration and continue normal operations. This is good for remote servers, allowing changes to be made without bricking things. It's bad when a user thinks they've configured what they want but got something wrong and it still appears to work. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16171) ----------------------------------------------------------------------- Summary of changes: apps/openssl-vms.cnf | 3 +-- apps/openssl.cnf | 3 +-- demos/bio/accept.cnf | 6 ++++++ demos/bio/cmod.cnf | 3 +++ demos/bio/connect.cnf | 6 ++++++ demos/certs/apps/apps.cnf | 4 ++++ demos/certs/ca.cnf | 3 +++ test/CAtsa.cnf | 3 +++ test/ca-and-certs.cnf | 3 +++ test/ct/log_list.cnf | 3 +++ test/default-and-fips.cnf | 3 +++ test/default-and-legacy.cnf | 3 +++ test/default.cnf | 3 +++ test/fips-and-base.cnf | 3 +++ test/fips.cnf | 3 +++ test/legacy.cnf | 3 +++ test/provider_internal_test.cnf.in | 3 +++ test/proxy.cnf | 3 +++ test/smime-certs/ca.cnf | 3 +++ test/sysdefault.cnf | 3 +++ 20 files changed, 63 insertions(+), 4 deletions(-) diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index f18e63c351..4d96a1f32d 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -16,8 +16,7 @@ HOME = . # Use this in order to automatically load providers. openssl_conf = openssl_init -# Comment this out if you deliberately want to ignore -# configuration errors +# Comment out the next line to ignore configuration errors config_diagnostics = 1 # Extra OBJECT IDENTIFIER info: diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 97567a67be..ffb424a871 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -16,8 +16,7 @@ HOME = . # Use this in order to automatically load providers. openssl_conf = openssl_init -# Comment this out if you deliberately want to ignore -# configuration errors +# Comment out the next line to ignore configuration errors config_diagnostics = 1 # Extra OBJECT IDENTIFIER info: diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf index cb0cefba75..ce36678ee9 100644 --- a/demos/bio/accept.cnf +++ b/demos/bio/accept.cnf @@ -1,10 +1,16 @@ # Example configuration file + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # Port to listen on Port = 4433 + # Disable TLS v1.2 for test. # Protocol = ALL, -TLSv1.2 # Only support 3 curves Curves = P-521:P-384:P-256 + # Restricted signature algorithms SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 Certificate=server.pem diff --git a/demos/bio/cmod.cnf b/demos/bio/cmod.cnf index 39ac54edd9..df514dba79 100644 --- a/demos/bio/cmod.cnf +++ b/demos/bio/cmod.cnf @@ -4,6 +4,9 @@ # and section containing configuration testapp = test_sect +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [test_sect] # list of configuration modules diff --git a/demos/bio/connect.cnf b/demos/bio/connect.cnf index ab764403a4..0049a77b2d 100644 --- a/demos/bio/connect.cnf +++ b/demos/bio/connect.cnf @@ -1,9 +1,15 @@ # Example configuration file + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # Connects to the default port of s_server Connect = localhost:4433 + # Disable TLS v1.2 for test. # Protocol = ALL, -TLSv1.2 # Only support 3 curves Curves = P-521:P-384:P-256 + # Restricted signature algorithms SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 diff --git a/demos/certs/apps/apps.cnf b/demos/certs/apps/apps.cnf index 07a3d10b55..72ed70de75 100644 --- a/demos/certs/apps/apps.cnf +++ b/demos/certs/apps/apps.cnf @@ -7,6 +7,10 @@ HOME = . CN = "Not Defined" +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + + #################################################################### [ req ] default_bits = 2048 diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf index 2fbf20490b..e0c73c4eef 100644 --- a/demos/certs/ca.cnf +++ b/demos/certs/ca.cnf @@ -8,6 +8,9 @@ HOME = . CN = "Not Defined" default_ca = ca +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + #################################################################### [ req ] default_bits = 1024 diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf index e232e7023e..50f68cbc19 100644 --- a/test/CAtsa.cnf +++ b/test/CAtsa.cnf @@ -3,6 +3,9 @@ # This config is used by the Time Stamp Authority tests. # +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # Extra OBJECT IDENTIFIER info: oid_section = new_oids diff --git a/test/ca-and-certs.cnf b/test/ca-and-certs.cnf index f6663924ae..463b49954c 100644 --- a/test/ca-and-certs.cnf +++ b/test/ca-and-certs.cnf @@ -1,4 +1,7 @@ +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + CN2 = Brother 2 #################################################################### diff --git a/test/ct/log_list.cnf b/test/ct/log_list.cnf index 4b68e53558..b723b8c9f6 100644 --- a/test/ct/log_list.cnf +++ b/test/ct/log_list.cnf @@ -1,5 +1,8 @@ enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [test] description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== diff --git a/test/default-and-fips.cnf b/test/default-and-fips.cnf index 7a4d765591..2ca6487fd2 100644 --- a/test/default-and-fips.cnf +++ b/test/default-and-fips.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + .include fipsmodule.cnf [openssl_init] diff --git a/test/default-and-legacy.cnf b/test/default-and-legacy.cnf index adfa225f64..4e288a45ea 100644 --- a/test/default-and-legacy.cnf +++ b/test/default-and-legacy.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [openssl_init] providers = provider_sect diff --git a/test/default.cnf b/test/default.cnf index 12da8cb5bd..f29d0e92ba 100644 --- a/test/default.cnf +++ b/test/default.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [openssl_init] providers = provider_sect diff --git a/test/fips-and-base.cnf b/test/fips-and-base.cnf index 0caf2b88a4..494e96a87e 100644 --- a/test/fips-and-base.cnf +++ b/test/fips-and-base.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + .include fipsmodule.cnf [openssl_init] diff --git a/test/fips.cnf b/test/fips.cnf index fa131a8bf6..74349c80ae 100644 --- a/test/fips.cnf +++ b/test/fips.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + .include fipsmodule.cnf [openssl_init] diff --git a/test/legacy.cnf b/test/legacy.cnf index 60b09a1e34..ffbcbd16ba 100644 --- a/test/legacy.cnf +++ b/test/legacy.cnf @@ -1,5 +1,8 @@ openssl_conf = openssl_init +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [openssl_init] providers = provider_sect diff --git a/test/provider_internal_test.cnf.in b/test/provider_internal_test.cnf.in index 12c292437e..16c555c844 100644 --- a/test/provider_internal_test.cnf.in +++ b/test/provider_internal_test.cnf.in @@ -1,3 +1,6 @@ +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + {- use platform -} openssl_conf = openssl_init diff --git a/test/proxy.cnf b/test/proxy.cnf index ceac227c04..cfb862cbda 100644 --- a/test/proxy.cnf +++ b/test/proxy.cnf @@ -1,6 +1,9 @@ ## Config file for proxy certificate testing. +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [ req ] distinguished_name = req_distinguished_name_p1 encrypt_rsa_key = no diff --git a/test/smime-certs/ca.cnf b/test/smime-certs/ca.cnf index 00d40e7479..31bddea1fa 100644 --- a/test/smime-certs/ca.cnf +++ b/test/smime-certs/ca.cnf @@ -2,6 +2,9 @@ # OpenSSL example configuration file for automated certificate creation. # +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + # This definition stops the following lines choking if HOME or CN # is undefined. HOME = . diff --git a/test/sysdefault.cnf b/test/sysdefault.cnf index 5473d837c1..0094831608 100644 --- a/test/sysdefault.cnf +++ b/test/sysdefault.cnf @@ -1,5 +1,8 @@ # Configuration file to test system default SSL configuration +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + openssl_conf = default_conf [ default_conf ] From pauli at openssl.org Wed Aug 4 05:02:57 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 04 Aug 2021 05:02:57 +0000 Subject: [openssl] master update Message-ID: <1628053377.626054.17360.nullmailer@dev.openssl.org> The branch master has been updated via da496bc159361b0bc22df2432fb07b1cd7491ac2 (commit) via 2fc02378ffcd9a266077eeea224890c534b7aaef (commit) from 92c03668c0cd77434006b613e3429888a0a8ecfe (commit) - Log ----------------------------------------------------------------- commit da496bc159361b0bc22df2432fb07b1cd7491ac2 Author: Beat Bolli Date: Fri Jul 30 18:40:27 2021 +0200 doc: replace markdown backticks with perlpod syntax Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16190) commit 2fc02378ffcd9a266077eeea224890c534b7aaef Author: Beat Bolli Date: Fri Jul 30 18:39:51 2021 +0200 doc: use the documented =item markers The generated lists[1] look weird when using a dash as the list item character. Perlpod documents[2] '*' for unordered lists and '1.' (note the period) for ordered lists. Use these characters instead. [1] e.g. https://www.openssl.org/docs/manmaster/man7/migration_guide.html#New-Algorithms [2] https://perldoc.perl.org/perlpod Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16190) ----------------------------------------------------------------------- Summary of changes: doc/internal/man7/deprecation.pod | 4 +- doc/man1/openssl-ocsp.pod.in | 2 +- doc/man1/openssl-verification-options.pod | 22 +- doc/man3/OSSL_STORE_INFO.pod | 2 +- doc/man7/fips_module.pod | 14 +- doc/man7/migration_guide.pod | 493 +++++++++++++++--------------- doc/man7/passphrase-encoding.pod | 2 +- util/perl/OpenSSL/Template.pm | 4 +- 8 files changed, 273 insertions(+), 270 deletions(-) diff --git a/doc/internal/man7/deprecation.pod b/doc/internal/man7/deprecation.pod index 15e1c7aef1..e0efa75ce4 100644 --- a/doc/internal/man7/deprecation.pod +++ b/doc/internal/man7/deprecation.pod @@ -21,10 +21,10 @@ Removal of a symbol is not the same thing as deprecation, as it actually explicitly removes the symbol from public view. OpenSSL configuration supports deprecation as well as simulating removal of -symbols from public view (with the configuration option `no-deprecated`, or +symbols from public view (with the configuration option C, or if the user chooses to do so, with L), and also supports doing this in terms of a specified OpenSSL version (with the -configuration option `--api`, or if the user chooses to do so, with +configuration option C<--api>, or if the user chooses to do so, with L). Deprecation is done using attribute macros named diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in index 0ef1e1a002..fbad5079af 100644 --- a/doc/man1/openssl-ocsp.pod.in +++ b/doc/man1/openssl-ocsp.pod.in @@ -371,7 +371,7 @@ subject name. Port to listen for OCSP requests on. The port may also be specified using the B option. -A `0` argument indicates that any available port shall be chosen automatically. +A C<0> argument indicates that any available port shall be chosen automatically. =item B<-ignore_err> diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index c634ccae15..70daa986b8 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -274,50 +274,50 @@ among others, the following certificate well-formedness conditions are checked: =over 4 -=item - +=item * The basicConstraints of CA certificates must be marked critical. -=item - +=item * CA certificates must explicitly include the keyUsage extension. -=item - +=item * If a pathlenConstraint is given the key usage keyCertSign must be allowed. -=item - +=item * The pathlenConstraint must not be given for non-CA certificates. -=item - +=item * The issuer name of any certificate must not be empty. -=item - +=item * The subject name of CA certs, certs with keyUsage crlSign, and certs without subjectAlternativeName must not be empty. -=item - +=item * If a subjectAlternativeName extension is given it must not be empty. -=item - +=item * The signatureAlgorithm field and the cert signature must be consistent. -=item - +=item * Any given authorityKeyIdentifier and any given subjectKeyIdentifier must not be marked critical. -=item - +=item * The authorityKeyIdentifier must be given for X.509v3 certs unless they are self-signed. -=item - +=item * The subjectKeyIdentifier must be given for all X.509v3 CA certs. diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index 299249ceb1..39bb93fbf5 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -108,7 +108,7 @@ OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() create a B object to hold the given input object. On success the input object is consumed. -Additionally, for B` objects, +Additionally, for B objects, OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra description. This description is meant to be human readable and should be used for diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod index b47ed279f6..e374651fa5 100644 --- a/doc/man7/fips_module.pod +++ b/doc/man7/fips_module.pod @@ -22,15 +22,15 @@ legacy APIs or features that avoid the FIPS module. Specifically this includes: =over 4 -=item - +=item * Low level cryptographic APIs (use the high level APIs, such as EVP, instead) -=item - +=item * Engines -=item - +=item * Any functions that create or modify custom "METHODS" (for example EVP_MD_meth_new(), EVP_CIPHER_meth_new(), EVP_PKEY_meth_new(), RSA_meth_new(), @@ -110,21 +110,21 @@ some disadvantages to this approach: =over 4 -=item - +=item * You may not want all applications to use the FIPS module. It may be the case that some applications should and some should not use the FIPS module. -=item - +=item * If applications take explicit steps to not load the default config file or set different settings. This method will not work for these cases. -=item - +=item * The algorithms available in the FIPS module are a subset of the algorithms that are available in the default OpenSSL Provider. @@ -132,7 +132,7 @@ that are available in the default OpenSSL Provider. If any applications attempt to use any algorithms that are not present, then they will fail. -=item - +=item * Usage of certain deprecated APIs avoids the use of the FIPS module. diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 8cc9bd5fc8..462ef9f122 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -184,31 +184,31 @@ the B option. =over 4 -=item - +=item * KDF algorithms "SINGLE STEP" and "SSH" See L and L -=item - +=item * MAC Algorithms "GMAC" and "KMAC" See L and L. -=item - +=item * KEM Algorithm "RSASVE" See L. -=item - +=item * Cipher Algorithm "AES-SIV" See L. -=item - +=item * AES Key Wrap inverse ciphers supported by EVP layer. @@ -217,7 +217,9 @@ unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV". -=item AES CTS cipher added to EVP layer. +=item * + +AES CTS cipher added to EVP layer. The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". CS1, CS2 and CS3 variants are supported. @@ -228,15 +230,15 @@ CS1, CS2 and CS3 variants are supported. =over 4 -=item - +=item * Added CAdES-BES signature verification support. -=item - +=item * Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API. -=item - +=item * Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM @@ -244,7 +246,7 @@ This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax. Its purpose is to support encryption and decryption of a digital envelope that is both authenticated and encrypted using AES GCM mode. -=item - +=item * L and L were made public. @@ -367,8 +369,8 @@ curve ones. Validation of SM2 keys has been separated from the validation of regular EC keys, allowing to improve the SM2 validation process to reject loaded private keys that are not conforming to the SM2 ISO standard. -In particular, a private scalar `k` outside the range `1 <= k < n-1` is now -correctly rejected. +In particular, a private scalar I outside the range I<< 1 <= k < n-1 >> is +now correctly rejected. =head4 EVP_PKEY_set_alias_type() method has been removed @@ -453,15 +455,15 @@ application. If this happens you have 3 options: =over 4 -=item 1) +=item 1. Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL. -=item 2) +=item 2. Suppress the warnings. Refer to your compiler documentation on how to do this. -=item 3) +=item 3. Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead @@ -475,7 +477,7 @@ L, the main things to be aware of are: =over 4 -=item 1) +=item 1. The build and installation procedure has changed significantly. @@ -483,7 +485,7 @@ Check the file INSTALL.md in the top of the installation for instructions on how to build and install OpenSSL for your platform. Also read the various NOTES files in the same directory, as applicable for your platform. -=item 2) +=item 2. Many structures have been made opaque in OpenSSL 3.0. @@ -501,7 +503,8 @@ For example code that previously looked like this: /* This line will now generate compiler errors */ EVP_MD_CTX_init(&md_ctx); - The code needs to be amended to look like this: +The code needs to be amended to look like this: + EVP_MD_CTX *md_ctx; md_ctx = EVP_MD_CTX_new(); @@ -509,7 +512,7 @@ For example code that previously looked like this: ... EVP_MD_CTX_free(md_ctx); -=item 3) +=item 3. Support for TLSv1.3 has been added. @@ -582,119 +585,119 @@ mappings are listed along with the respective name. =over 4 -=item - +=item * L, L, L, L, L and L -=item - +=item * L -=item - +=item * b2i_RSA_PVK_bio() and i2b_PVK_bio() -=item - +=item * L and L -=item - +=item * L, L, L, L, L, L, L, L and L -=item - +=item * L -=item - +=item * L, L and L -=item - +=item * L -=item - +=item * L, L and L -=item - +=item * L and L Use L and L -=item - +=item * L Use L or L. -=item - +=item * L and L -=item - +=item * L, L and L -=item - +=item * L -=item - +=item * L -=item - +=item * L Use L -=item - +=item * L, L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L -=item - +=item * L, L, L, L and L -=item - +=item * L, L, L and L -=item - +=item * L and L -=item - +=item * L, L, L, L, L, L, L, @@ -702,64 +705,64 @@ L, L, L, L, L, L, L -=item - +=item * L, L, L, L and L -=item - +=item * L, L and L -=item - +=item * L, L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L -=item - +=item * L -=item - +=item * L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L, L, L, L and L @@ -773,126 +776,126 @@ Passing NULL will use the default library context. =over 4 -=item - +=item * L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L, L and L -=item - +=item * L, L, L, L, L and L -=item - +=item * L and L -=item - +=item * L -=item - +=item * L and L -=item - +=item * L, L, L, L and L @@ -1076,7 +1079,7 @@ The following functions have been deprecated in 3.0. =over 4 -=item - +=item * AES_bi_ige_encrypt() and AES_ige_encrypt() @@ -1089,32 +1092,32 @@ AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one is ever used. The security implications are believed to be minimal, but this issue was never fixed for backwards compatibility reasons. -=item - +=item * AES_encrypt(), AES_decrypt(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_cbc_encrypt(), AES_cfb128_encrypt(), AES_cfb1_encrypt(), AES_cfb8_encrypt(), AES_ecb_encrypt(), AES_ofb128_encrypt() -=item - +=item * AES_unwrap_key(), AES_wrap_key() See L -=item - +=item * AES_options() There is no replacement. It returned a string indicating if the AES code was unrolled. -=item - +=item * ASN1_digest(), ASN1_sign(), ASN1_verify() There are no replacements. These old functions are not used, and could be disabled with the macro NO_ASN1_OLD since OpenSSL 0.9.7. -=item - +=item * ASN1_STRING_length_set() @@ -1122,7 +1125,7 @@ Use L or L instead. This was a potentially unsafe function that could change the bounds of a previously passed in pointer. -=item - +=item * BF_encrypt(), BF_decrypt(), BF_set_key(), BF_cbc_encrypt(), BF_cfb64_encrypt(), BF_ecb_encrypt(), BF_ofb64_encrypt() @@ -1130,32 +1133,32 @@ BF_ecb_encrypt(), BF_ofb64_encrypt() See L. The Blowfish algorithm has been moved to the L. -=item - +=item * BF_options() There is no replacement. This option returned a constant string. -=item - +=item * BIO_get_callback(), BIO_set_callback(), BIO_debug_callback() Use the respective non-deprecated _ex() functions. -=item - +=item * BN_is_prime_ex(), BN_is_prime_fasttest_ex() Use L which that avoids possible misuse and always uses at least 64 rounds of the Miller-Rabin primality test. -=item - +=item * BN_pseudo_rand(), BN_pseudo_rand_range() Use L and L. -=item - +=item * BN_X931_derive_prime_ex(), BN_X931_generate_prime_ex(), BN_X931_generate_Xpq() @@ -1163,7 +1166,7 @@ There are no replacements for these low-level functions. They were used internal by RSA_X931_derive_ex() and RSA_X931_generate_key_ex() which are also deprecated. Use L instead. -=item - +=item * Camellia_encrypt(), Camellia_decrypt(), Camellia_set_key(), Camellia_cbc_encrypt(), Camellia_cfb128_encrypt(), Camellia_cfb1_encrypt(), @@ -1172,7 +1175,7 @@ Camellia_ofb128_encrypt() See L. -=item - +=item * CAST_encrypt(), CAST_decrypt(), CAST_set_key(), CAST_cbc_encrypt(), CAST_cfb64_encrypt(), CAST_ecb_encrypt(), CAST_ofb64_encrypt() @@ -1180,20 +1183,20 @@ CAST_cfb64_encrypt(), CAST_ecb_encrypt(), CAST_ofb64_encrypt() See L. The CAST algorithm has been moved to the L. -=item - +=item * CMAC_CTX_new(), CMAC_CTX_cleanup(), CMAC_CTX_copy(), CMAC_CTX_free(), CMAC_CTX_get0_cipher_ctx() See L. -=item - +=item * CMAC_Init(), CMAC_Update(), CMAC_Final(), CMAC_resume() See L. -=item - +=item * CRYPTO_mem_ctrl(), CRYPTO_mem_debug_free(), CRYPTO_mem_debug_malloc(), CRYPTO_mem_debug_pop(), CRYPTO_mem_debug_push(), CRYPTO_mem_debug_realloc(), @@ -1203,7 +1206,7 @@ CRYPTO_set_mem_debug() Memory-leak checking has been deprecated in favor of more modern development tools, such as compiler memory and leak sanitizers or Valgrind. -=item - +=item * d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(), d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(), @@ -1217,7 +1220,7 @@ d2i_RSAPublicKey_bio(), d2i_RSAPublicKey_fp() See L -=item - +=item * DES_crypt(), DES_fcrypt(), DES_encrypt1(), DES_encrypt2(), DES_encrypt3(), DES_decrypt3(), DES_ede3_cbc_encrypt(), DES_ede3_cfb64_encrypt(), @@ -1233,21 +1236,21 @@ See L. Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB", "DES-CFB1" and "DES-CFB8" have been moved to the L. -=item - +=item * DH_bits(), DH_security_bits(), DH_size() Use L, L and L. -=item - +=item * DH_check(), DH_check_ex(), DH_check_params(), DH_check_params_ex(), DH_check_pub_key(), DH_check_pub_key_ex() See L -=item - +=item * DH_clear_flags(), DH_test_flags(), DH_set_flags() @@ -1256,32 +1259,32 @@ The B and B have been deprecated. Use EVP_PKEY_is_a() to determine the type of a key. There is no replacement for setting these flags. -=item - +=item * DH_compute_key() DH_compute_key_padded() See L. -=item - +=item * DH_new(), DH_new_by_nid(), DH_free(), DH_up_ref() See L -=item - +=item * DH_generate_key(), DH_generate_parameters_ex() See L. -=item - +=item * DH_get0_pqg(), DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_key(), DH_get0_priv_key(), DH_get0_pub_key(), DH_get_length(), DH_get_nid() See L -=item - +=item * DH_get_1024_160(), DH_get_2048_224(), DH_get_2048_256() @@ -1289,13 +1292,13 @@ Applications should instead set the B as specified i L) to one of "dh_1024_160", "dh_2048_224" or "dh_2048_256" when generating a DH key. -=item - +=item * DH_KDF_X9_42() Applications should use L instead. -=item - +=item * DH_get_default_method(), DH_get0_engine(), DH_meth_*(), DH_new_method(), DH_OpenSSL(), DH_get_ex_data(), DH_set_default_method(), DH_set_method(), @@ -1303,39 +1306,39 @@ DH_set_ex_data() See L -=item - +=item * DHparams_print(), DHparams_print_fp() See L -=item - +=item * DH_set0_key(), DH_set0_pqg(), DH_set_length() See L -=item - +=item * DSA_bits(), DSA_security_bits(), DSA_size() Use L, L and L. -=item - +=item * DHparams_dup(), DSA_dup_DH() There is no direct replacement. Applications may use L and L instead. -=item - +=item * DSA_generate_key(), DSA_generate_parameters_ex() See L. -=item - +=item * DSA_get0_engine(), DSA_get_default_method(), DSA_get_ex_data(), DSA_get_method(), DSA_meth_*(), DSA_new_method(), DSA_OpenSSL(), @@ -1343,57 +1346,57 @@ DSA_set_default_method(), DSA_set_ex_data(), DSA_set_method() See L. -=item - +=item * DSA_get0_p(), DSA_get0_q(), DSA_get0_g(), DSA_get0_pqg(), DSA_get0_key(), DSA_get0_priv_key(), DSA_get0_pub_key() See L. -=item - +=item * DSA_new(), DSA_free(), DSA_up_ref() See L -=item - +=item * DSAparams_dup() There is no direct replacement. Applications may use L and L instead. -=item - +=item * DSAparams_print(), DSAparams_print_fp(), DSA_print(), DSA_print_fp() See L -=item - +=item * DSA_set0_key(), DSA_set0_pqg() See L -=item - +=item * DSA_set_flags(), DSA_clear_flags(), DSA_test_flags() The B flag has been deprecated without replacement. -=item - +=item * DSA_sign(), DSA_do_sign(), DSA_sign_setup(), DSA_verify(), DSA_do_verify() See L. -=item - +=item * ECDH_compute_key() See L. -=item - +=item * ECDH_KDF_X9_62() @@ -1401,20 +1404,20 @@ Applications may either set this using the helper function L or by setting an B using the "kdf-type" as shown in L -=item - +=item * ECDSA_sign(), ECDSA_sign_ex(), ECDSA_sign_setup(), ECDSA_do_sign(), ECDSA_do_sign_ex(), ECDSA_verify(), ECDSA_do_verify() See L. -=item - +=item * ECDSA_size() Applications should use L. -=item - +=item * EC_GF2m_simple_method(), EC_GFp_mont_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method(), EC_GFp_nistp256_method(), EC_GFp_nistp521_method(), @@ -1424,20 +1427,20 @@ There are no replacements for these functions. Applications should rely on the library automatically assigning a suitable method internally when an EC_GROUP is constructed. -=item - +=item * EC_GROUP_clear_free() Use L instead. -=item - +=item * EC_GROUP_get_curve_GF2m(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), EC_GROUP_set_curve_GFp() Applications should use L and L. -=item - +=item * EC_GROUP_have_precompute_mult(), EC_GROUP_precompute_mult(), EC_KEY_precompute_mult() @@ -1445,7 +1448,7 @@ EC_KEY_precompute_mult() These functions are not widely used. Applications should instead switch to named curves which OpenSSL has hardcoded lookup tables for. -=item - +=item * EC_GROUP_new(), EC_GROUP_method_of(), EC_POINT_method_of() @@ -1453,19 +1456,19 @@ EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned internally without application intervention. Users of EC_GROUP_new() should switch to a different suitable constructor. -=item - +=item * EC_KEY_can_sign() Applications should use L instead. -=item - +=item * EC_KEY_check_key() See L -=item - +=item * EC_KEY_set_flags(), EC_KEY_get_flags(), EC_KEY_clear_flags() @@ -1476,33 +1479,33 @@ B and B. See also L -=item - +=item * EC_KEY_dup(), EC_KEY_copy() There is no direct replacement. Applications may use L and L instead. -=item - +=item * EC_KEY_decoded_from_explicit_params() There is no replacement. -=item - +=item * EC_KEY_generate_key() See L. -=item - +=item * EC_KEY_get0_group(), EC_KEY_get0_private_key(), EC_KEY_get0_public_key(), EC_KEY_get_conv_form(), EC_KEY_get_enc_flags() See L. -=item - +=item * EC_KEY_get0_engine(), EC_KEY_get_default_method(), EC_KEY_get_method(), EC_KEY_new_method(), EC_KEY_get_ex_data(), EC_KEY_OpenSSL(), @@ -1511,60 +1514,60 @@ EC_KEY_set_method() See L -=item - +=item * EC_METHOD_get_field_type() Use L instead. See L -=item - +=item * EC_KEY_key2buf(), EC_KEY_oct2key(), EC_KEY_oct2priv(), EC_KEY_priv2buf(), EC_KEY_priv2oct() There are no replacements for these. -=item - +=item * EC_KEY_new(), EC_KEY_new_by_curve_name(), EC_KEY_free(), EC_KEY_up_ref() See L -=item - +=item * EC_KEY_print(), EC_KEY_print_fp() See L -=item - +=item * EC_KEY_set_asn1_flag(), EC_KEY_set_conv_form(), EC_KEY_set_enc_flags() See L. -=item - +=item * EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(), EC_KEY_set_public_key_affine_coordinates() See L. -=item - +=item * ECParameters_print(), ECParameters_print_fp(), ECPKParameters_print(), ECPKParameters_print_fp() See L -=item - +=item * EC_POINT_bn2point(), EC_POINT_point2bn() These functions were not particularly useful, since EC point serialization formats are not individual big-endian integers. -=item - +=item * EC_POINT_get_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GFp(), EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_set_affine_coordinates_GFp() @@ -1572,7 +1575,7 @@ EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_set_affine_coordinates_GFp() Applications should use L and L instead. -=item - +=item * EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_Jprojective_coordinates_GFp() @@ -1580,41 +1583,41 @@ These functions are not widely used. Applications should instead use the L and L functions. -=item - +=item * EC_POINT_make_affine(), EC_POINTs_make_affine() There is no replacement. These functions were not widely used, and OpenSSL automatically performs this conversion when needed. -=item - +=item * EC_POINT_set_compressed_coordinates_GF2m(), EC_POINT_set_compressed_coordinates_GFp() Applications should use L instead. -=item - +=item * EC_POINTs_mul() This function is not widely used. Applications should instead use the L function. -=item - +=item * B All engine functions are deprecated. An engine should be rewritten as a provider. See L. -=item - +=item * B, ERR_func_error_string(), ERR_get_error_line(), ERR_get_error_line_data(), ERR_get_state() OpenSSL now loads error strings automatically so these functions are not needed. -=item - +=item * ERR_peek_error_line_data(), ERR_peek_last_error_line_data() @@ -1625,7 +1628,7 @@ Applications should use L, or pick information with ERR_peek functions and finish off with getting the error code by using L. -=item - +=item * EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_iv_noconst(), EVP_CIPHER_CTX_original_iv() @@ -1634,14 +1637,14 @@ L and L respectively. See L for further information. -=item - +=item * B, EVP_MD_CTX_set_update_fn(), EVP_MD_CTX_update_fn(), B See L. -=item - +=item * EVP_PKEY_CTRL_PKCS7_ENCRYPT(), EVP_PKEY_CTRL_PKCS7_DECRYPT(), EVP_PKEY_CTRL_PKCS7_SIGN(), EVP_PKEY_CTRL_CMS_ENCRYPT(), @@ -1651,7 +1654,7 @@ These control operations are not invoked by the OpenSSL library anymore and are replaced by direct checks of the key operation against the key type when the operation is initialized. -=item - +=item * EVP_PKEY_CTX_get0_dh_kdf_ukm(), EVP_PKEY_CTX_get0_ecdh_kdf_ukm() @@ -1659,33 +1662,33 @@ See the "kdf-ukm" item in L and L. These functions are obsolete and should not be required. -=item - +=item * EVP_PKEY_CTX_set_rsa_keygen_pubexp() Applications should use L instead. -=item - +=item * EVP_PKEY_cmp(), EVP_PKEY_cmp_parameters() Applications should use L and L instead. See L for further details. -=item - +=item * EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(), Applications should use L and L or L and L instead. -=item - +=item * EVP_PKEY_get0() This function returns NULL if the key comes from a provider. -=item - +=item * EVP_PKEY_get0_DH(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_RSA(), EVP_PKEY_get1_DH(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_EC_KEY and EVP_PKEY_get1_RSA(), @@ -1693,26 +1696,26 @@ EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash() See L. -=item - +=item * B See L. -=item - +=item * EVP_PKEY_new_CMAC_key() See L. -=item - +=item * EVP_PKEY_assign(), EVP_PKEY_set1_DH(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_RSA() See L -=item - +=item * EVP_PKEY_set1_tls_encodedpoint() EVP_PKEY_get1_tls_encodedpoint() @@ -1723,40 +1726,40 @@ L. The old versions have been converted to deprecated macros that just call the new functions. -=item - +=item * EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine() See L. -=item - +=item * EVP_PKEY_set_alias_type() This function has been removed. There is no replacement. See L -=item - +=item * HMAC_Init_ex(), HMAC_Update(), HMAC_Final(), HMAC_size() See L. -=item - +=item * HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_copy(), HMAC_CTX_reset(), HMAC_CTX_set_flags(), HMAC_CTX_get_md() See L. -=item - +=item * i2d_DHparams(), i2d_DHxparams() See L and L -=item - +=item * i2d_DSAparams(), i2d_DSAPrivateKey(), i2d_DSAPrivateKey_bio(), i2d_DSAPrivateKey_fp(), i2d_DSA_PUBKEY(), i2d_DSA_PUBKEY_bio(), @@ -1765,7 +1768,7 @@ i2d_DSA_PUBKEY_fp(), i2d_DSAPublicKey() See L and L -=item - +=item * i2d_ECParameters(), i2d_ECPrivateKey(), i2d_ECPrivateKey_bio(), i2d_ECPrivateKey_fp(), i2d_EC_PUBKEY(), i2d_EC_PUBKEY_bio(), @@ -1774,7 +1777,7 @@ i2d_EC_PUBKEY_fp(), i2o_ECPublicKey() See L and L -=item - +=item * i2d_RSAPrivateKey(), i2d_RSAPrivateKey_bio(), i2d_RSAPrivateKey_fp(), i2d_RSA_PUBKEY(), i2d_RSA_PUBKEY_bio(), i2d_RSA_PUBKEY_fp(), @@ -1783,7 +1786,7 @@ i2d_RSAPublicKey(), i2d_RSAPublicKey_bio(), i2d_RSAPublicKey_fp() See L and L -=item - +=item * IDEA_encrypt(), IDEA_set_decrypt_key(), IDEA_set_encrypt_key(), IDEA_cbc_encrypt(), IDEA_cfb64_encrypt(), IDEA_ecb_encrypt(), @@ -1792,59 +1795,59 @@ IDEA_ofb64_encrypt() See L. IDEA has been moved to the L. -=item - +=item * IDEA_options() There is no replacement. This function returned a constant string. -=item - +=item * MD2(), MD2_Init(), MD2_Update(), MD2_Final() See L. MD2 has been moved to the L. -=item - +=item * MD2_options() There is no replacement. This function returned a constant string. -=item - +=item * MD4(), MD4_Init(), MD4_Update(), MD4_Final(), MD4_Transform() See L. MD4 has been moved to the L. -=item - +=item * MDC2(), MDC2_Init(), MDC2_Update(), MDC2_Final() See L. MDC2 has been moved to the L. -=item - +=item * MD5(), MD5_Init(), MD5_Update(), MD5_Final(), MD5_Transform() See L. -=item - +=item * NCONF_WIN32() This undocumented function has no replacement. See L for more details. -=item - +=item * OCSP_parse_url() Use L instead. -=item - +=item * B type and B functions @@ -1854,14 +1857,14 @@ type is B, and the deprecated functions are replaced with B. See L for additional details. -=item - +=item * OPENSSL_fork_child(), OPENSSL_fork_parent(), OPENSSL_fork_prepare() There is no replacement for these functions. These pthread fork support methods were unused by OpenSSL. -=item - +=item * OSSL_STORE_ctrl(), OSSL_STORE_do_all_loaders(), OSSL_STORE_LOADER_get0_engine(), OSSL_STORE_LOADER_get0_scheme(), OSSL_STORE_LOADER_new(), @@ -1877,7 +1880,7 @@ These functions helped applications and engines create loaders for schemes they supported. These are all deprecated and discouraged in favour of provider implementations, see L. -=item - +=item * PEM_read_DHparams(), PEM_read_bio_DHparams(), PEM_read_DSAparams(), PEM_read_bio_DSAparams(), @@ -1898,13 +1901,13 @@ PEM_write_bio_RSAPublicKey(), See L -=item - +=item * PKCS1_MGF1() See L. -=item - +=item * RAND_get_rand_method(), RAND_set_rand_method(), RAND_OpenSSL(), RAND_set_rand_engine() @@ -1913,7 +1916,7 @@ Applications should instead use L, L and L. See L for more details. -=item - +=item * RC2_encrypt(), RC2_decrypt(), RC2_set_key(), RC2_cbc_encrypt(), RC2_cfb64_encrypt(), RC2_ecb_encrypt(), RC2_ofb64_encrypt(), @@ -1924,7 +1927,7 @@ RC5_32_cfb64_encrypt(), RC5_32_ecb_encrypt(), RC5_32_ofb64_encrypt() See L. The Algorithms "RC2", "RC4" and "RC5" have been moved to the L. -=item - +=item * RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update(), RIPEMD160_Final(), RIPEMD160_Transform() @@ -1932,20 +1935,20 @@ RIPEMD160_Transform() See L. The RIPE algorithm has been moved to the L. -=item - +=item * RSA_bits(), RSA_security_bits(), RSA_size() Use L, L and L. -=item - +=item * RSA_check_key(), RSA_check_key_ex() See L -=item - +=item * RSA_clear_flags(), RSA_flags(), RSA_set_flags(), RSA_test_flags(), RSA_setup_blinding(), RSA_blinding_off(), RSA_blinding_on() @@ -1956,19 +1959,19 @@ B, B, B, B, B, B B -=item - +=item * RSA_generate_key_ex(), RSA_generate_multi_prime_key() See L. -=item - +=item * RSA_get0_engine() See L -=item - +=item * RSA_get0_crt_params(), RSA_get0_d(), RSA_get0_dmp1(), RSA_get0_dmq1(), RSA_get0_e(), RSA_get0_factors(), RSA_get0_iqmp(), RSA_get0_key(), @@ -1978,82 +1981,82 @@ RSA_get_multi_prime_extra_count() See L -=item - +=item * RSA_new(), RSA_free(), RSA_up_ref() See L. -=item - +=item * RSA_get_default_method(), RSA_get_ex_data and RSA_get_method() See L. -=item - +=item * RSA_get_version() There is no replacement. -=item - +=item * B, RSA_new_method(), RSA_null_method and RSA_PKCS1_OpenSSL() See L. -=item - +=item * B, B See L and L. -=item - +=item * RSA_print(), RSA_print_fp() See L -=item - +=item * RSA_public_encrypt(), RSA_private_decrypt() See L -=item - +=item * RSA_private_encrypt(), RSA_public_decrypt() This is equivalent to doing sign and verify recover operations (with a padding mode of none). See L. -=item - +=item * RSAPrivateKey_dup(), RSAPublicKey_dup() There is no direct replacement. Applications may use L. -=item - +=item * RSAPublicKey_it(), RSAPrivateKey_it() See L -=item - +=item * RSA_set0_crt_params(), RSA_set0_factors(), RSA_set0_key(), RSA_set0_multi_prime_params() See L. -=item - +=item * RSA_set_default_method(), RSA_set_method(), RSA_set_ex_data() See L -=item - +=item * RSA_sign(), RSA_sign_ASN1_OCTET_STRING(), RSA_verify(), RSA_verify_ASN1_OCTET_STRING(), RSA_verify_PKCS1_PSS(), @@ -2061,7 +2064,7 @@ RSA_verify_PKCS1_PSS_mgf1() See L. -=item - +=item * RSA_X931_derive_ex(), RSA_X931_generate_key_ex(), RSA_X931_hash_id() @@ -2069,7 +2072,7 @@ There are no replacements for these functions. X931 padding can be set using L. See B. -=item - +=item * SEED_encrypt(), SEED_decrypt(), SEED_set_key(), SEED_cbc_encrypt(), SEED_cfb128_encrypt(), SEED_ecb_encrypt(), SEED_ofb128_encrypt() @@ -2077,7 +2080,7 @@ SEED_cfb128_encrypt(), SEED_ecb_encrypt(), SEED_ofb128_encrypt() See L. The SEED algorithm has been moved to the L. -=item - +=item * SHA1_Init(), SHA1_Update(), SHA1_Final(), SHA1_Transform(), SHA224_Init(), SHA224_Update(), SHA224_Final(), @@ -2087,7 +2090,7 @@ SHA512_Init(), SHA512_Update(), SHA512_Final(), SHA512_Transform() See L. -=item - +=item * SRP_Calc_A(), SRP_Calc_B(), SRP_Calc_client_key(), SRP_Calc_server_key(), SRP_Calc_u(), SRP_Calc_x(), SRP_check_known_gN_param(), SRP_create_verifier(), @@ -2098,7 +2101,7 @@ SRP_VBASE_new(), SRP_Verify_A_mod_N(), SRP_Verify_B_mod_N() There are no replacements for the SRP functions. -=item - +=item * SSL_CTX_set_tmp_dh_callback(), SSL_set_tmp_dh_callback(), SSL_CTX_set_tmp_dh(), SSL_set_tmp_dh() @@ -2114,13 +2117,13 @@ parameters for export and non-export ciphersuites. Export ciphersuites are no longer supported by OpenSSL. Use of the callback functions should be replaced by one of the other methods described above. -=item - +=item * SSL_CTX_set_tlsext_ticket_key_cb() Use the new L function instead. -=item - +=item * WHIRLPOOL(), WHIRLPOOL_Init(), WHIRLPOOL_Update(), WHIRLPOOL_Final(), WHIRLPOOL_BitUpdate() @@ -2128,14 +2131,14 @@ WHIRLPOOL_BitUpdate() See L. The Whirlpool algorithm has been moved to the L. -=item - +=item * X509_certificate_type() This was an undocumented function. Applications can use L and L instead. -=item - +=item * X509_http_nbio(), X509_CRL_http_nbio() @@ -2214,13 +2217,13 @@ now in maintenance mode and no new features will be added to them. =over 4 -=item - +=item * TLS 1.3 FFDHE key exchange support added This uses DH safe prime named groups. -=item - +=item * Support for fully "pluggable" TLSv1.3 groups. @@ -2228,7 +2231,7 @@ This means that providers may supply their own group implementations (using either the "key exchange" or the "key encapsulation" methods) which will automatically be detected and used by libssl. -=item - +=item * SSL and SSL_CTX options are now 64 bit instead of 32 bit. @@ -2242,13 +2245,13 @@ However it is still possible to test whether these macros are defined or not. See L, L, L and L. -=item - +=item * SSL_set1_host() and SSL_add1_host() Changes These functions now take IP literal addresses as well as actual hostnames. -=item - +=item * Added SSL option SSL_OP_CLEANSE_PLAINTEXT @@ -2257,7 +2260,7 @@ internal buffers after delivering them to the application. Note, the application is still responsible for cleansing other copies (e.g.: data received by L). -=item - +=item * Client-initiated renegotiation is disabled by default. @@ -2265,7 +2268,7 @@ To allow it, use the B<-client_renegotiation> option, the B flag, or the C config parameter as appropriate. -=item - +=item * Secure renegotiation is now required by default for TLS connections @@ -2275,7 +2278,7 @@ to connect to legacy peers will need to explicitly set SSL_OP_LEGACY_SERVER_CONNECT. Accordingly, SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL. -=item - +=item * Combining the Configure options no-ec and no-dh no longer disables TLSv1.3 @@ -2287,13 +2290,13 @@ TLS connections in such a build without also disabling TLSv1.3 at run time or using third party provider groups may result in handshake failures. TLSv1.3 can be disabled at compile time using the "no-tls1_3" Configure option. -=item - +=item * SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() changes. The methods now ignore unknown ciphers. -=item - +=item * Security callback change. @@ -2306,7 +2309,7 @@ according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other locations. Therefore this client side call has been changed to pass an EVP_PKEY instead. -=item - +=item * New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF @@ -2314,21 +2317,21 @@ The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option is set, an unexpected EOF is ignored, it pretends a close notify was received instead and so the returned error becomes SSL_ERROR_ZERO_RETURN. -=item - +=item * The security strength of SHA1 and MD5 based signatures in TLS has been reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer working at the default security level of 1 and instead requires security level 0. The security level can be changed either using the cipher string -with `C<@SECLEVEL>, or calling L. This also means +with C<@SECLEVEL>, or calling L. This also means that where the signature algorithms extension is missing from a ClientHello then the handshake will fail in TLS 1.2 at security level 1. This is because, although this extension is optional, failing to provide one means that OpenSSL will fallback to a default set of signature algorithms. This default set requires the availability of SHA1. -=item - +=item * X509 certificates signed using SHA1 are no longer allowed at security level 1 and above. diff --git a/doc/man7/passphrase-encoding.pod b/doc/man7/passphrase-encoding.pod index aabf9a5a9f..ed580fecac 100644 --- a/doc/man7/passphrase-encoding.pod +++ b/doc/man7/passphrase-encoding.pod @@ -105,7 +105,7 @@ Also note that the sub-sections below discuss human readable pass phrases. This is particularly relevant for PKCS#12 objects, where human readable pass phrases are assumed. For other objects, it's as legitimate to use any byte sequence (such as a -sequence of bytes from `/dev/urandom` that's been saved away), which makes any +sequence of bytes from F that's been saved away), which makes any character encoding discussion irrelevant; in such cases, simply use the same byte sequence as it is. diff --git a/util/perl/OpenSSL/Template.pm b/util/perl/OpenSSL/Template.pm index 926a6ea5e0..7411dd8ae8 100644 --- a/util/perl/OpenSSL/Template.pm +++ b/util/perl/OpenSSL/Template.pm @@ -22,12 +22,12 @@ following additions: =over 4 -=item - +=item * The template perl code delimiters (given with the C option) are set to C<{-> and C<-}> by default. -=item - +=item * A few extra functions are offered to be used by the template perl code, see L. From scan-admin at coverity.com Wed Aug 4 07:49:36 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 04 Aug 2021 07:49:36 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <610a468fa5335_b56ef2ad5b939399c647b2@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DiRUS_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFteoq4nEaET6NCfIP1AAD4B-2BgwouT05EfCrOFbA39i0zRRRTAhYbZoPpDPM9KPGCqVrE6QeFPZW4BSUfXy96VxVqDHsWdPlxLA3wg7P8BJ7td3rTGF-2BAtLIkRdEC33zEwYhOpdCsCN-2BLr02cYVg6lPKmWCRJOnsnTwQKpCTLuYlesOVyotqkO6nws-2BISykyN0-3D Build ID: 400585 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Wed Aug 4 07:52:47 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 04 Aug 2021 07:52:47 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <610a474f4b0e3_b57f92ad5b939399c647a5@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3Db6Di_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHX7HLMqVVj0io3tkLpN-2Bvbx1ZXCTU-2BxN-2Fi1pZ3JYuMOpDL6KkNd0-2Bgzx0Q9Rg57FdUHCHmpTbqiNP0Z7pB-2FgaRoNYx0Y7D6VQ44-2Fgnl96DdpvvW-2BhWZdphMCAngl933yiCauJ3gHnJJHzd8-2FvWoLrvt0sKpf4KMkq9lvxECjHAwL1nxvPLtqSxjrhqwAP2b2s-3D Build ID: 400586 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Wed Aug 4 12:06:17 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 04 Aug 2021 12:06:17 +0000 Subject: [openssl] master update Message-ID: <1628078777.742911.14353.nullmailer@dev.openssl.org> The branch master has been updated via a8f35a5527bd7c1f48e3a5ae3d8241ae3988ea94 (commit) via 25ab542409488b65d15b787eb5cc7b0a0daf21c6 (commit) from da496bc159361b0bc22df2432fb07b1cd7491ac2 (commit) - Log ----------------------------------------------------------------- commit a8f35a5527bd7c1f48e3a5ae3d8241ae3988ea94 Author: Tomas Mraz Date: Tue Aug 3 12:23:43 2021 +0200 Use copy.pl to install the fips module on Windows Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16208) commit 25ab542409488b65d15b787eb5cc7b0a0daf21c6 Author: Tomas Mraz Date: Tue Aug 3 11:35:58 2021 +0200 Windows, VMS: Do install_fips on install if fips is enabled Also fix some inconsistencies and minor bugs related to the install_fips target on Windows and VMS. Fixes #16194 Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16208) ----------------------------------------------------------------------- Summary of changes: Configurations/descrip.mms.tmpl | 10 +++++----- Configurations/windows-makefile.tmpl | 12 +++++------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index bad8e0a776..3ffd387903 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -500,7 +500,7 @@ list-tests : @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" @ ! {- output_on() if !$disabled{tests}; "" -} -install : install_sw install_ssldirs install_docs install_msg +install : install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} install_msg install_msg : @ WRITE SYS$OUTPUT "" @@ -516,7 +516,7 @@ install_msg : check_install : spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com -uninstall : uninstall_docs uninstall_sw +uninstall : uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -} # Because VMS wants the generation number (or *) to delete files, we can't # use $(LIBS), $(PROGRAMS), $(GENERATED) and $(MODULES) directly. @@ -565,14 +565,14 @@ install_docs : install_html_docs uninstall_docs : uninstall_html_docs {- output_off() if $disabled{fips}; "" -} -install_fips : install_sw $(INSTALL_FIPSMODULECONF) +install_fips : build_sw $(INSTALL_FIPSMODULECONF) @ WRITE SYS$OUTPUT "*** Installing FIPS module" COPY/PROT=W:RE $(INSTALL_FIPSMODULES) - ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME) @ WRITE SYS$OUTPUT "*** Installing FIPS module configuration" - COPY/PROT=W:RE $(INSTALL_FIPSMODULESCONF) OSSL_DATAROOT:[000000] + COPY/PROT=W:RE $(INSTALL_FIPSMODULECONF) OSSL_DATAROOT:[000000] -uninstall_fips : uninstall_sw +uninstall_fips : @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration" DELETE OSSL_DATAROOT:[000000]fipsmodule.cnf;* @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module" diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index fc40e61144..26357c75bc 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -452,9 +452,9 @@ list-tests: @$(ECHO) "Tests are not supported with your chosen Configure options" @{- output_on() if !$disabled{tests}; "\@rem" -} -install: install_sw install_ssldirs install_docs +install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} -uninstall: uninstall_docs uninstall_sw +uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -} libclean: "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS) @@ -496,17 +496,15 @@ install_docs: install_html_docs uninstall_docs: uninstall_html_docs {- output_off() if $disabled{fips}; "" -} -install_fips: build_sw providers\fipsmodule.cnf +install_fips: build_sw $(INSTALL_FIPSMODULECONF) # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR) @$(ECHO) "*** Installing FIPS module" @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)" - @copy "$(INSTALL_FIPSMODULE)" $(MODULESDIR)\$(FIPSMODULENAME).new - @move /Y $(MODULESDIR)\$(FIPSMODULENAME).new \ - $(MODULESDIR)\$(FIPSMODULENAME) + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)" @$(ECHO) "*** Installing FIPS module configuration" @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(OPENSSLDIR)\fipsmodule.cnf" - @copy $(INSTALL_FIPSMODULECONF) "$(OPENSSLDIR)\fipsmodule.cnf" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULECONF)" "$(OPENSSLDIR)" uninstall_fips: @$(ECHO) "*** Uninstalling FIPS module configuration" From dev at ddvo.net Wed Aug 4 14:38:40 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 04 Aug 2021 14:38:40 +0000 Subject: [openssl] master update Message-ID: <1628087920.814408.6637.nullmailer@dev.openssl.org> The branch master has been updated via 421953effea12b1ce6e2953786a83acc426b2622 (commit) from a8f35a5527bd7c1f48e3a5ae3d8241ae3988ea94 (commit) - Log ----------------------------------------------------------------- commit 421953effea12b1ce6e2953786a83acc426b2622 Author: Dr. David von Oheimb Date: Tue Aug 3 14:40:08 2021 +0200 apps/pkeyutl.c: call ERR_print_errors() on all errors, including Signature Verification Failure Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16209) ----------------------------------------------------------------------- Summary of changes: apps/pkeyutl.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index bf9db2fa5a..73012e3069 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -307,12 +307,10 @@ int pkeyutl_main(int argc, char **argv) mctx, digestname, libctx, app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, "%s: Error initializing context\n", prog); - ERR_print_errors(bio_err); goto end; } if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) { BIO_printf(bio_err, "%s: Error setting up peer key\n", prog); - ERR_print_errors(bio_err); goto end; } if (pkeyopts != NULL) { @@ -325,7 +323,6 @@ int pkeyutl_main(int argc, char **argv) if (pkey_ctrl_string(ctx, opt) <= 0) { BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n", prog, opt); - ERR_print_errors(bio_err); goto end; } } @@ -492,14 +489,13 @@ int pkeyutl_main(int argc, char **argv) } else { BIO_puts(bio_err, "Key derivation failed\n"); } - ERR_print_errors(bio_err); goto end; } ret = 0; if (asn1parse) { if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) - ERR_print_errors(bio_err); + ERR_print_errors(bio_err); /* but still return success */ } else if (hexdump) { BIO_dump(out, (char *)buf_out, buf_outlen); } else { @@ -507,6 +503,8 @@ int pkeyutl_main(int argc, char **argv) } end: + if (ret != 0) + ERR_print_errors(bio_err); EVP_MD_CTX_free(mctx); EVP_PKEY_CTX_free(ctx); EVP_MD_free(md); @@ -671,15 +669,12 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key"); if (peer == NULL) { BIO_printf(bio_err, "Error reading peer key %s\n", file); - ERR_print_errors(bio_err); return 0; } - ret = EVP_PKEY_derive_set_peer(ctx, peer); + ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0; EVP_PKEY_free(peer); - if (ret <= 0) - ERR_print_errors(bio_err); return ret; } From pauli at openssl.org Wed Aug 4 23:21:45 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 04 Aug 2021 23:21:45 +0000 Subject: [openssl] master update Message-ID: <1628119305.560164.350.nullmailer@dev.openssl.org> The branch master has been updated via 6b9d3b7c5ee63757c7bfb6f3761fb9ea35ac64a5 (commit) via b5c4dc6ce50b7fcf1b51721a61e1a827d1eb05a3 (commit) from 421953effea12b1ce6e2953786a83acc426b2622 (commit) - Log ----------------------------------------------------------------- commit 6b9d3b7c5ee63757c7bfb6f3761fb9ea35ac64a5 Author: Tomas Mraz Date: Tue Aug 3 18:00:02 2021 +0200 Add oid_section to sysdefault.cnf to test adding new oids Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16210) commit b5c4dc6ce50b7fcf1b51721a61e1a827d1eb05a3 Author: Tomas Mraz Date: Tue Aug 3 17:29:04 2021 +0200 Prevent recursive call of OPENSSL_INIT_LOAD_CONFIG If objects are added in a config file the OPENSSL_INIT_LOAD_CONFIG will be called recursively which results in hang in RUN_ONCE. Fixes #16186 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16210) ----------------------------------------------------------------------- Summary of changes: crypto/init.c | 41 +++++++++++++++++++++++++++-------------- test/sysdefault.cnf | 4 ++++ 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index 552a4fa66c..6a27d1a8e4 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -44,6 +44,7 @@ struct ossl_init_stop_st { static OPENSSL_INIT_STOP *stop_handlers = NULL; static CRYPTO_RWLOCK *init_lock = NULL; +static CRYPTO_THREAD_LOCAL in_init_config_local; static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; static int base_inited = 0; @@ -61,7 +62,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) OPENSSL_cpuid_setup(); if (!ossl_init_thread()) - return 0; + goto err; + + if (!CRYPTO_THREAD_init_local(&in_init_config_local, NULL)) + goto err; base_inited = 1; return 1; @@ -366,6 +370,8 @@ void OPENSSL_cleanup(void) CRYPTO_THREAD_lock_free(init_lock); init_lock = NULL; + CRYPTO_THREAD_cleanup_local(&in_init_config_local); + /* * We assume we are single-threaded for this function, i.e. no race * conditions for the various "*_inited" vars below. @@ -566,22 +572,29 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) return 0; if (opts & OPENSSL_INIT_LOAD_CONFIG) { - int ret; + int loading = CRYPTO_THREAD_get_local(&in_init_config_local) != NULL; - if (settings == NULL) { - ret = RUN_ONCE(&config, ossl_init_config); - } else { - if (!CRYPTO_THREAD_write_lock(init_lock)) + /* If called recursively from OBJ_ calls, just skip it. */ + if (!loading) { + int ret; + + if (!CRYPTO_THREAD_set_local(&in_init_config_local, (void *)-1)) + return 0; + if (settings == NULL) { + ret = RUN_ONCE(&config, ossl_init_config); + } else { + if (!CRYPTO_THREAD_write_lock(init_lock)) + return 0; + conf_settings = settings; + ret = RUN_ONCE_ALT(&config, ossl_init_config_settings, + ossl_init_config); + conf_settings = NULL; + CRYPTO_THREAD_unlock(init_lock); + } + + if (ret <= 0) return 0; - conf_settings = settings; - ret = RUN_ONCE_ALT(&config, ossl_init_config_settings, - ossl_init_config); - conf_settings = NULL; - CRYPTO_THREAD_unlock(init_lock); } - - if (ret <= 0) - return 0; } if ((opts & OPENSSL_INIT_ASYNC) diff --git a/test/sysdefault.cnf b/test/sysdefault.cnf index 0094831608..20712b5bda 100644 --- a/test/sysdefault.cnf +++ b/test/sysdefault.cnf @@ -8,6 +8,10 @@ openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_sect +oid_section = oid_sect + +[oid_sect] +new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1 [ssl_sect] From pauli at openssl.org Thu Aug 5 00:04:02 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 05 Aug 2021 00:04:02 +0000 Subject: [openssl] master update Message-ID: <1628121842.459712.32535.nullmailer@dev.openssl.org> The branch master has been updated via 6da0f274834d60c2ad84109e00430f9e4f7ffb85 (commit) from 6b9d3b7c5ee63757c7bfb6f3761fb9ea35ac64a5 (commit) - Log ----------------------------------------------------------------- commit 6da0f274834d60c2ad84109e00430f9e4f7ffb85 Author: Dmitry Belyavskiy Date: Fri Jul 30 16:03:55 2021 +0200 Document necessary error code processing Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16187) ----------------------------------------------------------------------- Summary of changes: doc/man7/migration_guide.pod | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 462ef9f122..8cc017dfa6 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -469,6 +469,18 @@ Remove your usage of the low level APIs. In this case you will need to rewrite y =back +=head3 Error code changes + +As OpenSSL 3.0 provides a brand new Encoder/Decoder mechanism for working with +widely used file formats, application code that checks for particular error +reason codes on key loading failures might need an update. + +Password-protected keys may deserve special attention. If only some errors +are treated as an indicator that the user should be asked about the password again, +it's worth testing these scenarios and processing the newly relevant codes. + +There may be more cases to treat specially, depending on the calling application code. + =head2 Upgrading from OpenSSL 1.0.2 Upgrading to OpenSSL 3.0 from OpenSSL 1.0.2 is likely to be significantly more From pauli at openssl.org Thu Aug 5 05:42:18 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 05 Aug 2021 05:42:18 +0000 Subject: [openssl] master update Message-ID: <1628142138.766236.2702.nullmailer@dev.openssl.org> The branch master has been updated via 7587b5fd09d8a2a42acc90e5eecdeb6f160699ff (commit) via ebe667b4645ef8ee742c5364a3ee3dd363bd17b4 (commit) via 7b917179d027c9901ea0e8c213f581c8db5d1b9b (commit) from 6da0f274834d60c2ad84109e00430f9e4f7ffb85 (commit) - Log ----------------------------------------------------------------- commit 7587b5fd09d8a2a42acc90e5eecdeb6f160699ff Author: Pauli Date: Wed Aug 4 11:06:44 2021 +1000 CI: remove spurious blank lines Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16174) commit ebe667b4645ef8ee742c5364a3ee3dd363bd17b4 Author: Pauli Date: Thu Jul 29 15:24:20 2021 +1000 ci: specific gcc explicitly on the basic-gcc CI build GitHub Actions default to clang not gcc so this is necessary now. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16174) commit 7b917179d027c9901ea0e8c213f581c8db5d1b9b Author: Pauli Date: Thu Jul 29 13:37:30 2021 +1000 ci: separate the config dump from the configuration command This avoids using the shell's `&&` and shortens the lines a bit. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16174) ----------------------------------------------------------------------- Summary of changes: .github/workflows/ci.yml | 2 +- .github/workflows/coveralls.yml | 4 +++- .github/workflows/fips-checksums.yml | 10 ++++++++-- .github/workflows/run-checker-ci.yml | 4 +++- .github/workflows/run-checker-daily.yml | 4 +++- .github/workflows/run-checker-merge.yml | 4 +++- 6 files changed, 21 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9e89d455a9..bcb5cd5775 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,7 +61,7 @@ jobs: steps: - uses: actions/checkout at v2 - name: config - run: ./config --banner=Configured enable-fips --strict-warnings && perl configdata.pm --dump + run: CC=gcc ./config --banner=Configured enable-fips --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 34e5117298..45e9e8e62e 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -14,7 +14,9 @@ jobs: run: | sudo apt-get -yq install lcov - name: config - run: CC=gcc ./config --banner=Configured --debug --coverage no-asm enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump + run: CC=gcc ./config --banner=Configured --debug --coverage no-asm enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + - name: config dump + run: ./configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index 0b3111c1a7..d8aea44786 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -22,7 +22,10 @@ jobs: ref: ${{ github.event.pull_request.base.ref }} path: source-pristine - name: config pristine - run: ../source-pristine/config enable-fips && perl configdata.pm --dump + run: ../source-pristine/config enable-fips + working-directory: ./build-pristine + - name: config pristine dump + run: ./configdata.pm --dump working-directory: ./build-pristine - name: make build_generated pristine run: make -s build_generated @@ -34,7 +37,10 @@ jobs: with: path: source - name: config - run: ../source/config enable-fips && perl configdata.pm --dump + run: ../source/config enable-fips + working-directory: ./build + - name: config dump + run: ./configdata.pm --dump working-directory: ./build - name: make build_generated run: make -s build_generated diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index 39423845f3..3c09194d0c 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -31,7 +31,9 @@ jobs: steps: - uses: actions/checkout at v2 - name: config - run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} + - name: config dump + run: ./configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 0ab02c5375..d9374f1cfc 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -125,7 +125,9 @@ jobs: steps: - uses: actions/checkout at v2 - name: config - run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} + - name: config dump + run: ./configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index 81121e7f3a..4f5efeae51 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -24,7 +24,9 @@ jobs: steps: - uses: actions/checkout at v2 - name: config - run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} + - name: config dump + run: ./configdata.pm --dump - name: make run: make -s -j4 - name: make test From pauli at openssl.org Thu Aug 5 05:47:15 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 05 Aug 2021 05:47:15 +0000 Subject: [openssl] master update Message-ID: <1628142435.722574.7176.nullmailer@dev.openssl.org> The branch master has been updated via d209fc6cce47be332ca10dbef1ada8077a22fb38 (commit) via 05bd00b8a690201ade8365e6a6fe846c2c2b9d51 (commit) via c5f15fb28e680a90e876e629203700f3faced02e (commit) via bf7c901160f0f49644326c62cae4344a1e5c5064 (commit) via 5961aedaa5513523cf45380164e9c9864ef46e8a (commit) via e18ceda105bca9108efd9e597e116a1a3de8ffb3 (commit) via 9ff407a1dcb7580317e863634c020ac6589da897 (commit) via 94eb3cdd34bf391f50a59bbfcc6cb83138a77261 (commit) via 736dba012fa43832aba753344f6dcb91c7314721 (commit) via f7d998a206383b6bab3fad32b28e58d3786fe08a (commit) via 2cdf7c6a3324f0477d34b2906632e863941d8d6b (commit) from 7587b5fd09d8a2a42acc90e5eecdeb6f160699ff (commit) - Log ----------------------------------------------------------------- commit d209fc6cce47be332ca10dbef1ada8077a22fb38 Author: Pauli Date: Wed Aug 4 10:11:30 2021 +1000 evp_test: add TLS 1.3 KDF test suite Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit 05bd00b8a690201ade8365e6a6fe846c2c2b9d51 Author: Pauli Date: Tue Aug 3 22:42:23 2021 +1000 test: add test cases for TLS 1.3 KDF Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit c5f15fb28e680a90e876e629203700f3faced02e Author: Pauli Date: Tue Aug 3 11:33:38 2021 +1000 update doc/build.info Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit bf7c901160f0f49644326c62cae4344a1e5c5064 Author: Pauli Date: Tue Aug 3 11:22:49 2021 +1000 fips: add power up test for TLS 1.3 KDF The power up known answer test for the TLS 1.3 KDF does just the first step to derive the "client_early_traffic_secret" using the two modes of the KDF. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit 5961aedaa5513523cf45380164e9c9864ef46e8a Author: Pauli Date: Tue Aug 3 15:42:13 2021 +1000 doc: add TLS 1.3 KDF to the FIPS provider list of algorithms. Fix link to TLS1 PRF. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit e18ceda105bca9108efd9e597e116a1a3de8ffb3 Author: Pauli Date: Tue Aug 3 22:29:03 2021 +1000 doc: reorder the string and int extract/expand param values Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit 9ff407a1dcb7580317e863634c020ac6589da897 Author: Pauli Date: Mon Aug 2 21:44:06 2021 +1000 doc: add links to new KDF Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit 94eb3cdd34bf391f50a59bbfcc6cb83138a77261 Author: Pauli Date: Mon Aug 2 21:44:38 2021 +1000 doc: add documentation for TLS13_KDF Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit 736dba012fa43832aba753344f6dcb91c7314721 Author: Pauli Date: Mon Aug 2 16:19:29 2021 +1000 provider: add TLS13_KDF to the default and FIPS providers Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit f7d998a206383b6bab3fad32b28e58d3786fe08a Author: Pauli Date: Mon Aug 2 16:16:35 2021 +1000 tls/prov: move the TLS 1.3 KDF code to providers This function needs to be power up tested as part of the FIPS validation and thus it needs to be inside the provider boundary. This is realised by introducing a new KDF "TLS13-KDF" which does the required massaging of parameters but is otherwise functionally equivalent to HKDF. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) commit 2cdf7c6a3324f0477d34b2906632e863941d8d6b Author: Pauli Date: Mon Aug 2 12:18:42 2021 +1000 doc: add missing link directive in X942 KDF Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) ----------------------------------------------------------------------- Summary of changes: doc/build.info | 6 + doc/man7/EVP_KDF-HKDF.pod | 9 +- doc/man7/EVP_KDF-TLS13_KDF.pod | 128 + doc/man7/EVP_KDF-X942-CONCAT.pod | 2 +- doc/man7/OSSL_PROVIDER-FIPS.pod | 8 +- doc/man7/provider-kdf.pod | 15 + include/openssl/core_names.h | 4 + include/openssl/self_test.h | 2 + providers/defltprov.c | 2 + providers/fips/fipsprov.c | 2 + providers/fips/self_test_data.inc | 64 + .../implementations/include/prov/implementations.h | 1 + providers/implementations/include/prov/names.h | 1 + providers/implementations/kdfs/hkdf.c | 261 +- ssl/tls13_enc.c | 116 +- test/recipes/30-test_evp.t | 1 + test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt | 4937 ++++++++++++++++++++ 17 files changed, 5462 insertions(+), 97 deletions(-) create mode 100644 doc/man7/EVP_KDF-TLS13_KDF.pod create mode 100644 test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt diff --git a/doc/build.info b/doc/build.info index 475034cb9f..542ddb8182 100644 --- a/doc/build.info +++ b/doc/build.info @@ -4131,6 +4131,10 @@ DEPEND[html/man7/EVP_KDF-SSHKDF.html]=man7/EVP_KDF-SSHKDF.pod GENERATE[html/man7/EVP_KDF-SSHKDF.html]=man7/EVP_KDF-SSHKDF.pod DEPEND[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod GENERATE[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod +DEPEND[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod +GENERATE[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod +DEPEND[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod +GENERATE[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod DEPEND[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod GENERATE[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod DEPEND[man/man7/EVP_KDF-TLS1_PRF.7]=man7/EVP_KDF-TLS1_PRF.pod @@ -4558,6 +4562,7 @@ html/man7/EVP_KDF-PKCS12KDF.html \ html/man7/EVP_KDF-SCRYPT.html \ html/man7/EVP_KDF-SS.html \ html/man7/EVP_KDF-SSHKDF.html \ +html/man7/EVP_KDF-TLS13_KDF.html \ html/man7/EVP_KDF-TLS1_PRF.html \ html/man7/EVP_KDF-X942-ASN1.html \ html/man7/EVP_KDF-X942-CONCAT.html \ @@ -4680,6 +4685,7 @@ man/man7/EVP_KDF-PKCS12KDF.7 \ man/man7/EVP_KDF-SCRYPT.7 \ man/man7/EVP_KDF-SS.7 \ man/man7/EVP_KDF-SSHKDF.7 \ +man/man7/EVP_KDF-TLS13_KDF.7 \ man/man7/EVP_KDF-TLS1_PRF.7 \ man/man7/EVP_KDF-X942-ASN1.7 \ man/man7/EVP_KDF-X942-CONCAT.7 \ diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod index b20fb7b613..5ef09aed36 100644 --- a/doc/man7/EVP_KDF-HKDF.pod +++ b/doc/man7/EVP_KDF-HKDF.pod @@ -49,7 +49,7 @@ There are three modes that are currently defined: =over 4 -=item B "EXTRACT_AND_EXPAND" +=item "EXTRACT_AND_EXPAND" or B This is the default mode. Calling L on an EVP_KDF_CTX set up for HKDF will perform an extract followed by an expand operation in one go. @@ -59,7 +59,7 @@ intermediate fixed-length pseudorandom key K is not returned. In this mode the digest, key, salt and info values must be set before a key is derived otherwise an error will occur. -=item B "EXTRACT_ONLY" +=item "EXTRACT_ONLY" or B In this mode calling L will just perform the extract operation. The value returned will be the intermediate fixed-length pseudorandom @@ -69,7 +69,7 @@ up by calling EVP_KDF_CTX_get_kdf_size() after setting the mode and digest. The digest, key and salt values must be set before a key is derived otherwise an error will occur. -=item B "EXPAND_ONLY" +=item "EXPAND_ONLY" or B In this mode calling L will just perform the expand operation. The input key should be set to the intermediate fixed-length @@ -137,7 +137,8 @@ L, L, L, L, -L +L, +L =head1 COPYRIGHT diff --git a/doc/man7/EVP_KDF-TLS13_KDF.pod b/doc/man7/EVP_KDF-TLS13_KDF.pod new file mode 100644 index 0000000000..a049a7cd7e --- /dev/null +++ b/doc/man7/EVP_KDF-TLS13_KDF.pod @@ -0,0 +1,128 @@ +=pod + +=head1 NAME + +EVP_KDF-TLS13_KDF - The TLS 1.3 EVP_KDF implementation + +=head1 DESCRIPTION + +Support for computing the TLS 1.3 version of the B KDF through +the B API. + +The EVP_KDF-TLS13_KDF algorithm implements the HKDF key derivation function +as used by TLS 1.3. + +=head2 Identity + +"TLS13-KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item "properties" (B) + +=item "digest" (B) + +=item "key" (B) + +=item "salt" (B) + +These parameters work as described in L. + +=item "prefix" (B) + +This parameter sets the label prefix on the specified TLS 1.3 KDF context. +For TLS 1.3 this should be set to the ASCII string "tls13 " without a +trailing zero byte. Refer to RFC 8446 section 7.1 "Key Schedule" for details. + +=item "label" (B) + +This parameter sets the label on the specified TLS 1.3 KDF context. +Refer to RFC 8446 section 7.1 "Key Schedule" for details. + +=item "data" (B) + +This parameter sets the context data on the specified TLS 1.3 KDF context. +Refer to RFC 8446 section 7.1 "Key Schedule" for details. + +=item "mode" (B) or + +This parameter sets the mode for the TLS 1.3 KDF operation. +There are two modes that are currently defined: + +=over 4 + +=item "EXTRACT_ONLY" or B + +In this mode calling L will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. The I parameter must match the size of K, which can be looked +up by calling EVP_KDF_CTX_get_kdf_size() after setting the mode and digest. + +The digest, key and salt values must be set before a key is derived otherwise +an error will occur. + +=item "EXPAND_ONLY" or B + +In this mode calling L will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. + +The digest, key and info values must be set before a key is derived otherwise +an error will occur. + +=back + +=back + +=head1 NOTES + +This KDF is intended for use by the TLS 1.3 implementation in libssl. +It does not support all the options and capabilities that HKDF does. + +The I array passed to L or +L must specify all of the parameters required. +This KDF does not support a piecemeal approach to providing these. + +A context for a TLS 1.3 KDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS13-KDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of a TLS 1.3 KDF expand operation is specified via the +I parameter to the L function. When using +EVP_KDF_HKDF_MODE_EXTRACT_ONLY the I parameter must equal the size of +the intermediate fixed-length pseudorandom key otherwise an error will occur. +For that mode, the fixed output size can be looked up by calling +EVP_KDF_CTX_get_kdf_size() after setting the mode and digest on the +B. + +=head1 CONFORMING TO + +RFC 8446 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KDF-X942-CONCAT.pod b/doc/man7/EVP_KDF-X942-CONCAT.pod index 9ea6e84dfb..8463b958f3 100644 --- a/doc/man7/EVP_KDF-X942-CONCAT.pod +++ b/doc/man7/EVP_KDF-X942-CONCAT.pod @@ -17,7 +17,7 @@ can be used with the EVP_KDF_fetch() function. This is an alias for "X963KDF". -See for a list of supported parameters and examples. +See L for a list of supported parameters and examples. =head1 HISTORY diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 04aaa454df..f13e963a94 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -86,13 +86,15 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item HKDF, see L +=item TLS13-KDF, see L + =item SSKDF, see L =item PBKDF2, see L =item SSHKDF, see L -=item TLS1-PRF, see L +=item TLS1-PRF, see L =item KBKDF, see L @@ -299,6 +301,10 @@ Key agreement tests used with the "KAT_KA" type. =item "HKDF" (B) +=item "TLS13_KDF_EXTRACT" (B) + +=item "TLS13_KDF_EXPAND" (B) + =item "SSKDF" (B) =item "X963KDF" (B) diff --git a/doc/man7/provider-kdf.pod b/doc/man7/provider-kdf.pod index 034f82a262..3fbce625ff 100644 --- a/doc/man7/provider-kdf.pod +++ b/doc/man7/provider-kdf.pod @@ -239,6 +239,21 @@ Sets the scrypt work factor parameter p in the associated KDF ctx. Sets the scrypt work factor parameter maxmem in the associated KDF ctx. +=item "prefix" (B) + +Sets the prefix string using by the TLS 1.3 version of HKDF in the +associated KDF ctx. + +=item "label" (B) + +Sets the label string using by the TLS 1.3 version of HKDF in the +associated KDF ctx. + +=item "data" (B) + +Sets the context string using by the TLS 1.3 version of HKDF in the +associated KDF ctx. + =item "info" (B) Sets the optional shared info in the associated KDF ctx. diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index f99497e229..b549dae916 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -190,6 +190,9 @@ extern "C" { #define OSSL_KDF_PARAM_KEY "key" /* octet string */ #define OSSL_KDF_PARAM_SALT "salt" /* octet string */ #define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ +#define OSSL_KDF_PARAM_PREFIX "prefix" /* octet string */ +#define OSSL_KDF_PARAM_LABEL "label" /* octet string */ +#define OSSL_KDF_PARAM_DATA "data" /* octet string */ #define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ #define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ #define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ @@ -223,6 +226,7 @@ extern "C" { /* Known KDF names */ #define OSSL_KDF_NAME_HKDF "HKDF" +#define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" #define OSSL_KDF_NAME_PBKDF1 "PBKDF1" #define OSSL_KDF_NAME_PBKDF2 "PBKDF2" #define OSSL_KDF_NAME_SCRYPT "SCRYPT" diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index b970d1b949..564fc95088 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -68,6 +68,8 @@ extern "C" { # define OSSL_SELF_TEST_DESC_KDF_SSHKDF "SSHKDF" # define OSSL_SELF_TEST_DESC_KDF_TLS12_PRF "TLS12_PRF" # define OSSL_SELF_TEST_DESC_KDF_KBKDF "KBKDF" +# define OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT "TLS13_KDF_EXTRACT" +# define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND" # define OSSL_SELF_TEST_DESC_RNG "RNG" # ifdef __cplusplus diff --git a/providers/defltprov.c b/providers/defltprov.c index cb8a90f1cd..498c4eaa2a 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -320,6 +320,8 @@ static const OSSL_ALGORITHM deflt_macs[] = { static const OSSL_ALGORITHM deflt_kdfs[] = { { PROV_NAMES_HKDF, "provider=default", ossl_kdf_hkdf_functions }, + { PROV_NAMES_TLS1_3_KDF, "provider=default", + ossl_kdf_tls1_3_kdf_functions }, { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions }, { PROV_NAMES_PBKDF2, "provider=default", ossl_kdf_pbkdf2_functions }, { PROV_NAMES_PKCS12KDF, "provider=default", ossl_kdf_pkcs12_functions }, diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index b69299e046..f4605dcd6c 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -346,6 +346,8 @@ static const OSSL_ALGORITHM fips_macs[] = { static const OSSL_ALGORITHM fips_kdfs[] = { { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, + { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, + ossl_kdf_tls1_3_kdf_functions }, { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 8c28144405..dd39ab5252 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -494,8 +494,72 @@ static const ST_KAT_PARAM kbkdf_params[] = { ST_KAT_PARAM_END() }; +static const char tls13_kdf_digest[] = "SHA256"; +static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; +static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; +static const unsigned char tls13_kdf_prefix[] = { + 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */ +}; +static const unsigned char tls13_kdf_client_early_secret_label[] = { + 0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66, + 0x66, 0x69, 0x63 /* "c e traffic"*/ +}; +static const unsigned char tls13_kdf_psk[] = { + 0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF, + 0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06, + 0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4, + 0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05 +}; +static const unsigned char tls13_kdf_client_hello_hash[] = { + 0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38, + 0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b, + 0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53, + 0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3 +}; + +static const unsigned char tls13_kdf_early_secret[] = { + 0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3, + 0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93, + 0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03, + 0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16 +}; +static const unsigned char tls13_kdf_client_early_traffic_secret[] = { + 0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48, + 0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6, + 0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79, + 0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71 +}; +static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = { + ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode), + ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk), + ST_KAT_PARAM_END() +}; +static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = { + ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode), + ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL, + tls13_kdf_client_early_secret_label), + ST_KAT_PARAM_END() +}; + static const ST_KAT_KDF st_kat_kdf_tests[] = { + { + OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT, + OSSL_KDF_NAME_TLS1_3_KDF, + tls13_kdf_early_secret_params, + ITM(tls13_kdf_early_secret) + }, + { + OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND, + OSSL_KDF_NAME_TLS1_3_KDF, + tls13_kdf_client_early_secret_params, + ITM(tls13_kdf_client_early_traffic_secret) + }, { OSSL_SELF_TEST_DESC_KDF_TLS12_PRF, OSSL_KDF_NAME_TLS1_PRF, diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 855bd90919..c80b0dcfa3 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -257,6 +257,7 @@ extern const OSSL_DISPATCH ossl_kdf_scrypt_functions[]; #endif extern const OSSL_DISPATCH ossl_kdf_tls1_prf_functions[]; extern const OSSL_DISPATCH ossl_kdf_hkdf_functions[]; +extern const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_sshkdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_sskdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[]; diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h index 5aec4a0934..b05776e4f6 100644 --- a/providers/implementations/include/prov/names.h +++ b/providers/implementations/include/prov/names.h @@ -249,6 +249,7 @@ */ #define PROV_NAMES_HKDF "HKDF" #define PROV_DESCS_HKDF_SIGN "OpenSSL HKDF via EVP_PKEY implementation" +#define PROV_NAMES_TLS1_3_KDF "TLS13-KDF" #define PROV_NAMES_SSKDF "SSKDF" #define PROV_NAMES_PBKDF1 "PBKDF1" #define PROV_NAMES_PBKDF2 "PBKDF2:1.2.840.113549.1.5.12" diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index 167b64f0b3..667d5e9619 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -23,6 +23,7 @@ #include #include "internal/cryptlib.h" #include "internal/numbers.h" +#include "internal/packet.h" #include "crypto/evp.h" #include "prov/provider_ctx.h" #include "prov/providercommon.h" @@ -40,6 +41,9 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params; static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params; +static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive; +static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params; +static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params; static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, const unsigned char *salt, size_t salt_len, @@ -55,6 +59,15 @@ static int HKDF_Expand(const EVP_MD *evp_md, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len); +/* Settable context parameters that are common across HKDF and the TLS KDF */ +#define HKDF_COMMON_SETTABLES \ + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), \ + OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), \ + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0) + typedef struct { void *provctx; int mode; @@ -63,6 +76,12 @@ typedef struct { size_t salt_len; unsigned char *key; size_t key_len; + unsigned char *prefix; + size_t prefix_len; + unsigned char *label; + size_t label_len; + unsigned char *data; + size_t data_len; unsigned char info[HKDF_MAXBUF]; size_t info_len; } KDF_HKDF; @@ -98,6 +117,9 @@ static void kdf_hkdf_reset(void *vctx) ossl_prov_digest_reset(&ctx->digest); OPENSSL_free(ctx->salt); + OPENSSL_free(ctx->prefix); + OPENSSL_free(ctx->label); + OPENSSL_clear_free(ctx->data, ctx->data_len); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_cleanse(ctx->info, ctx->info_len); memset(ctx, 0, sizeof(*ctx)); @@ -163,11 +185,10 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, } } -static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[]) { - const OSSL_PARAM *p; - KDF_HKDF *ctx = vctx; OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); + const OSSL_PARAM *p; int n; if (params == NULL) @@ -219,6 +240,21 @@ static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; } } + + return 1; +} + +static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KDF_HKDF *ctx = vctx; + + if (params == NULL) + return 1; + + if (!hkdf_common_set_ctx_params(ctx, params)) + return 0; + /* The info fields concatenate, so process them all */ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) { ctx->info_len = 0; @@ -243,12 +279,7 @@ static const OSSL_PARAM *kdf_hkdf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), - OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), + HKDF_COMMON_SETTABLES, OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), OSSL_PARAM_END }; @@ -496,3 +527,215 @@ static int HKDF_Expand(const EVP_MD *evp_md, HMAC_CTX_free(hmac); return ret; } + +/* + * TLS uses slight variations of the above and for FIPS validation purposes, + * they need to be present here. + * Refer to RFC 8446 section 7 for specific details. + */ + +/* + * Given a |secret|; a |label| of length |labellen|; and |data| of length + * |datalen| (e.g. typically a hash of the handshake messages), derive a new + * secret |outlen| bytes long and store it in the location pointed to be |out|. + * The |data| value may be zero length. Returns 1 on success and 0 on failure. + */ +static int prov_tls13_hkdf_expand(const EVP_MD *md, + const unsigned char *key, size_t keylen, + const unsigned char *prefix, size_t prefixlen, + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen) +{ + size_t hkdflabellen; + unsigned char hkdflabel[HKDF_MAXBUF]; + WPACKET pkt; + + /* + * 2 bytes for length of derived secret + 1 byte for length of combined + * prefix and label + bytes for the label itself + 1 byte length of hash + * + bytes for the hash itself. We've got the maximum the KDF can handle + * which should always be sufficient. + */ + if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) + || !WPACKET_put_bytes_u16(&pkt, outlen) + || !WPACKET_start_sub_packet_u8(&pkt) + || !WPACKET_memcpy(&pkt, prefix, prefixlen) + || !WPACKET_memcpy(&pkt, label, labellen) + || !WPACKET_close(&pkt) + || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) + || !WPACKET_get_total_written(&pkt, &hkdflabellen) + || !WPACKET_finish(&pkt)) { + WPACKET_cleanup(&pkt); + return 0; + } + + return HKDF_Expand(md, key, keylen, hkdflabel, hkdflabellen, + out, outlen); +} + +static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, + const EVP_MD *md, + const unsigned char *prevsecret, + size_t prevsecretlen, + const unsigned char *insecret, + size_t insecretlen, + const unsigned char *prefix, + size_t prefixlen, + const unsigned char *label, + size_t labellen, + unsigned char *out, size_t outlen) +{ + size_t mdlen; + int ret; + unsigned char preextractsec[EVP_MAX_MD_SIZE]; + /* Always filled with zeros */ + static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; + + ret = EVP_MD_get_size(md); + /* Ensure cast to size_t is safe */ + if (ret <= 0) + return 0; + mdlen = (size_t)ret; + + if (insecret == NULL) { + insecret = default_zeros; + insecretlen = mdlen; + } + if (prevsecret == NULL) { + prevsecret = default_zeros; + prevsecretlen = 0; + } else { + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + unsigned char hash[EVP_MAX_MD_SIZE]; + + /* The pre-extract derive step uses a hash of no messages */ + if (mctx == NULL + || EVP_DigestInit_ex(mctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + EVP_MD_CTX_free(mctx); + return 0; + } + EVP_MD_CTX_free(mctx); + + /* Generate the pre-extract secret */ + if (!prov_tls13_hkdf_expand(md, prevsecret, mdlen, + prefix, prefixlen, label, labellen, + hash, mdlen, preextractsec, mdlen)) + return 0; + prevsecret = preextractsec; + prevsecretlen = mdlen; + } + + ret = HKDF_Extract(libctx, md, prevsecret, prevsecretlen, + insecret, insecretlen, out, outlen); + + if (prevsecret == preextractsec) + OPENSSL_cleanse(preextractsec, mdlen); + return ret; +} + +static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) +{ + KDF_HKDF *ctx = (KDF_HKDF *)vctx; + const EVP_MD *md; + + if (!ossl_prov_is_running() || !kdf_tls1_3_set_ctx_params(ctx, params)) + return 0; + + md = ossl_prov_digest_md(&ctx->digest); + if (md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return 0; + } + + switch (ctx->mode) { + default: + return 0; + + case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: + return prov_tls13_hkdf_generate_secret(PROV_LIBCTX_OF(ctx->provctx), + md, + ctx->salt, ctx->salt_len, + ctx->key, ctx->key_len, + ctx->prefix, ctx->prefix_len, + ctx->label, ctx->label_len, + key, keylen); + + case EVP_KDF_HKDF_MODE_EXPAND_ONLY: + return prov_tls13_hkdf_expand(md, ctx->key, ctx->key_len, + ctx->prefix, ctx->prefix_len, + ctx->label, ctx->label_len, + ctx->data, ctx->data_len, + key, keylen); + } +} + +static int kdf_tls1_3_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KDF_HKDF *ctx = vctx; + + if (params == NULL) + return 1; + + if (!hkdf_common_set_ctx_params(ctx, params)) + return 0; + + if (ctx->mode == EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); + return 0; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PREFIX)) != NULL) { + OPENSSL_free(ctx->prefix); + ctx->prefix = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->prefix, 0, + &ctx->prefix_len)) + return 0; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_LABEL)) != NULL) { + OPENSSL_free(ctx->label); + ctx->label = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->label, 0, + &ctx->label_len)) + return 0; + } + + OPENSSL_clear_free(ctx->data, ctx->data_len); + ctx->data = NULL; + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DATA)) != NULL + && !OSSL_PARAM_get_octet_string(p, (void **)&ctx->data, 0, + &ctx->data_len)) + return 0; + return 1; +} + +static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx, + ossl_unused void *provctx) +{ + static const OSSL_PARAM known_settable_ctx_params[] = { + HKDF_COMMON_SETTABLES, + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PREFIX, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_LABEL, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_DATA, NULL, 0), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} + +const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_tls1_3_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))kdf_tls1_3_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_tls1_3_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))kdf_hkdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_hkdf_get_ctx_params }, + { 0, NULL } +}; diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 91c4248117..7f6133f29c 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -18,8 +18,11 @@ #define TLS13_MAX_LABEL_LEN 249 -/* Always filled with zeros */ -static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; +#ifdef CHARSET_EBCDIC +static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 }; +#else +static const unsigned char label_prefix[] = "tls13 "; +#endif /* * Given a |secret|; a |label| of length |labellen|; and |data| of length @@ -33,29 +36,14 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen, int fatal) { -#ifdef CHARSET_EBCDIC - static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 }; -#else - static const unsigned char label_prefix[] = "tls13 "; -#endif - EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, + EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq); EVP_KDF_CTX *kctx; - OSSL_PARAM params[5], *p = params; + OSSL_PARAM params[7], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; const char *mdname = EVP_MD_get0_name(md); int ret; - size_t hkdflabellen; size_t hashlen; - /* - * 2 bytes for length of derived secret + 1 byte for length of combined - * prefix and label + bytes for the label itself + 1 byte length of hash - * + bytes for the hash itself - */ - unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) - + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN - + 1 + EVP_MAX_MD_SIZE]; - WPACKET pkt; kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); @@ -76,37 +64,33 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, return 0; } - hashlen = EVP_MD_get_size(md); - - if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) - || !WPACKET_put_bytes_u16(&pkt, outlen) - || !WPACKET_start_sub_packet_u8(&pkt) - || !WPACKET_memcpy(&pkt, label_prefix, sizeof(label_prefix) - 1) - || !WPACKET_memcpy(&pkt, label, labellen) - || !WPACKET_close(&pkt) - || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) - || !WPACKET_get_total_written(&pkt, &hkdflabellen) - || !WPACKET_finish(&pkt)) { + if ((ret = EVP_MD_get_size(md)) <= 0) { EVP_KDF_CTX_free(kctx); - WPACKET_cleanup(&pkt); if (fatal) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); else ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } + hashlen = (size_t)ret; *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (unsigned char *)secret, hashlen); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, - hkdflabel, hkdflabellen); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, + (unsigned char *)label_prefix, + sizeof(label_prefix) - 1); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, + (unsigned char *)label, labellen); + if (data != NULL) + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_DATA, + (unsigned char *)data, + datalen); *p++ = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, out, outlen, params) <= 0; - EVP_KDF_CTX_free(kctx); if (ret != 0) { @@ -178,12 +162,12 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, size_t insecretlen, unsigned char *outsecret) { - size_t mdlen, prevsecretlen; + size_t mdlen; int mdleni; int ret; EVP_KDF *kdf; EVP_KDF_CTX *kctx; - OSSL_PARAM params[5], *p = params; + OSSL_PARAM params[7], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; const char *mdname = EVP_MD_get0_name(md); #ifdef CHARSET_EBCDIC @@ -191,9 +175,8 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, #else static const char derived_secret_label[] = "derived"; #endif - unsigned char preextractsec[EVP_MAX_MD_SIZE]; - kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, s->ctx->propq); + kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { @@ -210,51 +193,22 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, } mdlen = (size_t)mdleni; - if (insecret == NULL) { - insecret = default_zeros; - insecretlen = mdlen; - } - if (prevsecret == NULL) { - prevsecret = default_zeros; - prevsecretlen = 0; - } else { - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - unsigned char hash[EVP_MAX_MD_SIZE]; - - /* The pre-extract derive step uses a hash of no messages */ - if (mctx == NULL - || EVP_DigestInit_ex(mctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - EVP_MD_CTX_free(mctx); - EVP_KDF_CTX_free(kctx); - return 0; - } - EVP_MD_CTX_free(mctx); - - /* Generate the pre-extract secret */ - if (!tls13_hkdf_expand(s, md, prevsecret, - (unsigned char *)derived_secret_label, - sizeof(derived_secret_label) - 1, hash, mdlen, - preextractsec, mdlen, 1)) { - /* SSLfatal() already called */ - EVP_KDF_CTX_free(kctx); - return 0; - } - - prevsecret = preextractsec; - prevsecretlen = mdlen; - } - *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)insecret, - insecretlen); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)prevsecret, - prevsecretlen); + if (insecret != NULL) + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (unsigned char *)insecret, + insecretlen); + if (prevsecret != NULL) + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + (unsigned char *)prevsecret, mdlen); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, + (unsigned char *)label_prefix, + sizeof(label_prefix) - 1); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, + (unsigned char *)derived_secret_label, + sizeof(derived_secret_label) - 1); *p++ = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, outsecret, mdlen, params) <= 0; @@ -263,8 +217,6 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_KDF_CTX_free(kctx); - if (prevsecret == preextractsec) - OPENSSL_cleanse(preextractsec, mdlen); return ret == 0; } diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index bb728a925a..96fc394fca 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -50,6 +50,7 @@ my @files = qw( evpkdf_ss.txt evpkdf_ssh.txt evpkdf_tls12_prf.txt + evpkdf_tls13_kdf.txt evpkdf_x942.txt evpkdf_x963.txt evpmac_common.txt diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt new file mode 100644 index 0000000000..9ad8b9fbd2 --- /dev/null +++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt @@ -0,0 +1,4937 @@ +# +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. + +Title = TLS 1.3 KDF tests (from ACVP test vectors) + +# Each test suite simulates the steps in a TLS 1.3 session +# The output of each step is used as an input for the next. These were not +# generally included in the ACVP data and have been generated. The end to end +# correctness indicates that the intermediate values are okay. + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +Output = 153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 +Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = c80583a90e995c489600492a5da642e6b1f679ba674828792df087b939636171 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 +Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 1fe336ab43b4a69b11ebc64c8343ed21a9c7f6724702d9d63970e8ff72a4bde7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8e27fad32236cb11bb497eb878d636c3f1599f5ffdfae784cbf73e74746769d4 +Ctrl.salt = hexsalt:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd +Ctrl.data = hexdata:78d80b86fb9b089fb73375e51ae5bcfd742df4cadbd84dea0aaa0ac9d07ba6dc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = c2451ee08fd221331f3dabada534393ed1fc8f5983afa251c1d004ec94e823a2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd +Ctrl.data = hexdata:78d80b86fb9b089fb73375e51ae5bcfd742df4cadbd84dea0aaa0ac9d07ba6dc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 40eefbf66cb79c41c9ee1bf0be7f41696da165e7e69628ca8e342fee51827abd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 +Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = b162c65cdc0f9425aa7cd8fb30a821c8c8f0e8f8f9eb42209d10d784dafadcb5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 +Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 6fe71fd9a81dffb3fecedd80c7a4801804116c79bc37b3605f54bc01a9cbed99 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 +Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = eb1069417c771402a32b4797099adc449fd2be22ac47fb771ccd319e1a11ce55 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 +Ctrl.data = hexdata:db603b863e82a12147bd81a8e715d3273efe641d467436309e19ae0254461a35 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = b4face4931df0e3380830805af22055bf29b030988a9e278f7d04f2b00f323e8 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:ad5c61780c37f5dbe1666e846ffcbfe0694e6d7ee87fc855850cd961420a0da2 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 265aa1591dd7b8046d95580c5dec47f4f175cd3121afc066ab65b14c2ff2eeec + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:ad5c61780c37f5dbe1666e846ffcbfe0694e6d7ee87fc855850cd961420a0da2 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = dfeadee3e4cd8d260ae389043e5f806ea55ee332270487289abaf3933ec219ed + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8ba75a8cee15fe15599cec2d6590313ca4cf2efd7aed87a85ed4cbcbdc5edf9bb1 +Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 +Ctrl.data = hexdata:fc732c631dec5b82edae0288d698f0ab1823128d73ee370864cc0edc69b1dd15 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = f1f7241a9c150b2a9e1e20f00ba42c038688468167201cae15a51f83ddd8520b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 +Ctrl.data = hexdata:fc732c631dec5b82edae0288d698f0ab1823128d73ee370864cc0edc69b1dd15 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 38f88680f83f4cbc7afc2e58c7161076da181185009074b5f576c61643bc2e55 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce +Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = e8634a48b7162c0c0d55afea28af35f06fcbbd268328bd6a9034b6fcddc48bb2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce +Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 1f5f7e35b4495e94f2b847129e246d98cc67d511729ed9ce60fa3c8176a7c41d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce +Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = ff76b85accc260ce264686e011c9ab08e955cd01943d8c03989ac060ea4ad12e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce +Ctrl.data = hexdata:26872f541995715cbf7fcdd26544cfeff9fdff638578d166851127fb8a91ade7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 9d0a1aa3ed67e5bd066e61f15fdfd7a552bea57aed956af3f8b49abc2a9480b7 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:ab9a6fa58d1efd4d862d33e5fa1b610ef8af8b1c66d12f7871598e39b5540dcd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 22c60538c233cbabc8d14ca55fa7b264f4bf1eaa68ca7460be6f965edc2706bd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:ab9a6fa58d1efd4d862d33e5fa1b610ef8af8b1c66d12f7871598e39b5540dcd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 04c9e7d5e5709d0d5e98cce5b8d995973427a2adb1e3d092c5418e520959d24c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:079d4c92c73f842771e76173ffc79976499728b81e75ba77255d3f97a9b075b515 +Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 +Ctrl.data = hexdata:eb62d1f34a8aeb2a391e3f6d1e2f9f66e3053530551a41e94ba8f38068f273af +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 2f0e7afb326b06b482c82e5a775d65656ae653cd4f9c5527f9fea54c4872331d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 +Ctrl.data = hexdata:eb62d1f34a8aeb2a391e3f6d1e2f9f66e3053530551a41e94ba8f38068f273af +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 4c0d8dff2bb81366bde630eb466479765acd151bd14da1ce5a313292ad2e7f3f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 +Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 21ecbb49c1013e3fb86e21600b2643bb22db2a5747d1d580b088ec545985750c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 +Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 692ce960da75200ba64c0898172c383eba3e910f943e2dc6fb0ca5ea860dd128 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 +Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 414267573db54653b960060e78f24efbbe0e6eb3bba77f8a1330c52ce748cea9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 +Ctrl.data = hexdata:2cf39c1d072fe6ca2e9385b5deb93f6706ca97c4cecd7141968ae9f92d1b331d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 71afefcc45ef6cf641320fd33c0711fce1b177f2de278a3009a423c013eb156e + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:0ba5fc85501734dc78cea66aacc3b2fa36be938b34b10037e842dc6ff493560d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = bcb5dab7001fb36b9877b3cc53c92157de4a4a304be8ce1ae8a49b71b5cf5384 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:0ba5fc85501734dc78cea66aacc3b2fa36be938b34b10037e842dc6ff493560d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = efc512b05a887d11ed829bdf90162ace73456c83a6543d74ef95f98022b6162c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:51b7a0a74de27eed1bc77a0691850387f4bfbaafef1033780d027fb0a00d1ba957 +Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b +Ctrl.data = hexdata:9d3b6a05267ca141c132ae2685bba0b8eb27d8b4349af822607bf4c215070d2e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 7c318f397dd56ec69c7ab5eafde196c06aefccaf24fb2487e045b55f8d5865dc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b +Ctrl.data = hexdata:9d3b6a05267ca141c132ae2685bba0b8eb27d8b4349af822607bf4c215070d2e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = f9b5e2e18869a920128dad1c836d57deacaa85cfec21012823a52182cb5484fc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba +Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 7b48562a81323355b3c090d59b8adbb6aaf17b8489448d3d20bee397523ef0ac + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba +Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 19c59876c3f79fad0f66e3038ef2126ff1f0167a15d8fe10901671fbdb7aca9e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba +Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = a41b62871f071de5536da378f4b88071dd9839b367065e84da932e45a6b155e6 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba +Ctrl.data = hexdata:40248b70ecbe954e7b825281e052f5d1f784678f02c1574f91034c09fa5b4f91 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = c27da667ff071ee5907d272d0f26cb204af7df95895670a96c8441bcc9433c6c + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:1db79ad32111ded07970f5a4958d60deaaea16c9364d72fd97f1b9d2eb4389f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 9988ba03ffa2aa8f8332efc47051278dd4831bb2b2231010b49354f23a14fcc2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:1db79ad32111ded07970f5a4958d60deaaea16c9364d72fd97f1b9d2eb4389f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 332e88ff7e3b1b3e592a89b3151bb79a418f5db6dff522a73ff53bc7e237777e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:6d42939374a8adf6d3d96bf450eece38f2d0268814262f9780acf5b6769582b0aa +Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 +Ctrl.data = hexdata:782580319c405ffabb7c272f730a4d0c06da94923f49fc8194e86c91b339cd0f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 60822aa502f3065ec3972e5dba90f14b254544f99d3274cd67fa3565e5e78f11 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 +Ctrl.data = hexdata:782580319c405ffabb7c272f730a4d0c06da94923f49fc8194e86c91b339cd0f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 4534439181f03ed7c34471c0b2cd59a064402a6cb8092f5e30dfe3db4ce29c65 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 +Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 1fa11fda9fc1840f2082a9a81b9212bca08915c8402f5d9d3e6403df529a6872 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 +Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 5d3b814a5ea0b320dc2d6b0d50f766013073e92203184ea6f990f3a23ba1b936 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 +Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 12c9b8c8b42467ccfb6161cafda1027212c59782891fc9f4b43e68f66a6ff0be + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 +Ctrl.data = hexdata:7d3160a347ba24ed246af7287f60a64cebe1678aa3055958693c1189f9ae45b8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = b39060999fb0e2319294654c6ddf17c6375e25d5e44da3d00474aba66384f961 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:491d9ca9cd0d5c8ddef62cd87b9ee6e934ec66191b22667447544355ae5903d5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 659f7cc8a36d4efcea9bb1dbe7d0723b968a7a78eb80d18966afb24fabdb86a2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.data = hexdata:491d9ca9cd0d5c8ddef62cd87b9ee6e934ec66191b22667447544355ae5903d5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 292bcf6dd3c94e79d2ac4bd4de158f0bedb7416591e87a911ea4034ba6da7a7c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8bed9e790b96b98846068b237082f9c0c0e53af3bea98bdda5f1a079448775ab6d +Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 +Ctrl.data = hexdata:b969708ab3a1b1b1b87f228a49d37df58a367064a6bccec689a475dc5edda812 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 7b4d547ba11886f439c6d53b1e65b09aff3f1fea4fb8628962a546013fd53bbc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 +Ctrl.data = hexdata:b969708ab3a1b1b1b87f228a49d37df58a367064a6bccec689a475dc5edda812 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = cdb6b0be56d99c2a9a9c201a4b62b27df40877b228ba085fd0d06a5489545595 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb +Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = f2a8f833af1dc5db36b842769955d97db05d3bd5014ca9c9fa301e8ac6214ebe + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb +Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 1ac34b3063a496f7be40f83e01055a97a0899c9a0484121df5f11ce25d9ca426 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb +Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 58374f792176371d434f9866ba8958fab9eced9edc0a4d7a787798ded90fa9b7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb +Ctrl.data = hexdata:3279a4e27fc27a69208764df2fc0de77e3d9c73dd971b368b8d0a32536a6f8bb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 1aff1cdf216ba86913a3d191159de6869490ca94e79da7fbc6173643c87d407a + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:b6d0a81fd3c91c1970a2d85ed695fba34143ae0fea07bc7c8653ad4830c905db +Output = 94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc +Ctrl.data = hexdata:47afa605ef0002b533bedbc155030e2b96c1d8d20d410dc44ce37dd94c8cb1e3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 122a73631c397d888895544f34925464a3d6983cdf647d6e23b050d140af1273 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc +Ctrl.data = hexdata:47afa605ef0002b533bedbc155030e2b96c1d8d20d410dc44ce37dd94c8cb1e3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 0bb4c7419f9a02f9eb52ab21886b20b7be6ae8223db2e67c50d5d3461ec9b936 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:d36680e32c17596202cbf2765472708cb5bc41399b2c9d7cf1c88ca219e7a1ee +Ctrl.salt = hexsalt:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 +Ctrl.data = hexdata:c724c6137e799c69850f94ccbe089b07896d44cc7845fcf07cfea716176cc0f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 0de142b91cfda627b365dab23e69ad00edb0085b33076052cf5f7f0ec735abc8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 +Ctrl.data = hexdata:c724c6137e799c69850f94ccbe089b07896d44cc7845fcf07cfea716176cc0f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = abdeed5d5f41fb963e1a136ac914aa35617c3cd19a56b1c975f27656b967db89 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 +Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = d4e9ecf730820bf96846489a1b717af11cf498f7b0a2a779a4064996597cb97b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 +Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 6d9189f42b5cc41f50c26ada399521e2e3a79f9d8764f00e76e6bce962169cc8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 +Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 3998b7178fef3a48ce434d8ead4b09f136dc2f900218dcfcbe7321bc9ce4ec4b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 +Ctrl.data = hexdata:e8a32347070a957786be61942a657b1e51ef0a37591e4d69e4c1362033ced9f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = c3112140c8aed04d114af73b6f245fafdc0c7ff4661ad6252cc754b9afb5b59a + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:89f7a556f3c19a2833b3313868dc11f5728880fb3ac74eb142042bd5e951a1a6 +Output = 7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 +Ctrl.data = hexdata:fb6e2fffef563561a53b0cbd6b93da78597fd7127f03069b1e724312e0f1a49f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 97cddc9e02e8a54646e1d3cd1018185d93bd76743a64cef03fef3bc1305db4cc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 +Ctrl.data = hexdata:fb6e2fffef563561a53b0cbd6b93da78597fd7127f03069b1e724312e0f1a49f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = b78c86ab545bd86e890359a2c0bf695c95dec4e3207ad7c110372153328641ae + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0cec10693bc11dee75ca5e1d06cb42abba7d1d76762f7400f323b1c191e7e745 +Ctrl.salt = hexsalt:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee +Ctrl.data = hexdata:6f71510b9e2d8ef93dbdb4523bee6649f2066dbe9f8b0c1d3b8295b0c70f75e1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 8f4432e28701a3491742a5588ab506ef378d2ee46dcb9df3c2b8f1161638226a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee +Ctrl.data = hexdata:6f71510b9e2d8ef93dbdb4523bee6649f2066dbe9f8b0c1d3b8295b0c70f75e1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 62ddaed76a7bc9aa623a10176e180333bf50e2d436ab9d6df2e6327c3934b0aa + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 +Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 5a25fbebbb09a70ee782337a601f6e86e7a77cdfe980c90d2e2acf48a2426c8b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 +Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 495df78c999d00de7c410c8e964df0dbf9192231bbe1b06880b13a0dafee1003 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 +Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = d39992ac1cfbe2715b1b95affff6e23934121d3b0b54685f668f5c4473f36f1d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 +Ctrl.data = hexdata:77100f9b44422180a922b28ef83701c5ac19fdc3aea8e4f966840f9fa3c893eb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 928104946f6338386e8ac29c6a9b16453fa8c96ee18e7dd9e2f4091cd5399f91 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:90f8ba43a34bffd93495f3d854c84594e0daf85d9468b35c4dcf44a80eb31718 +Output = c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 +Ctrl.data = hexdata:218aa61bd49bc0f7ad65332ad4bb18015d3e646cacfdc72f710c9efbe01979a9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = fd0edb84e6742a9f33892c91e7fc9fe59d932c7677ab3627ede5b15991a607ec + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 +Ctrl.data = hexdata:218aa61bd49bc0f7ad65332ad4bb18015d3e646cacfdc72f710c9efbe01979a9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 25a8973e89c3f3eb3f1394df0f62ee66a7003c794876473c2cc800f7cf4c11fb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a2092cf8a9357e82253844c9f563385e8d44b89d960a7b2fffbc8d697fdcb057 +Ctrl.salt = hexsalt:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf +Ctrl.data = hexdata:bfe3f121ae6e973c2b58a7ab40295212387146eeec3d3c5764a320de2c37051f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = a2861ceecd2842fac7245facc65f6b13145635eaaabd2c3a02db6b20b91f9d38 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf +Ctrl.data = hexdata:bfe3f121ae6e973c2b58a7ab40295212387146eeec3d3c5764a320de2c37051f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 3b74970ceec49ff0aa043603487194c7c42f4e31ac4aab661f9056c8000afa25 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af +Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = c10c35faa34fc917cf0acb280fdb0c3ac513d5c86f418a99e5590d40ccb8fcb9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af +Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = f0ac9ca472ab7587b074d59824a5daec75d613da9b168a2589bbbdcd76c51976 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af +Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 5e8deab072f10d9c8ffdcda58b93ea5a61f11cf72ca0647118164a2a7fa03a08 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af +Ctrl.data = hexdata:b8d1e9993b45dfda130aa77c5319074806042cb4aad1b505bedb951a40cf2003 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 6cf8a005b4b453cc982f4707dc64bc3dc8d00602aebd5f85413f4d405e656851 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bd1eead608338b0308e4243325a02b350ef6eb5e5fae728fd73f3f9a02c3d515 +Output = c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c +Ctrl.data = hexdata:eaa65a5ab61073c13c86d5d4dc97dba62c746b6d63f4e09014d157223daf2a0e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 308ecfa294dec305f736df30570315d28b63b6c72507c1ce14c4f51441982e63 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c +Ctrl.data = hexdata:eaa65a5ab61073c13c86d5d4dc97dba62c746b6d63f4e09014d157223daf2a0e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = a41017b7a9ef987dc543e52539688cfc74bb95094693ecf6d9a1724f78ba6403 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a501370b0ffebbf0f115b367ed21f6d8816b10282a2724cb480993583f64f787 +Ctrl.salt = hexsalt:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 +Ctrl.data = hexdata:ebbe1a77c63580e02ff7b51438c736a955326403640edfbdb1812097b57c2fb4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = f2bed07ad9d2efd2718fb4da4a9dc90fa1dc40440b98c5291377beca16dc6599 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 +Ctrl.data = hexdata:ebbe1a77c63580e02ff7b51438c736a955326403640edfbdb1812097b57c2fb4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = f47f4524fd86c43d2c4c1618b03492f8bbcc3bdc1b8c8b97b4ec18581dc13f8e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a +Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 64e2482febc65460e45d3b9dad2fa847ba2ec91737225920fa4d0afb83ac4558 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a +Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 902dcd1e49c7facf55ce6dbedab06f7265a092418a235df019102b4265d648d2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a +Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = e168010de64b519d0cf575dbf267590c03b45782d875e10e193be95366d450cd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a +Ctrl.data = hexdata:0fe329b7ebec20e21a6322f657702873afb4a52dab88f7484c9cfbfd3b1c1105 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 815929e43c3624dccc01db4adfd97f0fea124ff83bfe79cfd0aa76f91e36d9ea + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:47a2f1ed109d1ed2e7a31288312da8930e8f3445c98b6a8862da85ae07507bc6 +Output = 1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b +Ctrl.data = hexdata:31748082bf14950d21b4a0759143bb70474cb1c231cd91764d5bd241de984842 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 7b57c9475d089b4798340fec63fe876f9fd1214cf0947c8779d0f4952f6aa9c7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b +Ctrl.data = hexdata:31748082bf14950d21b4a0759143bb70474cb1c231cd91764d5bd241de984842 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 0f0790d9d50286db6cb769f3b6c1ca72a8a9597176ff8c79d8969aa38be74215 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9674cae88f3468d7b34df9bd2c348b99f1a964d7ed2bd5340edae2c9c96399db +Ctrl.salt = hexsalt:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c +Ctrl.data = hexdata:6db5315252802b3132297f0c49983ad9b406bacbb256bac50189a44055bd1819 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = b0beb402fbbd33be12a60927c160210f0343c31143945d0320d0337ed1466aa7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c +Ctrl.data = hexdata:6db5315252802b3132297f0c49983ad9b406bacbb256bac50189a44055bd1819 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 09bf60f0d825d1fa6696e0d52b93dd40cc1087bdeade1eb0970f55bd4cbe85fc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c +Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = a5150664aec6f4600ee21c9285943f26427e399a7d348fcd291ac804527be921 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c +Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 695dedb2a8762a90ec40ea1c6c1cbd592b0106a7833df9a4d07cd108e62039bd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c +Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 389d8adce83b1b0aa6574155e62c22d999b43babb388d9223c0ed9f1fe458084 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c +Ctrl.data = hexdata:9a38f4bc144df26d362f0249ed9a47ed0d29c2c40e566d0a688584303dcc79eb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 4ba917b3adcbc372aa431bef94a44a4afa1b528ce9278aeb79a9bd35885ad745 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c4c9a0266ed3b657058cb9674c530247a09b660954cc26b888a2d56e579fcbd82ef6 +Output = 3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 +Ctrl.data = hexdata:b10c0c2d6a38f88c89be8f5e7a37da9d7fda20b021ccab52a1eccaa722f64691 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 08a4b77232d0c46ff57fd77306a2ed3edf0f10272525532fb69ad88c7d01a785 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 +Ctrl.data = hexdata:b10c0c2d6a38f88c89be8f5e7a37da9d7fda20b021ccab52a1eccaa722f64691 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 2b7574a39cdcebe3f0fc50a42422cd227d72164203661ad3ab0146220c51d638 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c +Ctrl.data = hexdata:6a593ba39e4ea72392a7fc4198d56c01dd25094c808f9dc8f7ed39e808dd1e58 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 3c808386d173aa3edad8e0eb9e9bbec629d5a00d3503f1a524aa75c7e8ff4002 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c +Ctrl.data = hexdata:6a593ba39e4ea72392a7fc4198d56c01dd25094c808f9dc8f7ed39e808dd1e58 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = db33c5ae5c8b525ebfa000d5446c62a4b2469da9faa913c0694f154371e2c16b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e +Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 8885938e3e4be164c56aa53c52695ba4739c6fabdb51a9ab2b35423ebeec2416 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e +Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 3e7d7c5f9ac3a184715ed7a45d68da393cf07a297456849ec671e1a3b29e1dce + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e +Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 86e5c6fd2304433f8532a1f863716fc09022346a2f76e2d52fe03f8294fff882 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e +Ctrl.data = hexdata:1a06ef15e61cb724a2f84f51c9ba466877261e5597858adda4f461d8cb5352ef +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 426b2739c854867d4ea7b560092786a4601648d35505ad8040cf67b5978a5f25 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:925f595de96572a2e8c35346d9beeca43329f3a66c96168d50588f4e262ed01c66f2 +Output = 3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d +Ctrl.data = hexdata:4abf7521447134215ad896ca371e0cee966c0d7fb152b98ca4bc872dcaba37b9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 7450f33c7ba624e4151bc8230df0a7163c164f863801949102d4e9715e4813f9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d +Ctrl.data = hexdata:4abf7521447134215ad896ca371e0cee966c0d7fb152b98ca4bc872dcaba37b9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = c6047f5c4eed302b627d1f10bac575db43a29e20a4fdfec20975c8e63a410205 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 +Ctrl.data = hexdata:574d667be4aa6d090fb0bfd15eca6188004a2216969fb69768b786e1dae03978 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = cce2f4cf5dc234c4c2366488a8ea141a5be0ec1ef1418aafec947c08d37325b6 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 +Ctrl.data = hexdata:574d667be4aa6d090fb0bfd15eca6188004a2216969fb69768b786e1dae03978 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 2a3c42a2125c21a7bdfb1902dbc5ab3df1cee0d496472c841751128b4f6ba7ea + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 +Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = efd8f8e08644e81b8a2068d59bf4957da16f376dcce547d485f35158ed934463 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 +Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 1ec28e0fdb42e283058c3cb093b64b2a51f25f309f6903736de591cb730b0d59 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 +Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 1cd2d315b8720a771f7b8d84ee19704193a3ad7f903d62561d51318fda4ef8e2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 +Ctrl.data = hexdata:6094455245209c442e19e5f313534da9f9c7e5d634d443d8cd14b9e9b6d778ab +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 7df15d385663c45a359e5d1f4b648d6e77156b48e3d382db08cb26d3218dabee + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3a985db779275ed7c23af0f123220d862db237fc9ac9834e76eec0692b1e98055c12 +Output = 75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd +Ctrl.data = hexdata:1c80ac5d876634b04d7dbebfe687fbdf2df7f82df4e6549defa8e691b26dd3ad +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = adaacbad9407c0c69632800eb3c7e5f901af2bfae618fa0cbcf63fb0064df997 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd +Ctrl.data = hexdata:1c80ac5d876634b04d7dbebfe687fbdf2df7f82df4e6549defa8e691b26dd3ad +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 70a6fd6201cddc6ac218cacf4487be2c23382e9a898a8e959d443602e66bc9ff + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea +Ctrl.data = hexdata:64dc967779196d895cf649ad603cd1abb1a9ac2f6e52df74c02c9fc38e0aca5b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = cedc4ca3f6acfc0495e9c4aacf236309e80688394296baab08b2821d8adeb3b2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea +Ctrl.data = hexdata:64dc967779196d895cf649ad603cd1abb1a9ac2f6e52df74c02c9fc38e0aca5b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 22d95b8d42edc48c71e82ef68f3d0adea616742d829ef8dc40ee5a4a127e0c2f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 +Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 36079cac5cd69338b13cdf43902c52353c0ad3bee52d9d4b80bdcbafb896c1f2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 +Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 5ccccbec1e524afdbfeb3f79eee231445ea4b970775ca44780b836278459e800 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 +Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 1f99d16935378ad2b629602be4902ef36803a0456f4b412dc60069b02907c157 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 +Ctrl.data = hexdata:53fa7ef57bd948347ee221a58e0357e5d64fc68337a40e1a2a955c362305b7d0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 3f314a8cdade0c8fb7a8ada062c076cdc66f48ae85b06e9866823071b24569f6 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:147e5b2a8c852a29cd2dbe0889eae5e127c08c7dc4ef2fcd10c7f074132b9316f82c +Output = a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a +Ctrl.data = hexdata:c029b25f3eeaa245d3b16415a9dfbd738f49972abd20cedf77e712e34151d768 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = cf72dbf54ef12ad90c826cc5f745332a051bd22f3d4a4980e38ed5c91acdbe00 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a +Ctrl.data = hexdata:c029b25f3eeaa245d3b16415a9dfbd738f49972abd20cedf77e712e34151d768 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 04e7fa07f592562b442f41403f89ce197a777b890dd6ad4a37330d7b97f9297f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 +Ctrl.data = hexdata:22ef82f8cfc550dfed76234ee158ffa49e142788d40bb8f11503df76eaa414ee +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = e86ea8bf6c00c4e1415f55ffe5c6fc639cfde1aedb549eea54e536920794b677 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 +Ctrl.data = hexdata:22ef82f8cfc550dfed76234ee158ffa49e142788d40bb8f11503df76eaa414ee +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 4470d8eaf03e31af06885a327decd84b44b073ed040d81e223cd40e018ae3ebb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c +Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = e7a16831383b4617205c40de58a169f567f4c612b2c07667f10b61a4b137a088 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c +Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 912010401679c0279d6e45cc968232ed8cea41b66dc80fa5ad1d4ac666a38873 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c +Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = d3ad734749b9c723c3a4186ac4af12e70a6c8f209c96277af7caaf0a8a30a284 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c +Ctrl.data = hexdata:19c68fab2d15ea5cefe7de3478c9207f8321be8045ff3a3463cdc0c11dbe7cd1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 6acd62983abf673fc0884510ca8c92f617089ad5dad4b16b4a9c43c45af97020 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:d3b971aced61ea7ec4fbe922509a9f7184ee8fec3758728d199a78207ebb14078e68 +Output = 5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b +Ctrl.data = hexdata:62b7f550fdb7e6af518714ff659c8539fd5fe2cbefa7338dd4f01cee8734a744 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 747dd5593aa133934f8be2e7c92e7431dcb5c369222a2d5c6a8142435d1d6df5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b +Ctrl.data = hexdata:62b7f550fdb7e6af518714ff659c8539fd5fe2cbefa7338dd4f01cee8734a744 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 20a8ddd7a7d1ba973465bf35610018bdc54baf59dc4984a6dad05d11308e4952 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc +Ctrl.data = hexdata:88cedc1856dd0d81e3af6a9b320f05d3d005bbb3664f0fc912e41007fb8645dc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 8c8ea28aad5411f3963ad2827f2bdc84041cc6da53c7400c998c6434c5c15ba1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc +Ctrl.data = hexdata:88cedc1856dd0d81e3af6a9b320f05d3d005bbb3664f0fc912e41007fb8645dc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 123b12381753a82aeb705cb2c3f2a2ae729511f1b1c92e6be3e587b07fe4c60f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 +Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 5a8fde0ac38739f0eb2e739b440530c3943b37ad26ffaff73f2904e17bde058d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 +Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 97e9a4d00eff6997d6e60d5a060851d7c1f5c6878ef198063fa5a3a9cc77e5e9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 +Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 5b596ab4521a354c141898211ac96fdf6965931fb142ca601ec5dcaccd900f39 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 +Ctrl.data = hexdata:622bf37da14b1110ffd9fde15a8b34b5a9192b7c003279df2d779a8441eb832a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 86fc27400916d558eb24e277ada87cfb217bb41993b5947049eaab30ee1967de + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:6e9a209d728b63a2649820ecba2439c3ced3facc56973fc63359e73f1fe8a5f0 +Output = 5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 +Ctrl.data = hexdata:d222fdad7a1eaf29aa5c1699fb2c6452337e6a3f4eed5112706edc32d2aa5942 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 4b3538bdc30df6f4052310a5f66ea6de2ca506a22a0e3631b2d3eff387dd2425 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 +Ctrl.data = hexdata:d222fdad7a1eaf29aa5c1699fb2c6452337e6a3f4eed5112706edc32d2aa5942 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 377e1abcc286c58d438f146ceb39050d453a1b9c842ed8d9275842cfac27484b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 +Ctrl.data = hexdata:6f19f45a25846f2a30639c6a150a42c060007d3a4a637f9a1949ff980e151270 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 992ef872ba2d217c7e2256e42a2e4391a3482105db09fb0330813f4ae093d8ec + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 +Ctrl.data = hexdata:6f19f45a25846f2a30639c6a150a42c060007d3a4a637f9a1949ff980e151270 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = e439ad92cd58b349cf2d44ceada80f0dc62cd03a216c0a6e98b9c4faa762e178 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d +Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 5915a67e1934c6a65cc0ff2a8101d2ab42c1d2fb448374cc4a4a1aa5b79304d2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d +Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 1526a83cee865495333b13328e5b6cf6a6f42f1cb354d5e0fac6ab75e32a059f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d +Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 4f7a8ecd191d6b18ede079553a6472159aed46da19f891349e94d14517614fe4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d +Ctrl.data = hexdata:27c96e77f7f7e4dbdd958348ce3d95683f3b78652605fd41bc02280c091d199e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = c2d6e4992b13331da0843572e55dd0624a04067c9415a2f231f08e86d496fd15 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:d339bc83462b544456e27a735516d50bd330bce6f39d0c388a89ef33ac209001 +Output = 4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 +Ctrl.data = hexdata:7b21856d85c0ed268cd2bd0fc5065edfe078c97e03ede2cb7912ce7615763b94 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 977fc35f7a57f30e6509cb0a2ad9ad5cd1bc18d9d945ef3d6efede51ca727be6 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 +Ctrl.data = hexdata:7b21856d85c0ed268cd2bd0fc5065edfe078c97e03ede2cb7912ce7615763b94 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = a0a444d95f34b3abd80fa9c61f00e522ebaaba9b0b392bce0d5bdd64c66faea8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 +Ctrl.data = hexdata:5212d18ab2b3f4749a2fdc8f7c5bfe86582c3ef4b82fd15e4fbcf679845a898f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = ae767de352cd5de70f06fa89c97c384f3114459d2d34358254536d6dc2a51a43 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 +Ctrl.data = hexdata:5212d18ab2b3f4749a2fdc8f7c5bfe86582c3ef4b82fd15e4fbcf679845a898f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = eadd1815582776d2af4c5b2459884f636c668ddb4f9de2a3c9d748f3d30c6c55 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 +Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 05df2e13f0bbc39095a751653198fbd71316d60f0b0ff34a571be0f24a0110e4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 +Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 7548a168eadc002e00a9f6992464d89053a09fafe5455424043e88625f6aa1f5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 +Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 55d8638f0b4e4a8c0c86a3b499c1f5a22c4b763f74f34415852fe66f5b14fc64 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 +Ctrl.data = hexdata:ef6958939a40f5a6da5514b25c61e65c785529da24b7abe4c2ff24de90e22865 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 91621081e013738d0565d87d48299f9663e9cb00ea10de8b4e524faed12b2549 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:10cd69a2ff07b9fc1b97f048ff04f76bde83ffa1b7c55a7c90f4a335c678e603 +Output = 1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a +Ctrl.data = hexdata:77c319274f0bee551e4ff02d35c109527430249982634b83620d555df1fc1b19 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 4a274d1c3ffb31ccfd02b822c58e22540a08e8805467949049c790523f22a521 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a +Ctrl.data = hexdata:77c319274f0bee551e4ff02d35c109527430249982634b83620d555df1fc1b19 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = fd0c1024664dce62f20828f6523804b6c3cf8cac1d0c226ca82c216617749278 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d +Ctrl.data = hexdata:09579596d89a7bc16f6208f1b65d0af814a2e7dc2b5752153b01ebd403835b24 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 649f88a321910f7e079515517de528f096ad00b460f700ca3a42249ffb0f198c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d +Ctrl.data = hexdata:09579596d89a7bc16f6208f1b65d0af814a2e7dc2b5752153b01ebd403835b24 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 591cccb532575b11f3f7644305fc98b39b4ab5e857884b83f112eded0748d86c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 +Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 3b5e42c71b7f84c0c533c5b33fb677e5dbd00fa19461643a9f9a28ac68d33a34 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 +Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 0755417db746dbca652cac12fc9e272f2ee1d65b7ddb95be3a1458cc0feb7ceb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 +Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 7e518bab7a36df94f3e43c022300afcc5219c4a0b0353d7ec8d7b81a957fe8b3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 +Ctrl.data = hexdata:05e757c9c7a0a88a5242f101a8b9813ff7c28cbb60f82fe8d64efb3b29e2a35f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 9df1f3a9a73ccf046ae832e6567f0381df1c279051d5e8d3d438533a8e3c286e + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1d6a3ca45771b6de38bfa21ef1b18c7f392dc245a40a678638ff703bc429cdfa +Output = e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd +Ctrl.data = hexdata:b596924c279606af433ef8939cb7e2e8f22b1a4c58f868f5e9b8b66f89f95ec4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 35379b66e3989f860493b7f1a19d35a6b1786ead286f058b291a9e45f154984d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd +Ctrl.data = hexdata:b596924c279606af433ef8939cb7e2e8f22b1a4c58f868f5e9b8b66f89f95ec4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 3c06224ebfe816c633c1ca1785d1b9c234b41a050608cd24d3873f3e8caf3c6d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 +Ctrl.data = hexdata:39f99c22b551a77eadb49cc2df00c0651bb847f678394c04a9663ff592122daf +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 9d2d1d2d3aef26d116c4e8ae64c9cfc785c34b4e48ebed03291c05d97fbed48c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 +Ctrl.data = hexdata:39f99c22b551a77eadb49cc2df00c0651bb847f678394c04a9663ff592122daf +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 8def30bd06498ab5d3687e1d5b7b255a4d8f0a350fff033e09fdedac103b33af + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 +Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = e45932f62656d9b4a4424d25b0dee0edc4dd7e5cd97ed559826ac2dc8753e234 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 +Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 79e88b3776b65e1cf86e1652c1fa503b0fa9f425fb2d7f12ed980c82aea480d8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 +Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = a99de25f23b4c3b53e0f94c20e4cacbf69449eb6662ede20ecaf80f4b3588549 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 +Ctrl.data = hexdata:093be188157ab8ebdbc0862581178d451a89a496eec1d75a735c63745346d07e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 5d068f2083afa672d025b89c6883a7d47899352d1f534f757cf9d046f42f2158 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:b5c0634df696089d878e37b775c4c2f03f42748cec9dfc12661a8b888ed40685 +Output = c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 +Ctrl.data = hexdata:d4d8e30ea5e596830f165ab809b9c541383d621bf5502b83a27ed3ea2e570d2a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = cb5f4de81d60d9d8537b365b4311014a1380808c3b9c3a98a25dace58c0961c4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 +Ctrl.data = hexdata:d4d8e30ea5e596830f165ab809b9c541383d621bf5502b83a27ed3ea2e570d2a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 7aa5d4b291c159958c1781f0833e8dabf48ccd0d93553fbda644fea6ab1d730f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 +Ctrl.data = hexdata:f0ef84594377b8878aec3361beccd2c701cd1fff0bb1d091bdc960dbcc03ed2d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = bd18fde839dd5b186595135f6cce58f544c35168753489956d3bfc1691fdc9ea + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 +Ctrl.data = hexdata:f0ef84594377b8878aec3361beccd2c701cd1fff0bb1d091bdc960dbcc03ed2d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = bd404aafe66f33b525da924eab5a01330eed5e6792c18a2733594efa5fbe1770 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 +Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 4a28e31a44a9084c31045bab3cd9ca4bb7cc6c0a7a3339265919b6dbbf9bd439 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 +Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 8f7bcfb0a364acb09af591dbfbd1f5d76a1b5da68eb86e22633e3d4ffd4ffb3b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 +Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 3d5d45e78c540d05a19ee723ef075ff5c30e4e637af9075a519224751bf73cbb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 +Ctrl.data = hexdata:0f147eef330ea13e24db0e4f0f99ef57e226fcd893bcad0aa775736043a5678c +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 865f8cf4b1065211f6c79e2a269fc5d292c496389458ee1defdbdecdae3c178e + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c83e2d0710fea2c69df3ddb8e44ab8eff77b331b5bab68693150cb57024bb513 +Output = 670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 +Ctrl.data = hexdata:b91f2426c7a814aa728b0d066803bb5f5ba89053a107093525bd37b8a228bbe6 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = da288713ae469437c7d49934f87461dec0884cc1c075d0c2b80467c9b497493e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 +Ctrl.data = hexdata:b91f2426c7a814aa728b0d066803bb5f5ba89053a107093525bd37b8a228bbe6 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 9c4d05cc523e7486fa518512c15697e8da785182c9a07553d185634653ad57e1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3b2a40cdb43badc2354bbcab3232f150a29cdb6d701a4d954e53f93122ddb384 +Ctrl.salt = hexsalt:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 +Ctrl.data = hexdata:106c8ade410c1a7972f9dcd60fde846a0652ad92dc3737120bceca0c3e316bac +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 11ca6d097742c16dd5b42af8508d46771fac61ad30120f1eeffd90b8c0ecb0d9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 +Ctrl.data = hexdata:106c8ade410c1a7972f9dcd60fde846a0652ad92dc3737120bceca0c3e316bac +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 4305a71a34bdb5e0821501b4bdd271593ab82dd4532cc273fed3db050ac2c1b6 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c +Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 403399b9a3b3d8c729e488aedf59572057288184d845f65762965638d9044f02 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c +Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 84c047db046fe61aff8a08b1baf4d2d19cc64e5d8520e0a7b0d53cf1c4a0d931 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c +Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 4ff1809a55380799faac1c9e7795f61d2f2e8d94e05076a863cf0624b2f7910e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c +Ctrl.data = hexdata:b3a2661fca9d2bd11f011da167daa18d7d705dffae6987ef1410fa932543bbc0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = c5fced915b2f444eba12a1dbda3487a2054201378640682a3a668a1513f6a232 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:76d2def296a73bbbe2c0c58061fda9a8486a65fe0d25a312061a33de39665229 +Output = aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab +Ctrl.data = hexdata:f2c3f79a329d8a0a0c71fdff27d21b4f5396cef54eee48e8d95823730af5c7cd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = d2a135057bcf8843aed48c7c37a8d891ca459ac6def66950c57cf849a60cad9b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab +Ctrl.data = hexdata:f2c3f79a329d8a0a0c71fdff27d21b4f5396cef54eee48e8d95823730af5c7cd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 5c920375f607f4b1a179d31aff80074b3357108960051a22de8e001aa6979c0f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3313848ca37d8491646fd92c252257742d983c65090bc542c9a03fd4b26e9b1c +Ctrl.salt = hexsalt:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 +Ctrl.data = hexdata:68952fb6f6fab9968e16044c7d3d6e29f9b4cb969ea37d3b89317581242a51c3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 929e776e48697a19220f40bcdb91d17aa81c72609dad9e44ce504a9b1b1a3666 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 +Ctrl.data = hexdata:68952fb6f6fab9968e16044c7d3d6e29f9b4cb969ea37d3b89317581242a51c3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = ca770b94d778f80d7bf5e9c57385d311944074fc971d4509666d9fd2da082f6f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 +Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 9cbdcf2aab74218e206b09990759afacf0b0fc6e9663df2ef3b1be8baa04137f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 +Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 68b56ade508cb9a80659247476e9bc51e11a2bf8996abcf31ef7ca40db8ce038 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 +Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 99b1731836e008fce195b2656a978653fab931ca7568538ea445e07758eaec3e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 +Ctrl.data = hexdata:9d6de017899f4866cf158fbcdff17f9be461b515424fcc68983ea14199b4f93e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = cfa68b4390998107c071a7a7f05aeaa67c399fbc74ae078d239953d97a9b192c + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:84e4720169f84d06305f31d48bc80c38533262092dad037431595504652ad812 +Output = e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 +Ctrl.data = hexdata:629f374f2fbca62af9a940e8dbfa469605239b9af3d1a9ad870a5d09aa828d4b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 4de207e64746e30b0422f9f61bb0d62f3e1559685a5b6231491dbedd7e7d3c70 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 +Ctrl.data = hexdata:629f374f2fbca62af9a940e8dbfa469605239b9af3d1a9ad870a5d09aa828d4b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = f98601cd853b472676a12f4d2b0ed496ded451aa7255f2261d9bc6b0e1831e26 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0130ef5db75ffa78e0dd43c3c61d887a9153044d2ac8fe4046bb2b0c38034715 +Ctrl.salt = hexsalt:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf +Ctrl.data = hexdata:cb3e464901236370574fdb6e62e3578d6d055b13352bb009c7524be5046fe3f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 5e827d8f0a5198f40ce9a179220c64a5be7ffbb7238a7ce3924af12435517829 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf +Ctrl.data = hexdata:cb3e464901236370574fdb6e62e3578d6d055b13352bb009c7524be5046fe3f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = cd3650173b74032cd5923eedd2ca939f4986071612025a3931fcbdae424c3fe0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d +Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 87c29eb07ed9d69f4f17d19dbe7d792c96243bcbab5a6ad674d476ab2723f3e9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d +Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 1bea4e5a0cce346fcf3784bbea219060a733bb9b3d9fbcd51b230df79e7bbaf7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d +Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 56ad7e5af0a0c80dedf12d1206d731527e4a19d821ca666b887532da4dafddc2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d +Ctrl.data = hexdata:2f35a4e79e594f9552231c0a20b1c044f335970e1672fcd232ee080e0b1003d5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 439199cbd6c133c77a01fd46314381dac23f9f75bc25a5b6bd3a0c3ae65c213a + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:846579bee2d8787197afac0ad73a05ace42fdc88973863867f7034edaaa67bab +Output = f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 +Ctrl.data = hexdata:09183dfa8773dbcbcf4e956f909e91f9dc01134b4f3e478c2e9157c74610d4a9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 539cbdca2eea93fb99498a1828d74e538110602331ca05e2e0a33904dbacc7e0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 +Ctrl.data = hexdata:09183dfa8773dbcbcf4e956f909e91f9dc01134b4f3e478c2e9157c74610d4a9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = c5eed5ccc461fc4eed16ba2d4e73e61ee5e1e65fd37e4c683f754f69300b9d0f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0dc18e5c75390fcbff95fd629727fb8561efc9dbf88875aa37e59b204876d016 +Ctrl.salt = hexsalt:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee +Ctrl.data = hexdata:439b9eb6fc068e5c2709a044c98073d498d3151eab2237fc285093c6486fae8d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = d2ac822767a490a8087be7adcbcb2e213a98c5bed4a54c827ad2fc19ac0084e1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee +Ctrl.data = hexdata:439b9eb6fc068e5c2709a044c98073d498d3151eab2237fc285093c6486fae8d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 06613eeefdc210ff2624820604ae88d7160de324b8bfbb279b40bb0caea4b251 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece +Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 382e756a88f3dde4b775bc30064877563716e48e05c70382c4b4717b804f7900 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece +Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 08fbcf658bf0ccd792bf9486c8304d5cec3e066fb310e14c642b5e838a80cec2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece +Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = af263cbe584c6257872182e4259e90dacce4e857c0971e63e90ef68313241f09 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece +Ctrl.data = hexdata:db71bdb1435bf594988f4288e9c8aa9d1ffc400d3b74a8f166dfff72ac2d251e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = f79d066e915aa9fdc491b522536fd389309d93b9e386adbeabf276bc18826a4d + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:1c48bc355454d145972bf3e2fea127c34443a214ca2df0873d78db5610fd5598 +Output = 4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 +Ctrl.data = hexdata:a65f378bd6b9e498256afc30f268d87f2b93e95925e361f5a5f35198457bd3f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 6e9db9369095c899626c20463ddd98d1885e41dac533981bb0d0352ef9874697 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 +Ctrl.data = hexdata:a65f378bd6b9e498256afc30f268d87f2b93e95925e361f5a5f35198457bd3f0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 93877fd5a8a4b5323b8561cfbb0e7cff34d63db1f6c0783de9edaee832a93026 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:ca08248684cb6529a53900f08a28734f5722193c21e8b01b99b968a4711f67e6 +Ctrl.salt = hexsalt:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 +Ctrl.data = hexdata:4b485da6cf1df86af0757b10a0f99d422a667444c42ea732c1ad9eb91b8a1200 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 18764172b9bf192527e7640b553c49785f49b17c139aec41d9ca711ad5c5aaa5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 +Ctrl.data = hexdata:4b485da6cf1df86af0757b10a0f99d422a667444c42ea732c1ad9eb91b8a1200 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 07f5837669456a7a5cbadb1f88e8faa50a620e1a0577ef3c4304f4679596ba4d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.salt = hexsalt:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b +Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 1f145b433d726ad8aed2b3d7a91dbf7dfee700a3a82650c496785c898b7be0f8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b +Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = ba32a25990ad0d52861f0e24e283b1bf2f229c14649867415b8d0ac3c1d55b8e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b +Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 8d95c36d97d0d724a4a925d30db54fa9a00a7f40491617149f354f6a22abde69 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b +Ctrl.data = hexdata:9581b3ed9dff21ace07228323489626f403dda4bf997885e80e23edaaa988d52 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 62750f7ddf116735e656c7014c9243b6c57a84f0ba6088f28deea97a91c6f2d3 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:910113657bdc298e97ebedd20511eb096f973f55fee0fcbb2d9cb5a686e7ed200ed417839066bbea4c05209434590daf +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = b7af828d2d478d384d2a3c49e4068156de9ecefce3deebf281e2cb0947cd83dd28d1472bcf4b0484a9e2fd3b33d3cb81 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:910113657bdc298e97ebedd20511eb096f973f55fee0fcbb2d9cb5a686e7ed200ed417839066bbea4c05209434590daf +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 98aaaed14b4ea329d9e1c2c4ae4e1c9fc74b58ca5748acb35be214cc106e23675ba8e7e95bea77aabdcaff37b7180953 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:69ebe2a6f0cbc6bda4f1fca02786df58a9abde209e15ca02ed167ecdaabaf78c26 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 +Ctrl.data = hexdata:53d60b426068e463f9d09308a007d0ef27bc8d2001f045afa2d7a3888d47b1d774ab3e7102ab901065b8e242dac6722d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = c087814576d3a18ec8cf9d7e0fd4e720f0e32cada8bbfc59d048376d57334ac6847dc2f2e642fcd5f100e187d728c626 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 +Ctrl.data = hexdata:53d60b426068e463f9d09308a007d0ef27bc8d2001f045afa2d7a3888d47b1d774ab3e7102ab901065b8e242dac6722d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 0d6a7b15387fb7d8a748a07ddd4b6dc3ed9854410cb6c18515d013a8b0496cb3df1bbad7fa4ca64bec04e42362315269 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 +Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = eb4e606e2198835b8733a026ef1c97bd7a8df3da598f32494ebc5809cf697c7999e0154c56399a60ec20b705d50ed9e0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 +Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 580bb4a16e81ba7b21b1ae7688037bd76684dd8e5e1e9254732685acdcd44dd1a1ce8126815fcdb42f47ac6d8ac7d4b0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 +Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = caa396d3f1b8bfce67752855df1b5150b34613f74d6f02d6f1c3d07cf1f64b1c69d8e4cb129de293de5addca635467c9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 +Ctrl.data = hexdata:37543f85f9c51e29d5bf1efeb8e82d35633fc1e53a6947453f579cbf3424e036b2d287b068079f9852cb2ed0b1577f65 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 0cd8131737f5411766ae31c739a8cf9c6156623c7e8a61960b368469db3df24be159f0dc3ea33489db810edfa38798bc + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:a807a39d8f59bcad113f00464839a49f2ea7bb3bf10ae124e706cbaef8438a69529d0423049659f41ca3bc879f135714 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 9ea652bed125a4f5eb038bb92b45bb2206a885536280cdd33dc04837b9f243ce60ac08f6a1b60e410e1cbe6da2d1bfa5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:a807a39d8f59bcad113f00464839a49f2ea7bb3bf10ae124e706cbaef8438a69529d0423049659f41ca3bc879f135714 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 379bac9dbc4c02bd651db88b2109402259526992a6be8051052046baafabfcba43ecc95b85b212eefeb82abb9bf6342c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:afd957f59d3891c7dc0274a3f017f1002e81694fdc48890f9b1f174eea8335ab20 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac +Ctrl.data = hexdata:fee3918af93355c76f410e931147484daebf34d71a32e819f92f294e083880113542ae4f2046bd047abee01919723690 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 8cf001ed150ee074eef37bc5ed369b46e5f47b022cdafc1feb8b506037983e2d7344ee7836348d66ad945507adea2852 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac +Ctrl.data = hexdata:fee3918af93355c76f410e931147484daebf34d71a32e819f92f294e083880113542ae4f2046bd047abee01919723690 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = f920e99ce8b8765d9a4656ee00da97d5c26f9c9194202de256a27be7414ef6292bd0694ec07b6a7ceb50d31cec440645 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 +Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 7053327731504219b522361396d6aba6d401bb4b5eabb9d05065c97b30b1cf704418740437b5afe6f4c3e1663d4fb602 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 +Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 9b8e8196e2aaf0e1d8840fff8d17f7b2911a4f8cfd06a30d05a28792b4c6800bd0f0bac01552945733e7995ec67573f3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 +Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 48f982ca8046c850fe5431eee4c043e78c0a96c7ba87dcc97b9afc69ae2d0dd18f9fd2054f811976774098a91f7917b2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 +Ctrl.data = hexdata:5f458dd3261694b6a3f57918a94dfeb7c77851441bfee4dd2d118051abdb945d37c74bee575fe52d71d6ff696991893a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = f3a292849c0daa0abf9257cdd5b5c2f92092a904a80f017d1020fbe33637e2733d583332aa212d942d70f7fe30f15677 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:02b9fd278f70225406d715dd78eb54405fd19f9556e4a8a77882c6a63f9dc220944f27030c78ac1262e382fa95feb5c8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 3cec2e60c6386fa9edad0635132eab0ece3eee9bd71e8884813cca61d3da3a7dfbfd9a4775a9e69510fb9455cd9bdcd9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:02b9fd278f70225406d715dd78eb54405fd19f9556e4a8a77882c6a63f9dc220944f27030c78ac1262e382fa95feb5c8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 80c3e31156ad5bfd762b27d3f30bfa8a12f26eb0eb41ffe5cb155187b9a50178856f54e97076bb57518caad873cbd9d3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:0ccc950ef8aa96c6b282e24741769bfb271d08a8b59324f6b08c6ef700d9a57049 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef +Ctrl.data = hexdata:44aee84be26ed9e08590afc301ef29fe2c6ce1aeba54004b4840f2d42433edc310a4401545cc80c0db2adbc7764dc5a1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = cf114347819d9818f848be8662e1d88125558b48c5aa85b9fc51cb21934eaf6821c281beef7e8daece6ab7e48bdde433 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef +Ctrl.data = hexdata:44aee84be26ed9e08590afc301ef29fe2c6ce1aeba54004b4840f2d42433edc310a4401545cc80c0db2adbc7764dc5a1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 531d87cc6e5319d60dd7b3b068249930572459219ec6d7dac14ebe6e79619f21a2cc370086f2090ac52e4e361d715ca5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 +Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 92f638eaff114606821a19f881474502b3e761f70dc6b942280fbf2bc2b37976b4dc9c92bedb3c62e0a57d0d51259f75 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 +Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 4d46be5133166d6b700177efc6ae82d6f35532d2bb5e25b7e8dc4cccbe8f3a2c232002e3ed88dea06bdfe637e7f87f65 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 +Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = bc93830f69c49b15adec691b878ad08eba5bef6e721464dca985473456864231bde995571e9a3762d5db89c9e76f792b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 +Ctrl.data = hexdata:6847a6b4f5923482be779c96ab86e9f0e05d8b50d3deaa160f9806e53021d0eaac196371f01b0e523def730935ff5d60 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 35dae76a13277d942955c4a0ee6f03d540493184bb609be848d5ce0e0b3bdabfb62028e60eb006c1ef4dbcd5b5706e79 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:0bb979afa49117daa4a48360472aef44c6ba3d8fb56ff276e6c54aafd5d975c79880dece805db219641fc36bd2e0163e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 8523607e3e5c9af1847211985f78397ead777b35d4b105c5176593131f3530709c60c8585b44250d770a4635db1a9980 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:0bb979afa49117daa4a48360472aef44c6ba3d8fb56ff276e6c54aafd5d975c79880dece805db219641fc36bd2e0163e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 638a7cab97994346d8a0cbab1a2d62ab83c924d91a8e4cd0df1dfa5e2803ff0770d41dd5000a2e0794e06aedfa52e43c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:cd6f89d27bd11c9256080283dbce48f51375f74ae31658cb811c0bf8f991f11311 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 +Ctrl.data = hexdata:f76083df586b29987add3fdef9656d763e2cedb1acfa6a8a2fc9bf0a3f8d89b9f4945bf31614239f224656f24f101a31 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = dfc278a206e08140fcfab6dbd56687bbf8279e5669c5272dc737654db955168de3e796c1b96dbd5f54ef31e578e228b1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 +Ctrl.data = hexdata:f76083df586b29987add3fdef9656d763e2cedb1acfa6a8a2fc9bf0a3f8d89b9f4945bf31614239f224656f24f101a31 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = cf79486a3d6be7736df39ea7127b32b6968f7cfed044f6f1fea84cd63361e11582689aa5b9c082c93c466e9265094da5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b +Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 5f3cdcf3ba4ace0797f4057bddc682a08fc87f8dc1fc22ea081881bfdb4d12e304339ee2afd4de9d5f532656fab410a5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b +Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = ff655c4b338b8db54474a5f810cef029c9fcd96f7b264818692695373f74585f20584fbf434d200f2b47862a797ed052 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b +Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 78a1e7c8f28704c2dc74ad35cfa88d79858449099daa274ff6fbc8c7ab60a00949e7c91f50bcc2f351af349fa1f4d912 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b +Ctrl.data = hexdata:5d469943c925e80019b2e5e7c0556cfef6e6184125a1e9f1455fe7df95f8efbb5298f033c7a34a0433af8c804d4d08c8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 17fccc64a56ff0967de7552a4dbe131eba2fea98dab6ea1d8b53fa86ae73b6ba837d989080c2f3cb7199b533fcddca0f + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:a6189f3e10d03aded1fc28843f6a903ecc311595a9b65dd9099dd7fe00a495be739865040a612f8050cff809f20e1b20 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 7b4fbea544f26b5a16a26b9b9b45a76531871daca970f56fe121de31a718abfca41c041d0c7a5da3c65e6635e40a53a5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:a6189f3e10d03aded1fc28843f6a903ecc311595a9b65dd9099dd7fe00a495be739865040a612f8050cff809f20e1b20 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = bd94d381832c448f4ba15c98343152382b61903d0f4644ef19ce53a75507a3eae68cc24114aa67c6a6e42a20f9358e1a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6829094ea40dfe78cb9936cf95eff5888ebbdb087bb287b890ad2ab124f64d222e +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 +Ctrl.data = hexdata:b0c437bab8cc1d0cd8e0bf85f0b8d26f9e7585646b331a0c45065239dd1e7565b9988f7e8f8ea2912a015b2163481f3b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 11edee9dd7f7f70a1106b9db5096cb55acc0ddedbac1c042c9bbcc9ec95f60c7428af61fcb30f83e9f324a1d0833f743 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 +Ctrl.data = hexdata:b0c437bab8cc1d0cd8e0bf85f0b8d26f9e7585646b331a0c45065239dd1e7565b9988f7e8f8ea2912a015b2163481f3b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 7836f550debcc3933937f7d04fc6a5d5150f220a5bd6ea6c743aa843027ea8c97220b79f746d08f8504a61f7b5815e11 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 +Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = b13cde3c6dce710537f6eaa538feef006710081d4f600e2fe3e54c82c217db99cb0d616b79b43f0a3b4c6d477f379432 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 +Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = f31d0fc7abc50b7b4e671eb15441b559d635f928b3fb406362107d6312aa2aee8e6edc5904f275e145bf699b43e91dc9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 +Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 18dd5faaa96109c04f4f1ebb454b259aeedf288938c75bcb53213789d5efb450cb068e7fc82f8ddf934108390d1b8824 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 +Ctrl.data = hexdata:097d40e52726a966258ad8860a005bfc09d00502ad4a8bd741188d95a1501bc2468bb4ace05aa6cccb3ce0664de814a6 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 3b5fc3f285bb93f59aa710cd294443a8e2835ebe170ef653222ca38bbacbff38251a836f8fd0705c9e734f547d89b5b0 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:8d552361c11a65c87f2118e14bd4fb35b3a3191bb3ae6b4877e4d6a8ee7a221956f4 +Output = 4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 +Ctrl.data = hexdata:144f8d45a013c35156c2337c3ed5e888d19f9d52372e95e1d25b908cee682b6637ee17d627badaed40c8782e41790c52 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = b6aeb75145d044afb9091680cc3e1c94e0ad92994f5986e5cfb0441d12bad5be3727b6d41e16a395704fd30e4a04f28a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 +Ctrl.data = hexdata:144f8d45a013c35156c2337c3ed5e888d19f9d52372e95e1d25b908cee682b6637ee17d627badaed40c8782e41790c52 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 9eaa4fb09fb6cd5c94c0ead11d065c0fe846bad38098b9afaa258682e3f9ab0a6f2c14fedec5a9733d08814ce2c9484f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 +Ctrl.data = hexdata:40912a3cdc9623d86e6db201b56afe6a354335d9635b1c2478db75bb4a83554b3aef392205d0f226485db014ac22ad3b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 3edeed16646bfd7c54b088155f2fb9ecab99cc7db84f8c1a3db0cf0f6164d77e451dfaaab26f0b65c9cf88726aa84c90 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 +Ctrl.data = hexdata:40912a3cdc9623d86e6db201b56afe6a354335d9635b1c2478db75bb4a83554b3aef392205d0f226485db014ac22ad3b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 3a74c1f904c563bdab90b0f5b5de4a444f0da7395df6fed82352af9233060904640d98dbad43dae0a99483d588d68ef0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 +Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = b4b6d860927ac8b40e25fe6b813c7ea70ef4568528cad8ab1ebdd4854bcc0fe3b28786592dfd964e67eba564b1c554ea + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 +Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 8cf769bed70425785e28d1e78129cd9eabef64327ebbd96ebaca547b0d28580f1db20ac110eef29d82ac40813f9a044b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 +Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 0aff8ca80517eb3391f25ad81a5eb9307637d352d07b5047190fc384ed1b536b52b0b25a8349d7c8bab3923cbe10f63c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 +Ctrl.data = hexdata:5ac100d7b27ab146f0eb4766005ce1b1b49ffc087991ccc06552c23076b009be34ec0523ed3c33836c6e4007de3e592d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = c68a76b70f6664359aed4a054ea30ce1f2e4a91b0fd99b1effc6969fd1d9be98a09f685e2aae7558a136185ab36e5e4f + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:2ebcb08306728f71249a9c9ca9d53115ba0fd2cc0b63bf690f9236b2516a47d0696d +Output = 38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 +Ctrl.data = hexdata:2a15af6fe2e7031563a612f2c99a05bacaff3c624238ef80d82e5af8579c169a40166d954f7784087bce56f39c26f55d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = f440521d6595c7177d167bb3516f896bf47d362ab140f55306b7da7a9df1fd936e0f619d0eb6806fc6d04437f1e86747 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 +Ctrl.data = hexdata:2a15af6fe2e7031563a612f2c99a05bacaff3c624238ef80d82e5af8579c169a40166d954f7784087bce56f39c26f55d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = cc9a09d1f6e7479fc48ac997d83f1a9af0d5301d10d8fab41bf0b29c1e464118e58dd7100f7633c0a59eeff50a5773ab + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 +Ctrl.data = hexdata:3fe1067b88b96241527495f4ac60cf866692da7dda56bd39e4cccb6d615dc64dff6f519d3d3112ff2cf6b6b728835da1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 86c7556537dad08499e20f9a424e0e1683af4a53617acb763881482b3f3cc78336246f81a1e5cc62cd699920eff0a9cb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 +Ctrl.data = hexdata:3fe1067b88b96241527495f4ac60cf866692da7dda56bd39e4cccb6d615dc64dff6f519d3d3112ff2cf6b6b728835da1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 67391f7c78f569458c5216784af513f5ea049e3d2b3a120fda04ec5d79b659067fc1f8bac821bfa65b8585c1d974919e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 +Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 96a17b111ac35dbb36ef4e581c96b4c6cae7e881adaf234c2455c1d8ad16089df1ad2e52141ef755b0476ccd618770fb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 +Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 98b00bc80a58a985dd722ee096df34e1be84f0bda2d57abe2b9f9c6852439805d0400e0f1b1647f38fdbe65f148ab708 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 +Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 8b1a1cbae365cbb11dc43033954694ed7d380c6ebb2e7be69a6919f89e0508769f8ef8428a86b0448e5e89f07a7f2337 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 +Ctrl.data = hexdata:7e9a0c28e3f74322aba45bd272aaa50dc6b980ac6df6264673123bbacd366cf4c34b4f21d9c4175f88ca66e00b51ed4e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 656905d7ea03b8b0d4b3205f8d6f8a0a94a38fb502f6cbd656856ea39ac1e56f6092a8cd4146bfccc34694cf933ccf5a + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f83d4d1b185c8048bf809417aff978f5a11e273f85f32b5d300023862311fb3d065c +Output = 34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 +Ctrl.data = hexdata:51ff1b75137890323881e92e02f181b4bebc57a83d99962716e288ebe9407c052d13ca2f05e480b8188ff159713f7e60 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = b1f6485f84452614abbc9747e660e6b55ecf118fce063aad511840adeb91c5f5fedc08098f5a74e41b6e5cf0ce23652a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 +Ctrl.data = hexdata:51ff1b75137890323881e92e02f181b4bebc57a83d99962716e288ebe9407c052d13ca2f05e480b8188ff159713f7e60 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 12025b376c8629f261864e978feeff98ab1a1212e84c88248159bea4187210c012059fad3758651b37861bc550f3c0be + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 +Ctrl.data = hexdata:f0b08322d42922a77fbf3e4830aacfb34a7bf85ac255ae7d1f39ee39f9b07c2a88bc5e41912c6a97d0f54996df663e04 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 6aabce40a3acc0e953db1cb8b21e47d4644e108324aa4058f9ca2703da1c4500f78ad47287a441d13dbe1f5a98a97887 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 +Ctrl.data = hexdata:f0b08322d42922a77fbf3e4830aacfb34a7bf85ac255ae7d1f39ee39f9b07c2a88bc5e41912c6a97d0f54996df663e04 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 4d0f32ce9a86530a1f9cad218be9f38ecbd50f1deb30bf42b450e93bce059a98d25c1be9d918f6b1ca9ddcacdd9b4db8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 +Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = cf3a30ab60be054d04ff82fd94bb296403a1f51b630ba13df261acea3a648f19f32777b2ad568c084c317401af7e6201 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 +Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 86b6f7a7a937a30a1ef165da03141270f40f9b8bdb84bed8ca200984b7415e2f5ab2eb663a8ea4f70d4c5613318c4d7c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 +Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = cf6b0c13f121942acd855da7f2658dfdc59c816290664f7e8c8750d38d961a87e663e6c59f5b89b8477738eeaa76dc40 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 +Ctrl.data = hexdata:8b958cce832b7cb2381a90cf82ebd72ee8a89cd804ffde338e707603ce544db3a11cd9afa317751b48d959c750047d88 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = c947b9b68f77e4aef96ab3fe06f9214fecc7f6344b3558bfdd40dd3e6bbfcfe69cf0420f7a24998d8d387b6f85683038 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:042e669b52a5e563597e050b84755a685dfc62dba6a393af0aa1cb4047c2ae7442ee +Output = 4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa +Ctrl.data = hexdata:fe13fda946943a323e2c160b7cda76454ce96bf0e51456311d0ce4ca484145bf1b00b8f7d692fa3bd1dacce0bee4e020 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 1779cfae5a472401c6df4971092f9e915b97d6dcf29e142dfbacff9c1781a8b8626d38296d7599a0de57593f3a7f7572 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa +Ctrl.data = hexdata:fe13fda946943a323e2c160b7cda76454ce96bf0e51456311d0ce4ca484145bf1b00b8f7d692fa3bd1dacce0bee4e020 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 337022f95da2b5ced71d41e35fd4d63c44270af18c51df8abd54943ec5a583a95b218fcce741384b826e3c0f3b34cb45 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 +Ctrl.data = hexdata:a0bf8b6062a2de56aaab2b97e77f15bafc340bdb2b32e868959858d9e4b8b2da264aca4e7d16f6a58b14f6c4b42f97d4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 83272868aa2517b5163422b3b93b0f97a34541b27ce5a771f702b9ae088fd73eab282db646f23d5ce499de0f0503b95d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 +Ctrl.data = hexdata:a0bf8b6062a2de56aaab2b97e77f15bafc340bdb2b32e868959858d9e4b8b2da264aca4e7d16f6a58b14f6c4b42f97d4 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = d4a42d79131a720358da9f9a8a4b56684f127f8e2cd0bb03b4fd23e519924696062d1288fb416ec0fa90530fef576dc4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 +Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = b85370eea397bbff07af997282e64d95d16bab298a884b0e076174f2c1731371100e219c9ebe0395786c7571bdb1250f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 +Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 058fcbc86aee05c1611daa116d823e4cbc90806048bc7c06818dc93f5a7cb88ffc556107da7cfdfd36322bdb46bac809 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 +Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 8ed866879bdaa4df92512530bc5ae51fee9fa014a128296cc4fc160650ac76977f2a8c2f9531e0ad492fec186c980ef9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 +Ctrl.data = hexdata:57551aa889d3bd4633864a9975afbd649baffaa5608d3d3cdd7cb594f72de6af9b08f9b8fe0eb961275b07701a5dfef7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 6d74d0e7f3add328e3197f3e3b0fb77db4557347aaf8cc0eb826ad3cf31aa2144f52d15008c6d40dc077ab8a50557757 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:902e0cb930aa412f9ed919bb03ce94ffca2c0f59f0ab5e66695f65497162c41dfc2f +Output = a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a +Ctrl.data = hexdata:a67f985ae3cb2f7ea12ecf1c3f7175226d34899ea48003633321697301a2fa788e92673fa9a9538c8f992f0ef0885728 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = bd808dca2c7c0412abd5a747fb5fe5a1c644b43d8a8826fe11d48703448b38b9b6fe43f11241aef154fbd5e5e83e302d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a +Ctrl.data = hexdata:a67f985ae3cb2f7ea12ecf1c3f7175226d34899ea48003633321697301a2fa788e92673fa9a9538c8f992f0ef0885728 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 19d1b4c9130572d7d4c5a8a81bfdde492455b63b2124f01c16d3b92a41467b2a58a63e1df7eeb85642dcb1591ae6c697 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 +Ctrl.data = hexdata:19bc6495e6322bf29e75002f1b519a95ca18790d13ed9473ee3805ea634047540a1c16eaa1713e60e38841431f7070fc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 0a64d745563e72ffe3e5f7d1ad095cff283c0febc529ae317ae67ef0b5ed763f2749a1ccf932966eb13c7ea8916441f4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 +Ctrl.data = hexdata:19bc6495e6322bf29e75002f1b519a95ca18790d13ed9473ee3805ea634047540a1c16eaa1713e60e38841431f7070fc +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 83136fc401f35789959110b7263dd754353aa97c8b9a0072f415220d86b92e9ab2d1020c18f605a9b367ac4940bebc9c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 +Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = bf77e676173422a783ffde07e076541385aee04b82a6e3f26ea7249587b3596f68262e4c3ed4e6d56dfd75ed39512989 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 +Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 31f8accd9f0f923c8b9f413840bd5f4a60b5693773022b78a25802e0e68f7ae33314dfc25ff2b1a1f32490df80c9e185 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 +Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 488b7e09c0565137f22008362e7a4505f23ff1b24b0565322a11b6f4d3e1af7f06b8efdae18d74a7adee4e1e9753185c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 +Ctrl.data = hexdata:b8e14051b4e84bc66bd65601ed6b2e57e469e167e277e8c30c93bc52a6e836abad9b7ac6a81ecbd47ee9917a14154a2b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = e1f85e642615ceef410c6112339627607d3d1920ba168f5b10fed1a13a468401253df07323b826f156f0997bc584a937 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:ce2820a53357bc83ebd26b54d8ad48f4137f914034368dc705bfe852c2d87553 +Output = 1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec +Ctrl.data = hexdata:ee61912f8d2cb51a3458a799af5c31a8ea4b2f9585fa63e71447289b3b6c6d979663580e6b115a652fed485c30cc535d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 53e8283806255b6eb3d1958fcf2b50d68e3226aab14b0fbd88529d6bfc6dcc88f90767aed25ba81baffa94e199ce8124 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec +Ctrl.data = hexdata:ee61912f8d2cb51a3458a799af5c31a8ea4b2f9585fa63e71447289b3b6c6d979663580e6b115a652fed485c30cc535d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = dcc274d12f153c7c23e02e5dfbafe90a65021a8100e09c891b790ea36092d6f694569fa5522ca823a7a6a026d25dd9b2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a65f8b90963feda2e77ac0d6c33dc068a9f7eb4ec9878de9a002fbb90ca7d23c +Ctrl.salt = hexsalt:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a +Ctrl.data = hexdata:0558822667fc051cb1864843b24c06eeb65c70754f56752808e33cf87ec64f9bffce395784df9940157b50bf01c11a1b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 5e9bf5910954eabc3a4c659be466cd4b66252685a8f4daf2afc414568420613f0bc4d0269e0edf266aa9faa70761840b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a +Ctrl.data = hexdata:0558822667fc051cb1864843b24c06eeb65c70754f56752808e33cf87ec64f9bffce395784df9940157b50bf01c11a1b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = d296e0b7ba4f6eb7257cdfe9ed87618cc116a192f24cc8a5226edb2cd9cde893f7478c94e8d0dba9d9326dd674955bf4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae +Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 0e3cfd61b1e5ce95dc37b01c872d90855ccebb98bd56702b1ec337163e63e3b133a9a6c7847a1d421776ccbdcae6a01f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae +Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = d113ea4f795fd94788b782922c31c3dd1195287564a073590e17a61599da729c7f3a01aa777b1071f6cff7b69cadcf32 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae +Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 43943f7395babfbe3b327d5e9784e2082936189226af39b21b030e3e8c8244ee6aa4cc1e047df7a329793421c3006bc1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae +Ctrl.data = hexdata:755c319f41259c93dd83f3a3003f8d5c6e56e3cc486bfff5f636b5f97fadc8470271ef3e209501ec48a872f3ca16f84e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 6ad0e35cbf134d62e1ae57ba07288d0ce4774c0d2ca6faf06d8f18b3f2c290c6225be4f4a8df2016de2c0ccf63525ed3 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:8bb4a1a37dcb14ff5b57c922a13dc730a745392240ce43df80b23e67aae5bc86 +Output = d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 +Ctrl.data = hexdata:7bd8dc442c15b7cccc4a88aa2346f7e1434c0043ccd7075ec8b049bfa40c2b9b8882dfed654d762ef01cdf4bf55002e3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 7115918823a35c8ee8985966dfddc5be483db4029047296b3ddeb5c884712b5ddf27152a7f71e82a91e1420c7e4c25e8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 +Ctrl.data = hexdata:7bd8dc442c15b7cccc4a88aa2346f7e1434c0043ccd7075ec8b049bfa40c2b9b8882dfed654d762ef01cdf4bf55002e3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 3122eaea9244f61a733e2370e0689a47491e28ce3a2062224f0a8021f05eb5da22a5558dd7edcaf04821e483f84b5ba1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:3edd347353ab8965bdb38e823004df6824a653329946620417a1857d56900efc +Ctrl.salt = hexsalt:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff +Ctrl.data = hexdata:29cfd57bd578514558e2e168e4c665759eded30d761e14d3cbc2123c2f38c63380e5f4a0d8c5895ab58f7af7bb16fbaa +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 2a795383e320e478b78f195b5f5b7477dfea13bb23da34eebae22dd12857ed33757486a9fc237d8a37ac1c09feb07bd9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff +Ctrl.data = hexdata:29cfd57bd578514558e2e168e4c665759eded30d761e14d3cbc2123c2f38c63380e5f4a0d8c5895ab58f7af7bb16fbaa +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = a51643b6c42b43f517e002decaf41823a10b717d525d55ed6996ef1ccff055c75218dec36815473fa5289c85bb301019 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e +Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 3ac8206a7f9e819c76ddd72bcd07397f64d9f698c4d75ec1d8ef610e9027c462d2cadf55d227a8c7b4eb63ab2012e827 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e +Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 691e1db0137f5a54d4f51a8d6c2a89ebbbb0000cf81ddd5d08682416db9f48309d6b19819ba07e1860e34edecee4e23d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e +Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 5c32c8fcb2e90cdfd5d86cef427b828fc162371236b3e39c4812deda4038cdbbb4bde6859a502f54acfb482666fd4295 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e +Ctrl.data = hexdata:b21112193c9c5604a544f95c0325d94041ec595f46a9a4cbba0a8c72501ac72ad8ed1d8fb17f82e0b288144d6f0f1d53 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 77538d76ba22a23215ee93ef07f542f7a7bc43f77af5da3395688f8b8d81afa2c47952db8a0f2da2435d3e340411b0f7 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:def2b619233e04b1dfe39ef92ae061791a84974c71921819697f86a255342b38 +Output = de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 +Ctrl.data = hexdata:705c00dd0ad91ec54a86e311ef7931ad61d6b14c2c75411e95d7f3a80a21cc2b5a19b396e1147bf56dd3ee10dcf18d37 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = e539e7e8b3a065a4a40ffc7e8c8c70eedaccf7fa14a28b18503865805f7590ae7e9c550fae2d493d932a85e9fbe18f22 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 +Ctrl.data = hexdata:705c00dd0ad91ec54a86e311ef7931ad61d6b14c2c75411e95d7f3a80a21cc2b5a19b396e1147bf56dd3ee10dcf18d37 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 418e41f54f7fead42d623e9f40be68812fefa50c19b4cf4268b2dd4bd206414597d0af720242f1667cf4cdce325bb3f6 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:63505c479ea4544899a17a09ac19abc706d3ac60126d3239d19710926184a6d9 +Ctrl.salt = hexsalt:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 +Ctrl.data = hexdata:0000487cdfa6107c6b08d4d64e353585b30bc45414b7f5066e4c8dd6c9a80d3c9d5c204d664f4e43fa0842a462f4faab +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = f0f2c238ef72dff22e63bc018c41a1061fb8ca7755ac416ba3df5e8280faa21c84c07a8f0ac9f1ee6e50a6e56fa39377 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 +Ctrl.data = hexdata:0000487cdfa6107c6b08d4d64e353585b30bc45414b7f5066e4c8dd6c9a80d3c9d5c204d664f4e43fa0842a462f4faab +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 718cf52c40760e4ec4455b42ba829b7decbe1d6e89e36e74b86e09df090ad2a2f9ad7cf896317cb4803e332a828c9aa9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 +Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 333d43099efea0bb1c294fe4a34660bf4534f0af983c31723044363b6bbecccdba09d9702234db04534dee31a4ed0ab1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 +Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 68f85f1e025f9d3924be5327ce57b9abc4b7a078c20fa0ea513e7996af69723cece7ffa748f6034a66be7eae5e18068d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 +Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 2f71d6f423bd523b8a94e2ccc9f653a63594dfa030fdaa3796540075035f73bbe2d89f85af2de61462c22104c03ffa87 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 +Ctrl.data = hexdata:ba106fffdb82b75330da7132de828b1b032fad4878c7ab70acdffa4a76163ecdec8d25202715b78901e87a910f7e3b34 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 202803c8237412f20263b428932afcb5d8a7dcdd7fa147ea2af95a7dd091bf0d79686a6710f572bc868d2f533a488a6f + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a357ab62ad6eaf90426fe7a2cee0659583acbe423a17771690895b26aefd62a8 +Output = c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d +Ctrl.data = hexdata:ab0bb35f9586beaf843e44af363e8e0c49cc9820f063cefb1f8e20191bec2b3558fd51760dec17bbc299bf205292e549 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 40093dc6b48667da9b412bf718217bf25b4405a4d1c759af797c78ae25443def12be155d1954edd4216cf62a422fa4cf + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d +Ctrl.data = hexdata:ab0bb35f9586beaf843e44af363e8e0c49cc9820f063cefb1f8e20191bec2b3558fd51760dec17bbc299bf205292e549 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 0b4f7ee9c8801b7cdbfbe064322d4879272b730e395b9c7e2bf8a07f99b101dc37687b993e4519d0d0ec607823c2a118 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6b2ddbec771dbaf2c1de74c1de6f4ca391de63011ef8a5bd05c7fa716ee02cd1 +Ctrl.salt = hexsalt:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 +Ctrl.data = hexdata:671f55d398118eab16f4a2a87970615a7b37aa47b9fd935945a9a6da724c1f27dc4eefb2b123cbdee091c26985f81b7d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = dd489530beb209f2562b86413baabdbc052b2024ab7fb70a31e5e0e65f9c959034a6889f8b042c005ac132c879c40dc7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 +Ctrl.data = hexdata:671f55d398118eab16f4a2a87970615a7b37aa47b9fd935945a9a6da724c1f27dc4eefb2b123cbdee091c26985f81b7d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 973c20837584cb79bd35bcfbe34d3eafd36e5280f7547d92b794c446bf578be38688f734eed942ae8c1de6864af496e4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 +Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 763af37257c1d8fc3620127669c779ec2cb8433e4108ff797f71fec1e90364a0ee0ad9c272308ea8951866c44cb7ac0a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 +Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 3f1f4aaf11b3b30b5d76fcd077900a5dabdad92980bed0f3f0de6495c9ccf2c58aea08f7745b7b6c0cc3829b048c89de + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 +Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = f5fb64671edfb74aa85a061cd845945a93281d09badfcdca81a3f29bce743fa784536c8a259b9c7af667f783554a9700 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 +Ctrl.data = hexdata:629e6112e7d0812e590a7b0dabc0a72b5a8539df1ca809a5f6ea8fe3ff35caf5a2bf0761232d97f0331e65f8ef2f28f5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 984e97a983945c49ac2f6482855771f514688d8dafe4e8a4d4438f90aa3a76dae0fa027ffb189d736ce13a9bd64c9d7f + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:02a241afe7072dc28fddc66987e22a710a5f2c3460766d55d5af58d549bd8f21 +Output = ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 +Ctrl.data = hexdata:a911360d1d4f3bbd671908701106913fd281436de65cc2b9645e2cdccd31452cde589ccbbe41d926d3b82d468c2e812d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 93c085d9eb42edcb69274adc8c04fd4ee074672c99c1e44ff7ce4f0b3c3c0d56875845d2b148ebd1558547141cd35200 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 +Ctrl.data = hexdata:a911360d1d4f3bbd671908701106913fd281436de65cc2b9645e2cdccd31452cde589ccbbe41d926d3b82d468c2e812d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 0a5265d6097424d190572a4c7110f43097ea10056af875f74be4f02b82adf1de4dc7b90423e550bb0f0100ca2f0fcda5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:1426c851a7872eb25a197b7e58410871f0760e81345e67a1ffb6459f7b621f05 +Ctrl.salt = hexsalt:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 +Ctrl.data = hexdata:5492f38f35ca8254b8b50e45dba0f9eca6e5b4fd1275d80984e67cbc4c3377f1ed734c46a1a53fd774f9d10de7cb8186 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 13d2a5aa1e375e769e4062d829c0df66a8138357e460adbfe859fcd09252dec37e93076a225b9aa51569f0a60960f425 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 +Ctrl.data = hexdata:5492f38f35ca8254b8b50e45dba0f9eca6e5b4fd1275d80984e67cbc4c3377f1ed734c46a1a53fd774f9d10de7cb8186 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 3c05d6e0733946fbb7fbbec7cfc6a1a647d8313c14ee7f3d0de15c29ad56cda0cdfa171a5b312cc7318c12a8fac80206 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc +Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = bfa7282e1e5e7396743994a1b7708bed617b20a2d1f8514e28e9322187e7afce7ea133881ecf305e0aeacbe972835ce1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc +Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 91eca687ecf6db1613aab6b8bc60b118a4e6e98b94afb48638efa00717451310cefa5a533867281b7624ecbdd7614deb + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc +Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 1b1e6b3a2e33d3616a5a41368993d80a7ff4ebfbd3973fa6bb6582a13bceb21f3085dd7b0a731bc03ea931dd668549f8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc +Ctrl.data = hexdata:4e14e5e218a29c7d70a83bb39b782d2c9ba5a2ba856e8963bacb4fc1aaa7d376e16175cbeb17634f90225a2f8483b2ed +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 50ceeded13db2c364b44c976d708b7fee57eec0998c85eacc05c2b0a3b4cafeda1642751f78530c433f689ee4a23d4e3 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:bb156178fd7d06e40789668fe93b4432d7e52c0294f11eb2f64c5bd24836115c7034b403a453976f51d699a348e64104 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 9bd2371a1c4e8850f6d52eadfd088cc380c8f76612fcde4ac4a6605a6ae5117820ebe108273f6533cdeea942bcb3ab6a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:bb156178fd7d06e40789668fe93b4432d7e52c0294f11eb2f64c5bd24836115c7034b403a453976f51d699a348e64104 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 71b365f40805bd7a810d704512c6f17110589d9585580324d9cfceff6f81f4eceb2128fa295f9b236fe5fee4629e1859 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:83945a53ffb26b51f21f69d75c414309e5155fa030723c1c38cffe89cb04edb6 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 +Ctrl.data = hexdata:00589f3587b9fd9e27cd4e411568bf56df30a6a0d969e88eec4944b5b442d2cd7188c1b11e78912824bf6f48db8dd30e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 20832548d9ca0fa619833e866639df7412ac7c3906e8076c6e4553a2e56fa8703b1727d64015cb6aad020e8b5d889a6b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 +Ctrl.data = hexdata:00589f3587b9fd9e27cd4e411568bf56df30a6a0d969e88eec4944b5b442d2cd7188c1b11e78912824bf6f48db8dd30e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = ab2f7ea9aaf2573370c6b46e929910cab6da6a0aebb236b337e5241e9c5226be3b423bfde3f06b34a7560d98885c8c54 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d +Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 2217a5a433ed108d3fda94ed78632222806baa2c3f16b0b95534760ae0bd7403d8f9d95f47888b2f2b0b080b3b046d5c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d +Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 3c32294e5dafebf41e4b45f2ff7f70b925c2ea78d1ab0d31f8cf813d7ac47b766809519cac70c5b3bba389e33a04e6f4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d +Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = f92f95ee85dadda7467b4a402c877c746d170a986a18ffe13a7263f11a74e4322d567ecca89d0e5dda4f624aac0101ba + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d +Ctrl.data = hexdata:4ad8bec778fc2c32c98470e27d4151126e2a215a32cdd2a688e47717e5fa7490b586d2c4fb54e0996417ccdf189fbe73 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 517a3f7ef3d51098512ba68b0066deed4a6f3f016d78949e79dadb1ab730beb84d556b31c8c1eb7d741cccfd12313049 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:ce8a273136c4c91b175a57e7b27eb2929a31e3410e9c5b8b7dfa442f5459e59222d6dbea6f1d0e5b7b8d8bcae28b58c9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = d3fc95dacd1c4ed05b0d0f11ea7128f309c7dc81ab7d732b7333d4e6347189923e44ee2a0b4047fcd502f7e74edef55d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:ce8a273136c4c91b175a57e7b27eb2929a31e3410e9c5b8b7dfa442f5459e59222d6dbea6f1d0e5b7b8d8bcae28b58c9 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = fa6c3df3027a0711fe712c3e43886eb56b0f26894a8203c5a1a3a7813977ccf6668ff1e2d94bca987e6fb169e6f47b85 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:d57947df07774b69399f726359860d5f20ab3b23c64446386c2370defcdc915e +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 +Ctrl.data = hexdata:9e7c01ccd11887a65a50be6bd9ca2263fe02a5fa483579d0e139faea00e920b12ef044fa1c3a29480217ccbba6fff0b8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = bfc1f429408ebc49b9ae80a36e1f354e695351c24c002fd96059763b06ac6db3c2169b4af955ac03dd431cd4aa5269f9 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 +Ctrl.data = hexdata:9e7c01ccd11887a65a50be6bd9ca2263fe02a5fa483579d0e139faea00e920b12ef044fa1c3a29480217ccbba6fff0b8 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 3ae6b72885417b225a3c4f92ebf8e3f7d33f968f44ec51edbdd628d867432adbdc672579d857bcc5a575a646e3622904 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab +Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = b48a4caac858a953f1b5f9019484fb4fea955b533865db740fbaf945392d3bac0d0f4038d2283e00838dcdbdbdf2d9b0 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab +Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = f54b230bd2fb82bdb0eefde4368177383e5d104ec4e6ab71ff129e356807737ed9d522d6014ac56bad4ae23cad76e8b7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab +Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = e9c305cafa53d3bb189013492fc6e40f01fd194304aea30fe73b8322161edf4a39e6530c3904cb5bd8fa8644ece55a2a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab +Ctrl.data = hexdata:5e28ee7474db3de8996894fb8285af4469349a0cc7cca47544b0b7c7663dd3ea7399ad26f054a75f4f0a9260447f4030 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = be0b885a296f266b0f50dc53f78b27ebac7292f627b3658bc4a95607529f5864d47e25c848363c0ab5dcd83193fd62cc + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:53c45ce0fa2644a0a532fc5e73272a655bca78e483d86e872c521cf5a0a75a34b9f546f4b9a56e8a2c3a52525b0ddcce +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 3e67e81d98d6a17439294130cb14383aeca788251a609bb97e7c2b81f53c195fb5f95a6133d014083b5e2c3a9d04c1e2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:53c45ce0fa2644a0a532fc5e73272a655bca78e483d86e872c521cf5a0a75a34b9f546f4b9a56e8a2c3a52525b0ddcce +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = d02ae01d3bb7e72d99f32ff7561e1243576bd37ea06b3c8a31e991c92b169f647541fa5eba74086891b6436489dae045 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:eaef8daa591f860e4e4693a39a01a246790c3e26c6545a9831a69550bbb87b91 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a +Ctrl.data = hexdata:16fd0b738388236a90949eb344161ae277b5851169ba636cc83614c0b88f800d69eca40d3a93a9b284ee9dacb1cc197c +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = e1f668956b8f85ffc5516b300c29f26d0af9a3403982dc75e3994a6a5cf105e891567737dcee9cfd48457c948059e411 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a +Ctrl.data = hexdata:16fd0b738388236a90949eb344161ae277b5851169ba636cc83614c0b88f800d69eca40d3a93a9b284ee9dacb1cc197c +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 852e3d5b12fadfbbf3defe048a14ac51401299d39c92e0c359b8ff9a3c34335d1d0bb6881b2c30435248c4fa341033e3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f +Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 307f12a3c070fb00f706a4bf6d7492d5b3c1e4eea713d14ab5d52324237eeb75f585b6b278df896614f64a9119e750fe + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f +Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = cf098b49f302e84c11aec463638b22ada6083de98e319903a934d114613084d6c162e4c8d26522ef8cdd45c515a7c74b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f +Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 9def86f445a25c8458ab71af0030fa4b1aa44858adb4875702ea521bd6cb2272fb6938b52bb3842963755bb0658ccad7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f +Ctrl.data = hexdata:80c10c6944df45bb77135b12af17738a5625802faf9c3fc22600f18969f147a141e94e131eca654ad86c491d1d98a9ec +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 7931cc9028395f8b1392e398358dffa95f2cea2804ddd3d1c0c477d6373fbd48be6c5e4d971d5707e0674a97c512cdba + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:4d4855b455ea510c22bd621486b43c6cd12d28af2c17cb0bfe7c5df2e94d56c9d1c43d591d39572018322cc8210ae12b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 2571b9bc3d01f14a1e509764092de227e2ab28b5faf70661bfcd79de6374367d4bf90ad6f3bc0f01e12b61ed4943f042 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:4d4855b455ea510c22bd621486b43c6cd12d28af2c17cb0bfe7c5df2e94d56c9d1c43d591d39572018322cc8210ae12b +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 09cd4219de326e48bdf79d2d88689877cff7941715bd37aa992e638eb8998a9b79dc689e11215c7681809205ed1eabff + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:aadfb50d4a29c09e7058dbaba4a90ea3a0aa37de17275c9b89176f442d6e4b06 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 +Ctrl.data = hexdata:81f8bb49b27cc25f4062ddee4794fc7e3c583dfbdf160eb9b4a39de5f7fdca2c83c8842ed18dc93db6b4556504a72291 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 21456e5662e2067c7beb09079a7e12e4b27a3721e3047571a87d2da45267dafd1c6af9d62d212d802ed69cd69ed63067 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 +Ctrl.data = hexdata:81f8bb49b27cc25f4062ddee4794fc7e3c583dfbdf160eb9b4a39de5f7fdca2c83c8842ed18dc93db6b4556504a72291 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = b2e69b45e4a926ce6895f59af91efd9b2edd0e5338452bd772247f432ca294380b6e494fd4e5321f013787036225b9ac + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 +Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 3b6af39d0f782e9e14102c259584a84e22b8f01cb8bcc474b7682d03f896905bb5080db4818fb2f5e036d48f8ff9f829 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 +Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = cf0d58f7bfc58fc46eb87dd8201b1ec59da4fe4fde9e864e295d5c1ca11a1c80cbda554637c8b244df0dde1f171408b1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 +Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 0585f4818b8203525986415b4a253901f80040cbd62bd081009b14788a01f71aa05ef9b38b2cc15eb09cdbba82e4381b + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 +Ctrl.data = hexdata:8fbf37769af8301a6d6067348b7b4d30b2da212dba16cd83f4bfd9da83964053c37eec6954ad77259ba77d69a074e13e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 74075af4eef3b6d0bd14ebcc1a30aa4800c426b197945dac99d359bf655e3f60facf22dc20bd7b835d9fce8054d5dbad + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:d43bb2adb7ad63a04e40fd5390e7cc7ba0ed8953c2cda92f4383ed8e3d2632a48dda67b9a54eee831ed7f2e2a9f99c5e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 0f76f5af5ab1ce245943313fdc5f78aca0277e27fae95fb12b57469d485bb6612b35b9795cfb8bbda734c8b5291dc35e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:d43bb2adb7ad63a04e40fd5390e7cc7ba0ed8953c2cda92f4383ed8e3d2632a48dda67b9a54eee831ed7f2e2a9f99c5e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 7d40656445a89b8a03a7ccaca413d9438d8a7b434812b6d141b2089464953accbc4cace5c124c3038a558d0b59e7915d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:ad2cfa585abc0d2ca5db71c0d1a765e78b59cda0cf3b5eab80731a99a951072b +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 +Ctrl.data = hexdata:73f2b0896bc0c24dde3b4f01b3285eed02f78633f1bd910ff5f9a331b6495d70d1fb06610a312f3a60d9f6a7a5f39690 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = ac3b6e92e1f973f82b29e283bfaccce9c5f4c16e2d885b49fbde0e537cdee5718377ea7117e0add2ab997a7c12357858 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 +Ctrl.data = hexdata:73f2b0896bc0c24dde3b4f01b3285eed02f78633f1bd910ff5f9a331b6495d70d1fb06610a312f3a60d9f6a7a5f39690 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 35127fae2fdfcfc744578ac51994e1d6140cb215cecc1172f052c2626a03edfc9c0b270326313272b1a7a82a45495cbf + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 +Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 006523da7c759a9664b0a29c6d4d6c3f24a5f1f0642874f6f260b3617514dc933703f8e21be3d79246511d6eb0602fa8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 +Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 56c42d1105ac8073316e6be3efd459539bf8c9fe8b55f24895d643f2d5a6e882a9334e7a3e8e7092072e62d6c67ba038 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 +Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 40c01edda9d1bb545623f56ddd05fd9c788b7eacd667bbb3916ae0d71c1235f3b8943fbedae9447b1c9492e2d5806f07 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 +Ctrl.data = hexdata:f782fce708c7fb5bf48303d42e38c4c3598b4c82e186b424cd2e6a4514a58da02a6e472e04981d9235a996fa82de748e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 6d2a9e1c4f7a07f51af877f2e301ddf37c2c7deae30947c53c076e7b20dd20dd137724f62706b35ba3dd02fe1bbc6771 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:07db069260fd2ea0cc174c1bbbb2b685d090ff14eb1a1e750a55e633ec6eae8d8eb30c38864b4c8cff92f8e14fba6deb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 0930f5fe2f1a7651534350db7cbf81a30d90d6acf11ee7054fb1fe03ba6f1657a5452f1e0c8aec106e682bf3ce319d9d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:07db069260fd2ea0cc174c1bbbb2b685d090ff14eb1a1e750a55e633ec6eae8d8eb30c38864b4c8cff92f8e14fba6deb +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 9a64292070a6ea9704cd7117bfcbe7c6378c9c63ed0c0f997cfb518db5f87ca1006e1eb374a3b9515138e9b39774218f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:371954308edaeefb9e4abddcfc514a9c812bb34dfbcfcb6cea1d2246a62427d5 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c +Ctrl.data = hexdata:50543ddbf93cb27df7d958cc31bc88a74e459bc19ad3a2454436618b5145ca1dbe921c164e8453194e94b79cf0b5a0d2 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 43d49b8255b120ed5e58ec8a6e8af25a9744bcf09f49385df6fc1568165241349fc546d4f0fb5c8024453b96df6dd2e1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c +Ctrl.data = hexdata:50543ddbf93cb27df7d958cc31bc88a74e459bc19ad3a2454436618b5145ca1dbe921c164e8453194e94b79cf0b5a0d2 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 3d9858bf41c9e22fc524227a645f3782fbee662c900b2fb1888427a72117ac0fb1e013162bff6bbaa3f5f1547eec7be2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 +Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 64477d25734889a7062ccd36d73e3ae3ce4a416efc4ca6e625b79052a1db24c285e34c8cdf31656c8323ab9ce44ad4df + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 +Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = e0036e688f3a556a15ffe19fe2795913d9f499ffd3919d9107ae062066b53f5395486bee26e8f9892616e2c99cced28d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 +Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 2c1f8cd1719ce51ff646c6fc92a5763ec5ff6902400dd012bf880087370033b00650ba4ae3b3681881d6cc591ed5641c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 +Ctrl.data = hexdata:43fbbfe6d001f7ac624624c609ba92441e04aa4c0fef40654b82e01b72a791e80618e175d22fe6b5ab5c178f7667e867 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = a2495c69d4cc3b35dbfee989ae9455415705935a77651a37385b67908eaed40c071208755018bec80a6c34bd64406710 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:e7b076d704091b4080952316270481f229c5e7bcffcecbe6eaa9c418230419dbd442fbfa6c89d12c8ba0090f89d90de5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = ad0645846c685bc37094123403a2a7f7caec78e687b185e1496f655d254f3bcffd04bc29e2b2dc04d8ec8e9f11ddfcf4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:e7b076d704091b4080952316270481f229c5e7bcffcecbe6eaa9c418230419dbd442fbfa6c89d12c8ba0090f89d90de5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = ba83f794ed25e29fe7aeff5b542457fc3e90e4c3acc980110ba95a2e4652afedb25787b265972892002369b894516231 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:0b8a848caaab3159494881a4dd372009485dafc170fc11648bfe829f9001dc63 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 +Ctrl.data = hexdata:7f892b8cb527cf479711cd127c69152c6ef32aae37a48b6e4160c04190adbc6b8bbaff775ab8edb59284d1c86d277755 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 3a3c7ba28192268cb293a348092bcda2d8b60428b3c3a0bb4317d0ed5a1111a3054f4aa514beb79e31121e91965e9e80 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 +Ctrl.data = hexdata:7f892b8cb527cf479711cd127c69152c6ef32aae37a48b6e4160c04190adbc6b8bbaff775ab8edb59284d1c86d277755 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 731e40db136f53384be606574f940d789c5be823c28727d46817b628ee9b836696d50d064298f89ee80d2adfc092ce72 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 +Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = cd593873f98049f9729edb4562ca7cc434142f633a098c0119be0931cdb78d084d3daa01d7a46526d1d2fc1b04b918b2 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 +Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = 38b5ff48b24cfd296919ecb290f774f02a56d247430c8cdb4615d1a4d9c80ae08fef8a4f5c06d1d566ce34dcbbd8f9c4 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 +Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 6a25ad33e7a00d1fd2336d16c00068e0ac0bdb155b2035248cd9c10c4d8f7806adc26a34fcefe4cf958351d8af04454e + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 +Ctrl.data = hexdata:377bd75f1a7f42975c10046c29884917dc101db1b42d0b56ae55f3fe64b19ad9b4538fb70d99cf4e48d23787538f1542 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 73b00fb31a4c8f1e2db8ae1dcab522b0db44b1cbee4c2bb79cf59df1818c516dbbc5f060c3235a2baab8b285c5947cfe + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:d12079d043237f25e320c42aa4f189e013b2301cd2cae46709b3fc236b1b55052948e90cd57dd3346974dabe61a0e28a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = bb79c15599851619e575397c9e10951c49c840f30ec15e3320f600be6eac5d899bc1236f170254ce292765e853cc0459 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:d12079d043237f25e320c42aa4f189e013b2301cd2cae46709b3fc236b1b55052948e90cd57dd3346974dabe61a0e28a +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 9acbe9f41e06ae8f628277e9bf5f3cc8bb35586ccc1be1e0ab73199c674e156a3d72940e77f6df3c8e07728bc9c75ff6 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ed65de5e19dae7c8ecbcfe1c85cedda4c0e0320bbfa863cf8f7123a45b7454b +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f +Ctrl.data = hexdata:99ffe011dc3a2f66aa5db47f4cbef2e2bf4619b4d25a830f859b13dbb1f8c1ae6007bf27616e9c45d8adae4d98c8e174 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 8097220d31a4dd82ceefcf40e805b314f9b7f25b246da9397a1417379e8ee08ee9f41dda7081945a7c1a6eb4a6a09296 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f +Ctrl.data = hexdata:99ffe011dc3a2f66aa5db47f4cbef2e2bf4619b4d25a830f859b13dbb1f8c1ae6007bf27616e9c45d8adae4d98c8e174 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 1fc2a842d11076c62432ddbc065a73c7a022d65cc382aefc74ebc07b95cff1dba2422cbd5ddf7e47ce9f9738c8deb5d1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 +Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 0eaef4e848bbd1927ff4263a9a6cf67ea1dd0c00af88cc00e31714387fe5706a2415fdc939a6167cbdc89fd9133ccca1 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 +Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = ed0cce2c375b1690d5940de879205a6c859cc81904c1f9da882ba559bfb8fbcd7b24b3a6f58947d21a8023aced8ae156 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 +Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 03f29110d0c506ff9306ef46b3ef76366fa5fc9e28f6aff85272bba972ba93590326b11677a4b9e5c320db84888a2b5d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 +Ctrl.data = hexdata:6c6c915c1256ed57209751aa4850daa7454819858a0fedb12c373a7037abc50c7b547cdfd32c33cb8f6138c088165e61 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 52abe73f22784e9e5af068f7f3ded581bc5950c1a0923a0ea47a3357f8bfcf7f071b3178ec320a91f82286a81bfa3c43 + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:3cf57a8d291350ce24d8633b603e2f0c515bc01c62540ad48a0abee30a49492cc3aa0e5a46fb514ea7af86f0ad0079f7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 40bff2dcbdee9a8b61f55017319943a546398712bb8a966ce898169d5802f49db9e5358a41ad2f2aef4897853267e92d + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:3cf57a8d291350ce24d8633b603e2f0c515bc01c62540ad48a0abee30a49492cc3aa0e5a46fb514ea7af86f0ad0079f7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = 954fb227097f71dcbd9acea908bcefab365bafeb4f0fbe1185511c75fa9d5cf935e2d9e3f0ac3a4327931a6cf0e142b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:1bfc5d5773f74aa53facc022cd186a00cabb76e156d2ea1abfb0f4889f4c129d +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 +Ctrl.data = hexdata:10bd98a2468a46f79b5e797a93e153d64cbaacc2b7b52fb62c492d695bd230c758fc290a504161f0f2372ead3f4eda2e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 31d469f1dc7fe92aa00eae4bc9ce3f625b00add7194bd40ed1e2ea8fc1ea653b458002ad4f7644e80c2dd9ad2c4930e3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 +Ctrl.data = hexdata:10bd98a2468a46f79b5e797a93e153d64cbaacc2b7b52fb62c492d695bd230c758fc290a504161f0f2372ead3f4eda2e +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 50a9866eff7c6875dff61dba25eab5d6fa4f73b4be5dd257fa6697f987c5fd2cd7e45c539939611f9255e99708a8763c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 +Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = 4e48ccc5baf9fef7faca6b6488554afecdfe95aafe1735ad7132dfca679a398cb292072a20b3d654e77d4f4088c3c442 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 +Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = b6216139c37365152a9212fd9c1c196722aed27e18f9e3d7b1e85b4a4c1138a1b1067b232047bb64b87b3f929678e920 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 +Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = e6613af88be1d9293810ab50aad497da17e5225f7b8a164101220eb6550a244400b4da5b452e9b9e1a23d97c0af675bd + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 +Ctrl.data = hexdata:f3344607473544b81c603c2e454a746a8a4be1c160de9e179d3a18d7992e8e81b26e614915194a49559a5af162266469 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = f736aaa47bf602b96fa971f98110c76919b88e460cb9e0dc6ed39135e204638b3c00ed9bc5e7e4f66c90339a515cc76e + +# New TLS 1.3 session starts here + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:1b49e91af94aa5b311518149a28aba1a0f22dfefb7e9cb1e38cae86451cbcebda3f94193398ae2b109831fc4ce3b6dfe +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = 9c5f3f76bd2ec1e2cce62de12f6502c3588e52585d1cb2d35d4b4ca80cb98acd77b545275fd1021118c41b13ec14faca + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.data = hexdata:1b49e91af94aa5b311518149a28aba1a0f22dfefb7e9cb1e38cae86451cbcebda3f94193398ae2b109831fc4ce3b6dfe +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6520657870206d6173746572 +Output = a4a4fe8b35f44a35be31b532937514de2f79a7fa0db63241463ec04be6eb2e56288d579af1160c12d5218e42c921cfb3 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:219eb41da6bbbe2f14de92589983c15c6b84119ce6c515f32d1850835d73e8d6 +Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 +Ctrl.data = hexdata:5b83ca74e83eacdda37b6a858e8bc05af8723e926ede3af9306a5d5057242b4cec28cfc092b31096ef52856ddec7d96d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632068732074726166666963 +Output = 9cd9027a2964c3b088f7f7b870b1fe8a490f08951228e28dbddd6fcece8871d4f76d087caf4eea780707d4094f7c6d3c + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 +Ctrl.data = hexdata:5b83ca74e83eacdda37b6a858e8bc05af8723e926ede3af9306a5d5057242b4cec28cfc092b31096ef52856ddec7d96d +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732068732074726166666963 +Output = 77e5a6b8b7f8ecd805953b2fe7a0e71ede9216d09a6d7f82aecc9bf30c60039c7571164d192f5a1df0a4960afe8cc0d8 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.salt = hexsalt:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = 6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 +Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:632061702074726166666963 +Output = be7f1f64963b74fff1aaecb5c9983692d1f2bb3dd71feeddd9f890eeda29d311793ded08b7bd9c4399e5bc20c5ec7d81 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 +Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:732061702074726166666963 +Output = eec520009350bd7c53c88bc30bb65e94bdb5a883dd386a454a557c457db49eb3d2725daaa7152fd893fd6367bff5c533 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 +Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:657870206d6173746572 +Output = 0c529fb71c21986c91c4f2d47b5502065ba9ac2ac65559f1db6e1a09b9b36b6f4cbed7bb347a690b5b23c76f77afc6b5 + +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-384 +Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 +Ctrl.data = hexdata:5371106674e76ed37b98539d231b84a663abe1818125034e91b2debc4280ba942381c0426e338d43951e5206a09f30d2 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:726573206d6173746572 +Output = 7eacca12e407d32a062bc0aabbcbc9d32953cd50b131fcc63d34e5a4b200347098001b6e43c28a68705edac3c967285b + +Title = TLS13-KDF bad mode test + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_AND_EXPAND +Ctrl.digest = digest:SHA256 +Result = KDF_CTRL_ERROR + From scan-admin at coverity.com Thu Aug 5 07:50:06 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 05 Aug 2021 07:50:06 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <610b982dc7073_d328b2b0865dfd99471678@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DkTQX_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGq-2FGL0MNcTrH-2BvkgKizJvE1BvRZCHgWZrpvBgkc00Qi0zoIQeQZXq-2FdZD-2FdH5D-2BfgPjMFfA7ZqDlnRI7hgKJ2HtoacVzHNsEG3VaPwAxT6TaA-2B3-2Bk2vjJQZ7AFzASd77y0wFb3NiVukBlBVVxPryJaNdJS74sQkTxRCIq385fGJkPMIsSs5ujbVzNTubPizpg-3D Build ID: 400829 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Thu Aug 5 07:58:08 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 05 Aug 2021 07:58:08 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <610b9a0ff20c3_d34f12b0865dfd9947166c@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DovSu_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF-2B9AORebFkYJRCqpwsmML4glCuU8dMQ0xS07gRuQ2X-2Ftk89JUKkKLzNw-2FbDLYtMwKTEuwY0p7U9wtOXXF9mNNsiKmq4I2ve9s1clsrBau30vWSk8xvmb68KZPoyhjULcW27jO2smJelGdmVbaL4fiPv8wF-2BdAsDeVT7t74GIlvSnA3sN8U2l25BRnvtg9bIWs-3D Build ID: 400830 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Thu Aug 5 08:15:57 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 05 Aug 2021 08:15:57 +0000 Subject: [openssl] master update Message-ID: <1628151357.026102.1792.nullmailer@dev.openssl.org> The branch master has been updated via 46d51520319b8e4220b203c517b1232cf33a579f (commit) via 5cdeb99f9c8ab0ee5a4b17c677fc054f5acc0b2c (commit) from d209fc6cce47be332ca10dbef1ada8077a22fb38 (commit) - Log ----------------------------------------------------------------- commit 46d51520319b8e4220b203c517b1232cf33a579f Author: Pauli Date: Thu Aug 5 09:25:56 2021 +1000 test: add -macopt hexkey: to dgst command tests Comparison checksum generated using 1.1.1f. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16212) commit 5cdeb99f9c8ab0ee5a4b17c677fc054f5acc0b2c Author: Pauli Date: Wed Aug 4 13:30:44 2021 +1000 ctrls: add missing control string translation for key -> priv for HMAC Fixes #16200 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16212) ----------------------------------------------------------------------- Summary of changes: crypto/evp/ctrl_params_translate.c | 2 +- test/recipes/20-test_dgst.t | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 4ea17380af..a441c1f4b7 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -2221,7 +2221,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = { EVP_PKEY_CTRL_CIPHER, NULL, NULL, OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher }, { SET, -1, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, NULL, NULL, + EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey", OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index d64d810edd..5af74aec2a 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -17,7 +17,7 @@ use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 8; +plan tests => 9; sub tsignverify { my $testtext = shift; @@ -131,6 +131,21 @@ subtest "HMAC generation with `dgst` CLI, default digest" => sub { "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); }; +subtest "HMAC generation with `dgst` CLI, key via option" => sub { + plan tests => 2; + + my $testdata = srctop_file('test', 'data.bin'); + #HMAC the data twice to check consistency + my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac', + '-macopt', 'hexkey:FFFF', + $testdata, $testdata]), capture => 1); + chomp(@hmacdata); + my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= b6727b7bb251dfa65846e0a8223bdd57d244aa6d7e312cb906d8e21f2dee3a57/; + ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)"); + ok($hmacdata[1] =~ $expected, + "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); +}; + subtest "Custom length XOF digest generation with `dgst` CLI" => sub { plan tests => 2; From beldmit at gmail.com Thu Aug 5 10:27:39 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 05 Aug 2021 10:27:39 +0000 Subject: [openssl] master update Message-ID: <1628159259.497964.18872.nullmailer@dev.openssl.org> The branch master has been updated via 3d4ca443b4778e3230ff23f17625f58f815a9142 (commit) from 46d51520319b8e4220b203c517b1232cf33a579f (commit) - Log ----------------------------------------------------------------- commit 3d4ca443b4778e3230ff23f17625f58f815a9142 Author: Billy Brumley Date: Wed Aug 4 10:45:52 2021 +0300 [doc/man3] documentation: BN_cmp manpage updates Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16214) ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_cmp.pod | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/doc/man3/BN_cmp.pod b/doc/man3/BN_cmp.pod index da4e1fe8b8..f302818f21 100644 --- a/doc/man3/BN_cmp.pod +++ b/doc/man3/BN_cmp.pod @@ -2,42 +2,47 @@ =head1 NAME -BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions =head1 SYNOPSIS #include - int BN_cmp(BIGNUM *a, BIGNUM *b); - int BN_ucmp(BIGNUM *a, BIGNUM *b); + int BN_cmp(const BIGNUM *a, const BIGNUM *b); + int BN_ucmp(const BIGNUM *a, const BIGNUM *b); - int BN_is_zero(BIGNUM *a); - int BN_is_one(BIGNUM *a); - int BN_is_word(BIGNUM *a, BN_ULONG w); - int BN_is_odd(BIGNUM *a); + int BN_is_zero(const BIGNUM *a); + int BN_is_one(const BIGNUM *a); + int BN_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_is_odd(const BIGNUM *a); =head1 DESCRIPTION -BN_cmp() compares the numbers B and B. BN_ucmp() compares their +BN_cmp() compares the numbers I and I. BN_ucmp() compares their absolute values. -BN_is_zero(), BN_is_one() and BN_is_word() test if B equals 0, 1, -or B respectively. BN_is_odd() tests if a is odd. - -BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. +BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if +I equals 0, 1, I, or EIE respectively. +BN_is_odd() tests if I is odd. =head1 RETURN VALUES -BN_cmp() returns -1 if B E B, 0 if B == B and 1 if -B E B. BN_ucmp() is the same using the absolute values -of B and B. +BN_cmp() returns -1 if I E I, 0 if I == I and 1 if +I E I. BN_ucmp() is the same using the absolute values +of I and I. + +BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and +BN_is_odd() return 1 if the condition is true, 0 otherwise. + +=head1 HISTORY -BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if -the condition is true, 0 otherwise. +Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(), +BN_abs_is_word() and BN_is_odd() were macros. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy From beldmit at gmail.com Thu Aug 5 10:29:28 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 05 Aug 2021 10:29:28 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1628159368.179128.22054.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5b31b9df7f89d2c2cb935c5e50a912cd048c07c9 (commit) from ba4c89a9700ff07cecde90248707056292bf36d1 (commit) - Log ----------------------------------------------------------------- commit 5b31b9df7f89d2c2cb935c5e50a912cd048c07c9 Author: Billy Brumley Date: Wed Aug 4 10:45:52 2021 +0300 [doc/man3] documentation: BN_cmp manpage updates Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16214) (cherry picked from commit 3d4ca443b4778e3230ff23f17625f58f815a9142) ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_cmp.pod | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/doc/man3/BN_cmp.pod b/doc/man3/BN_cmp.pod index 95d162ff29..261619c512 100644 --- a/doc/man3/BN_cmp.pod +++ b/doc/man3/BN_cmp.pod @@ -2,42 +2,47 @@ =head1 NAME -BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions =head1 SYNOPSIS #include - int BN_cmp(BIGNUM *a, BIGNUM *b); - int BN_ucmp(BIGNUM *a, BIGNUM *b); + int BN_cmp(const BIGNUM *a, const BIGNUM *b); + int BN_ucmp(const BIGNUM *a, const BIGNUM *b); - int BN_is_zero(BIGNUM *a); - int BN_is_one(BIGNUM *a); - int BN_is_word(BIGNUM *a, BN_ULONG w); - int BN_is_odd(BIGNUM *a); + int BN_is_zero(const BIGNUM *a); + int BN_is_one(const BIGNUM *a); + int BN_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_is_odd(const BIGNUM *a); =head1 DESCRIPTION -BN_cmp() compares the numbers B and B. BN_ucmp() compares their +BN_cmp() compares the numbers I and I. BN_ucmp() compares their absolute values. -BN_is_zero(), BN_is_one() and BN_is_word() test if B equals 0, 1, -or B respectively. BN_is_odd() tests if a is odd. - -BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. +BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if +I equals 0, 1, I, or EIE respectively. +BN_is_odd() tests if I is odd. =head1 RETURN VALUES -BN_cmp() returns -1 if B E B, 0 if B == B and 1 if -B E B. BN_ucmp() is the same using the absolute values -of B and B. +BN_cmp() returns -1 if I E I, 0 if I == I and 1 if +I E I. BN_ucmp() is the same using the absolute values +of I and I. + +BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and +BN_is_odd() return 1 if the condition is true, 0 otherwise. + +=head1 HISTORY -BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if -the condition is true, 0 otherwise. +Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(), +BN_abs_is_word() and BN_is_odd() were macros. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy From tomas at openssl.org Thu Aug 5 10:50:01 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 05 Aug 2021 10:50:01 +0000 Subject: [openssl] master update Message-ID: <1628160601.152425.21773.nullmailer@dev.openssl.org> The branch master has been updated via 204323446e11d7062dc193e5e3986295925bd7b7 (commit) from 3d4ca443b4778e3230ff23f17625f58f815a9142 (commit) - Log ----------------------------------------------------------------- commit 204323446e11d7062dc193e5e3986295925bd7b7 Author: Tomas Mraz Date: Wed Aug 4 11:36:24 2021 +0200 req: Avoid segfault when -modulus is used Fixes #16196 Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16215) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 4 ++-- test/recipes/25-test_req.t | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/apps/req.c b/apps/req.c index 5524092f2c..a0ecda8225 100644 --- a/apps/req.c +++ b/apps/req.c @@ -996,8 +996,8 @@ int req_main(int argc, char **argv) if (EVP_PKEY_is_a(tpubkey, "RSA")) { BIGNUM *n = NULL; - /* Every RSA key has an 'n' */ - EVP_PKEY_get_bn_param(pkey, "n", &n); + if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n)) + goto end; BN_print(out, n); BN_free(n); } else { diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 084d70bca5..a405810ae2 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -78,7 +78,7 @@ subtest "generating alt certificate requests with RSA" => sub { subtest "generating certificate requests with RSA" => sub { - plan tests => 7; + plan tests => 8; SKIP: { skip "RSA is not supported by this OpenSSL build", 2 @@ -103,6 +103,11 @@ subtest "generating certificate requests with RSA" => sub { "-verify", "-in", "testreq-rsa.pem", "-noout"])), "Verifying signature on request"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-modulus", "-in", "testreq-rsa.pem", "-noout"])), + "Printing a modulus of the request key"); + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq_withattrs_pem.pem", "-utf8", From tomas at openssl.org Thu Aug 5 14:50:27 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 05 Aug 2021 14:50:27 +0000 Subject: [openssl] master update Message-ID: <1628175027.491175.12548.nullmailer@dev.openssl.org> The branch master has been updated via 37578dc02df99011c2a4c57ac06c49bd40829dc9 (commit) via f5c0f696193fa28741dfc08ab6b024cd07e38e5e (commit) from 204323446e11d7062dc193e5e3986295925bd7b7 (commit) - Log ----------------------------------------------------------------- commit 37578dc02df99011c2a4c57ac06c49bd40829dc9 Author: Tomas Mraz Date: Wed Aug 4 14:55:30 2021 +0200 cms: Fix handling of -rctform option Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16216) commit f5c0f696193fa28741dfc08ab6b024cd07e38e5e Author: Tomas Mraz Date: Wed Aug 4 14:51:49 2021 +0200 cms: Do not try to check binary format on stdin Fixes #16195 Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16216) ----------------------------------------------------------------------- Summary of changes: apps/cms.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index 58ce54e454..c22027e3b1 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -278,6 +278,8 @@ static void warn_binary(const char *file) unsigned char linebuf[1024], *cur, *end; int len; + if (file == NULL) + return; /* cannot give a warning for stdin input */ if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL) return; /* cannot give a proper warning since there is an error */ while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) { @@ -482,13 +484,9 @@ int cms_main(int argc, char **argv) rr_allorfirst = 1; break; case OPT_RCTFORM: - if (rctformat == FORMAT_ASN1) { - if (!opt_format(opt_arg(), - OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) - goto opthelp; - } else { - rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient"); - } + if (!opt_format(opt_arg(), + OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) + goto opthelp; break; case OPT_CERTFILE: certfile = opt_arg(); @@ -954,7 +952,7 @@ int cms_main(int argc, char **argv) goto end; } - rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient"); + rcms = load_content_info(rctformat, rctin, 0, NULL, "receipt"); if (rcms == NULL) goto end; } From pauli at openssl.org Thu Aug 5 23:24:49 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 05 Aug 2021 23:24:49 +0000 Subject: [openssl] master update Message-ID: <1628205889.748163.23383.nullmailer@dev.openssl.org> The branch master has been updated via 6ef8d2c69b3f0371d44d120bde41de25c4040a75 (commit) from 37578dc02df99011c2a4c57ac06c49bd40829dc9 (commit) - Log ----------------------------------------------------------------- commit 6ef8d2c69b3f0371d44d120bde41de25c4040a75 Author: Kelvin Lee Date: Thu Sep 10 15:58:13 2020 +1000 Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used. encode_key2text.c(689): error C4703: potentially uninitialized local pointer variable 'modulus_label' used encode_key2text.c(691): error C4703: potentially uninitialized local pointer variable 'exponent_label' used CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12845) ----------------------------------------------------------------------- Summary of changes: providers/implementations/encode_decode/encode_key2text.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index a1fc7ab498..f8f9712e96 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -633,8 +633,8 @@ static int rsa_to_text(BIO *out, const void *key, int selection) { const RSA *rsa = key; const char *type_label = "RSA key"; - const char *modulus_label; - const char *exponent_label; + const char *modulus_label = NULL; + const char *exponent_label = NULL; const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; STACK_OF(BIGNUM_const) *factors = NULL; STACK_OF(BIGNUM_const) *exps = NULL; From pauli at openssl.org Fri Aug 6 01:45:46 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 06 Aug 2021 01:45:46 +0000 Subject: [openssl] master update Message-ID: <1628214346.840598.27063.nullmailer@dev.openssl.org> The branch master has been updated via 3f15358c7974573c12b94b01cb53d23e3c568310 (commit) from 6ef8d2c69b3f0371d44d120bde41de25c4040a75 (commit) - Log ----------------------------------------------------------------- commit 3f15358c7974573c12b94b01cb53d23e3c568310 Author: Tomas Mraz Date: Wed Aug 4 19:27:48 2021 +0200 X509_STORE_CTX_get_error: Fix some minor documentation issues Original PR by Eric Valcik (https://github.com/openssl/openssl/pull/12302) Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16219) ----------------------------------------------------------------------- Summary of changes: doc/man3/X509_STORE_CTX_get_error.pod | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index 023025afca..04005f3ecd 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -142,7 +142,7 @@ The signature of the certificate is invalid. =item B -The signature of the certificate is invalid. +The signature of the CRL is invalid. =item B @@ -250,7 +250,6 @@ authority and subject key identifier mismatch> The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. -Not used as of OpenSSL 1.1.0. =item B @@ -258,14 +257,12 @@ authority and issuer serial number mismatch> The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. -Not used as of OpenSSL 1.1.0. =item B The current candidate issuer certificate was rejected because its C extension does not permit certificate signing. -Not used as of OpenSSL 1.1.0. =item B @@ -435,11 +432,11 @@ Returned by the verify callback to indicate OCSP verification failed. Returned by the verify callback to indicate that the certificate is not recognized by the OCSP responder. -=item B<509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key> +=item B The issuer certificate does not have a public key. -=item B +=item B The issuer's public key is not of the type required by the signature in the subject's certificate. From scan-admin at coverity.com Fri Aug 6 08:39:23 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 06 Aug 2021 08:39:23 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <610cf53aa2bbd_f0fb52ab71aa7d9a09402a@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DF19V_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHSziGPqnwj5OsZpEsrQfAZ9KB2r36hochSIWrE-2BHnJmNbdHlq-2FFmyoulmNw6QiZlKAhyLFoE-2BV-2BkzMqdckcojW7F5UjEaeSnpuWq2Q73jYv-2B3p4n-2F-2BeIL3fie4O0G-2ByyJqi-2BslDD6kbD6lK1SN49vrn41-2BbWxQNW835EDeAGo9veTOIAKERUDpI-2F1u88ZrwJk-3D Build ID: 401013 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Fri Aug 6 08:46:50 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 06 Aug 2021 08:46:50 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <610cf6f9bc040_f11f02ab71aa7d9a0940c@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DVK-G_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHYOEDfqB6ga-2BNnealfNPiKe6edUTBluq0CmKVIGPZR0rzqJ0jXXEAtqXdlESkAx3XntWQsfTw4ygKxb7oczB3tT5T708UmC3pPLIhatOrl8hV5S-2FTpfgyXX1gzEqQ4POkVWncmZIP0XwhQ5EAHy0S67zwO3etVs1oox3Bu4V72vzo4Fgu-2B1sPm8qj6IBJuY-2Fc-3D Build ID: 401014 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Fri Aug 6 10:32:21 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 06 Aug 2021 10:32:21 +0000 Subject: [openssl] master update Message-ID: <1628245941.956697.20026.nullmailer@dev.openssl.org> The branch master has been updated via 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415 (commit) via 1a9411a30b09a98498366979a1ea4898f70f6d19 (commit) via 8b9a13b43ba3d71e441fca47a52e800ce79b3d2b (commit) from 3f15358c7974573c12b94b01cb53d23e3c568310 (commit) - Log ----------------------------------------------------------------- commit 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415 Author: Amir Mohammadi Date: Wed Aug 4 09:44:29 2021 +0430 Fix test case for a2i_IPADDRESS Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16201) commit 1a9411a30b09a98498366979a1ea4898f70f6d19 Author: Christian Heimes Date: Sat Aug 15 20:01:49 2020 +0200 Test case for a2i_IPADDRESS Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores trailing data. See: https://github.com/openssl/openssl/issues/12649 See: https://bugs.python.org/issue41556 Signed-off-by: Christian Heimes Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16201) commit 8b9a13b43ba3d71e441fca47a52e800ce79b3d2b Author: Amir Mohammadi Date: Wed Aug 4 09:43:49 2021 +0430 Fix ipv4_from_asc behavior on invalid Ip addresses sscanf() call in ipv4_from_asc does not check that the string is terminated immediately after the last digit. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16201) ----------------------------------------------------------------------- Summary of changes: crypto/x509/v3_utl.c | 8 +++++-- test/x509_internal_test.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 255db422bd..77d5421349 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -1096,13 +1096,17 @@ int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc) static int ipv4_from_asc(unsigned char *v4, const char *in) { - int a0, a1, a2, a3; + const char *p; + int a0, a1, a2, a3, n; - if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) + if (sscanf(in, "%d.%d.%d.%d%n", &a0, &a1, &a2, &a3, &n) != 4) return 0; if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) return 0; + p = in + n; + if (!(*p == '\0' || ossl_isspace(*p))) + return 0; v4[0] = a0; v4[1] = a1; v4[2] = a2; diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index a17dfd9398..a63293d5ed 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -48,8 +48,63 @@ static int test_standard_exts(void) return good; } +typedef struct { + const char *ipasc; + const char *data; + int length; +} IP_TESTDATA; + +static IP_TESTDATA a2i_ipaddress_tests[] = { + {"127.0.0.1", "\x7f\x00\x00\x01", 4}, + {"1.2.3.4", "\x01\x02\x03\x04", 4}, + {"1.2.3.255", "\x01\x02\x03\xff", 4}, + {"1.2.3", NULL, 0}, + {"1.2.3 .4", NULL, 0}, + + {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, + {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16}, + {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16}, + {"1:1:1:1:1:1:1:1.test", NULL, 0}, + {":::1", NULL, 0}, + {"2001::123g", NULL, 0}, + + {"example.test", NULL, 0}, + {"", NULL, 0}, + + {"1.2.3.4 ", "\x01\x02\x03\x04", 4}, + {" 1.2.3.4", "\x01\x02\x03\x04", 4}, + {" 1.2.3.4 ", "\x01\x02\x03\x04", 4}, + {"1.2.3.4.example.test", NULL, 0}, +}; + + +static int test_a2i_ipaddress(int idx) +{ + int good = 1; + ASN1_OCTET_STRING *ip; + int len = a2i_ipaddress_tests[idx].length; + + ip = a2i_IPADDRESS(a2i_ipaddress_tests[idx].ipasc); + if (len == 0) { + if (!TEST_ptr_null(ip)) { + good = 0; + TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_tests[idx].ipasc); + } + } else { + if (!TEST_ptr(ip) + || !TEST_int_eq(ASN1_STRING_length(ip), len) + || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len, + a2i_ipaddress_tests[idx].data, len)) { + good = 0; + } + } + ASN1_OCTET_STRING_free(ip); + return good; +} + int setup_tests(void) { ADD_TEST(test_standard_exts); + ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests)); return 1; } From dev at ddvo.net Fri Aug 6 12:44:53 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 06 Aug 2021 12:44:53 +0000 Subject: [openssl] master update Message-ID: <1628253893.320110.7318.nullmailer@dev.openssl.org> The branch master has been updated via 08e9ff76001e8b3972c894e0c7cbc94b0d1efb63 (commit) from 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415 (commit) - Log ----------------------------------------------------------------- commit 08e9ff76001e8b3972c894e0c7cbc94b0d1efb63 Author: Dr. David von Oheimb Date: Thu Aug 5 11:19:07 2021 +0200 Fix CMP app TLS connection not respecting vpm options like -crl_check Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16225) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 7c9256ccb5..74c8cd71f1 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -871,7 +871,7 @@ static X509_STORE *load_trusted(char *input, int for_new_cert, const char *desc) if (X509_STORE_set1_param(ts, vpm /* may be NULL */) && (for_new_cert || truststore_set_host_etc(ts, NULL))) return ts; - BIO_printf(bio_err, "error setting verification parameters\n"); + BIO_printf(bio_err, "error setting verification parameters for %s\n", desc); OSSL_CMP_CTX_print_errors(cmp_ctx); X509_STORE_free(ts); return NULL; @@ -1193,13 +1193,10 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, return NULL; if (opt_tls_trusted != NULL) { - trust_store = load_certstore(opt_tls_trusted, opt_otherpass, - "trusted TLS certificates", vpm); + trust_store = load_trusted(opt_tls_trusted, 0, "trusted TLS certs"); if (trust_store == NULL) goto err; SSL_CTX_set_cert_store(ssl_ctx, trust_store); - /* for improved diagnostics on SSL_CTX_build_cert_chain() errors: */ - X509_STORE_set_verify_cb(trust_store, X509_STORE_CTX_print_verify_cb); } if (opt_tls_cert != NULL && opt_tls_key != NULL) { From tomas at openssl.org Fri Aug 6 15:32:22 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 06 Aug 2021 15:32:22 +0000 Subject: [openssl] master update Message-ID: <1628263942.711414.16135.nullmailer@dev.openssl.org> The branch master has been updated via c2b94c0a15254ad8cb28d07ed7793e975ae6736f (commit) from 08e9ff76001e8b3972c894e0c7cbc94b0d1efb63 (commit) - Log ----------------------------------------------------------------- commit c2b94c0a15254ad8cb28d07ed7793e975ae6736f Author: Tomas Mraz Date: Thu Aug 5 12:44:58 2021 +0200 Avoid freeing the conf lhashes in X509_V3_EXT*_add_conf Fixes #16226 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16227) ----------------------------------------------------------------------- Summary of changes: crypto/x509/v3_conf.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c index 9997595653..1c11d671b2 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -487,6 +487,7 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return NULL; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_nconf(ctmp, ctx, name, value); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -501,6 +502,7 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, return NULL; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -542,6 +544,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return 0; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -558,6 +561,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return 0; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -574,6 +578,7 @@ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return 0; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } From scan-admin at coverity.com Sat Aug 7 07:50:45 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 07 Aug 2021 07:50:45 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <610e3b5520ac5_10c7b42ad89e4bd9ac119e2@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DBM_N_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFFFou7UJYDNpxgSJK8AsOo2GSuhocNySde0T2jm1z35YlVTH-2BSqQNcsqzF8EXdMbtlAAdNz-2Bd2BNOrgXiF0uI9EPMThRgdFtKqDXZWHDUdJ8KL-2FapDGHJFXlGWGZrv9X-2FdruTXXNpk1RD-2Fj7cwpRQzXMh-2F56cdXw0zczqxjnSQrrDUcqDCLxG-2Fk-2BtqWsmAQ-2BI-3D Build ID: 401196 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sat Aug 7 07:53:17 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 07 Aug 2021 07:53:17 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <610e3becba04e_10c86f2ad89e4bd9ac1193c@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D94Uq_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFysq6IQ8xzMEoAfkApuiq26G-2FzOkVWCd6pgymxTac5Nw4Ci-2FD4vrimhlOR5XTBZZQRIwSLCbeI4uOVeDv49CVcleSuJp3sUz6-2FCG7R43KOkO0BBvDLqF1fTAuwR4Uznb-2Fc3-2FnoHZZV2Id6-2BOC29ZO5dS-2Beu-2B9W-2BV2UuoIB1hiXt9IN3xEZWgKiW6D-2BaejDILw-3D Build ID: 401197 Analysis Summary: New defects found: 0 Defects eliminated: 0 From pauli at openssl.org Sun Aug 8 03:56:28 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 08 Aug 2021 03:56:28 +0000 Subject: [openssl] master update Message-ID: <1628394988.732520.7186.nullmailer@dev.openssl.org> The branch master has been updated via 474294cb664c5ac5184b7fc1a3ef37214f1f2250 (commit) via 5e89262535715aba9ec362e34732e784f4f67936 (commit) from c2b94c0a15254ad8cb28d07ed7793e975ae6736f (commit) - Log ----------------------------------------------------------------- commit 474294cb664c5ac5184b7fc1a3ef37214f1f2250 Author: Pauli Date: Fri Aug 6 11:17:03 2021 +1000 doc: remove errant claim that these are not FIPS okay Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16239) commit 5e89262535715aba9ec362e34732e784f4f67936 Author: Pauli Date: Fri Aug 6 09:16:38 2021 +1000 doc: Fix ECX FIPS documentation Both Ed448 and Ed25519 were omitted from the signature list. X448 and X25519 were flagged as not FIPS valid which wasn't correct. Fixes #16234 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16239) ----------------------------------------------------------------------- Summary of changes: doc/man7/EVP_PKEY-X25519.pod | 2 -- doc/man7/OSSL_PROVIDER-FIPS.pod | 8 ++++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index fc7b4233d6..9e13e15f7f 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -13,8 +13,6 @@ implemented in OpenSSL's default and FIPS providers. These implementations support the associated key, containing the public key I and the private key I. -In the FIPS provider they are non-approved algorithms and do not have the -"fips=yes" property set. No additional parameters can be set during key generation. diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index f13e963a94..62e495aef1 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -116,12 +116,8 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item X25519, see L -This has the property "provider=fips,fips=no" - =item X448, see L -This has the property "provider=fips,fips=no" - =back =head2 Asymmetric Signature @@ -132,6 +128,10 @@ This has the property "provider=fips,fips=no" =item RSA, see L +=item X25519, see L + +=item X448, see L + =item HMAC, see L =item CMAC, see L From scan-admin at coverity.com Sun Aug 8 07:49:23 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 08 Aug 2021 07:49:23 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <610f8c8247186_128aa02ab2170b999431789@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DvHJ1_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH-2FSx-2F4hBsnivCjZBDgBY9vjnOCyh-2FZBSoLqsRvEthhwHsa8uZdiy8F5ruUNSWRE4qz7SaWTRryX-2BKloJBKIPLTiNCUfmj7VLFzTWBkV7aS4Rclw9-2BpBaED3kliWcXQkhWk8S-2FagsA1stfK09Hx7deY1Qkny9Qao-2FNZyFWMjroHi5gbNcpBv-2BhxHHppMa-2BunA0-3D Build ID: 401343 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Aug 8 07:52:54 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 08 Aug 2021 07:52:54 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <610f8d562324a_128bad2ab2170b9994317d0@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DH0wh_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHV1vOC63-2FLtoZqTGp9YpWw6cc5g13BUp724j6c81Do0QCU25UAa1TZiX8b9ZiSIO1-2BPC0-2FkobFkDY8EuOHLNYBIQ5-2Bv-2FQtFDdyU5kZ8Pv67Zvk0S1menUxrOWU-2B0iEGIJtlqgO9aVdvqu4xIgcPqY2Yj7jz4-2FyN4DQJLqWJdLxmTdmwBxgffPDm4JlNOU4J8Y-3D Build ID: 401344 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 9 07:49:55 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 09 Aug 2021 07:49:55 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6110de22448ee_144e772ac8565d3998390ad@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D-aXV_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEkFLp3GPJXDaZmjJ4kMdmVYO6vvbYVrHvwrxKjXeuIVQXwW0bsGyDx7PdzTf1X6ftUWUhc4xHc8-2Fcjb-2FdaR1b9IkI2s6uD3cH8u2IvHN5J2n7alB4FO8OloPwh5v-2BBIzbP5D04fZTokj8MpJ-2BISmpaLFI7Za8oSOSPk5-2FYuwT0DRliffSfV4SZAZUpup1y8M8-3D Build ID: 401496 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 9 07:52:11 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 09 Aug 2021 07:52:11 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6110deaaef1f6_144f3e2ac8565d39983907e@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DMRyw_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEaaTlL5iuKYPaXJ8OD0ftcnBHBg2Z6RNRINRd4ZOySbebq47ZFSPxnsaLOUTd-2BG7rm7Wy4StezHbv1SVg24TMvZCllnDXQ-2FJOEhLJK4GpME6s25Bu3F6-2FpOO9efhb9U9uY54Fjs7coSerfG-2BhfTEURJooD8JQeAdf2QN6Vlf3lfeMUHBCbUHkhyYxF5fpD2C0-3D Build ID: 401497 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Tue Aug 10 07:49:36 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 10 Aug 2021 07:49:36 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <61122f8fed705_1618672adab07279a45169e@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Dlp99_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH6Yn1DbIpQf383H8aO51r4CNWKPqYn-2Bfs7ypRUxwbSt75RUFY4WIoVoICQ8TXtdfGawboCbKHc21hf8dt4Fq-2BpyR4bV6C-2FIJcG3fRrz-2B7giud89VYp4YvDWG7-2BgwssImcqYFGGOR1ZTPv-2BX4M5BaZndnFsAJ9zBghI5dSCkMh1dycb2SRKfXodVdWf2aFkxE8-3D Build ID: 401658 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Tue Aug 10 07:57:09 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 10 Aug 2021 07:57:09 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6112315561c53_161b862adab07279a451615@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D6947_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFLJre9hqo2AaG0Qu9iEiPS0eWD3V6Na-2BmIX-2B-2F8XixgsfdQ1MnI2It-2Fmt9GDLYPHOwxTwrzey9Fw-2F3DfZGa-2BhOyiOzNZGNy65ch5jncKuLYvCWd8CM-2BJqZGWuBuDH13gvhgeUzqxYnmw0B5ACP3j4c-2F5mix98il33SOE13mo8Pw9W4oVshT4yQ8uEHrOgL5a10-3D Build ID: 401659 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Wed Aug 11 07:30:31 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 11 Aug 2021 07:30:31 +0000 Subject: [openssl] master update Message-ID: <1628667031.896387.21318.nullmailer@dev.openssl.org> The branch master has been updated via ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 (commit) from 474294cb664c5ac5184b7fc1a3ef37214f1f2250 (commit) - Log ----------------------------------------------------------------- commit ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 Author: David Bohman Date: Fri Aug 6 15:23:00 2021 -0700 MacOS: Add an include of The include is added before , as required by older releases of the macOS developer tools. Fixes #16248 CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16258) ----------------------------------------------------------------------- Summary of changes: providers/implementations/rands/seeding/rand_unix.c | 1 + 1 file changed, 1 insertion(+) diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index eab08a8150..5048383077 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -41,6 +41,7 @@ # include #endif #if defined(__APPLE__) +# include # include #endif From beldmit at gmail.com Wed Aug 11 07:48:37 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 11 Aug 2021 07:48:37 +0000 Subject: [openssl] master update Message-ID: <1628668117.929020.3571.nullmailer@dev.openssl.org> The branch master has been updated via b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 (commit) from ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 (commit) - Log ----------------------------------------------------------------- commit b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 Author: Dmitry Belyavskiy Date: Wed Aug 4 15:40:24 2021 +0200 Omitted signature_algorithms extension alerts updated Fixes #15484 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16217) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3579202c22..9345838f6a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3302,7 +3302,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { if (!fatalerrs) return 1; - SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } @@ -3317,7 +3317,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (i == sent_sigslen) { if (!fatalerrs) return 1; - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } From scan-admin at coverity.com Wed Aug 11 07:49:47 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 11 Aug 2021 07:49:47 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6113811b18859_17d57d2af4b57e9990306bf@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DWior_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHPIjnVeCokGFnWJBu3Nq5P-2BDwIQivRjS79Dg74KbZ9f-2FxmkVjGoeFTap1935c9vp-2F21n778nxJuWLN3beEQnXk2TvQTYvpfZwGRTCHPOFMdxZ-2BNUOhxPWOeIoM4fRT3B26ATk4YbAWT9Bv8-2FukqgTVnnuA-2FhEZu-2F66gwZgagWlVJurwE-2BUSNSqgkNJPGOUcOY-3D Build ID: 401814 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Wed Aug 11 07:52:54 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 11 Aug 2021 07:52:54 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <611381d5e4db6_17d6772af4b57e9990306e@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D6u0m_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG7DdGzAT35MBHM6lO23Zo6gafVLJ90OZ9-2F70KXAoWEoLSRmk5OWJOJ8b1gRZVd5gufUDe2I3tF7mp48f30dEgjqurjE4rKMh4FE2vz6DajGTMHWPh0KujIFryZ-2BttxPm-2BxZZxr73vMIYQBDZxaijAaV-2Fm-2FDw92m1qgPXWJGwsrUgbqX8aHvtjKDLuv0xaP0Cg-3D Build ID: 401815 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Wed Aug 11 08:09:11 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 11 Aug 2021 08:09:11 +0000 Subject: [openssl] master update Message-ID: <1628669351.612293.17984.nullmailer@dev.openssl.org> The branch master has been updated via c96670e59a702de71d572958ff60fda5f78637c2 (commit) from b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 (commit) - Log ----------------------------------------------------------------- commit c96670e59a702de71d572958ff60fda5f78637c2 Author: Tomas Mraz Date: Tue Aug 10 09:00:22 2021 +0200 aes_v8_xts_encrypt is present only on 64bit arm builds Fixes #16273 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16275) ----------------------------------------------------------------------- Summary of changes: include/crypto/aes_platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h index f1b1d62549..015c3bd4ab 100644 --- a/include/crypto/aes_platform.h +++ b/include/crypto/aes_platform.h @@ -92,7 +92,7 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, # define HWAES_decrypt aes_v8_decrypt # define HWAES_cbc_encrypt aes_v8_cbc_encrypt # define HWAES_ecb_encrypt aes_v8_ecb_encrypt -# if __ARM_MAX_ARCH__>=8 +# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) # define HWAES_xts_encrypt aes_v8_xts_encrypt # define HWAES_xts_decrypt aes_v8_xts_decrypt # endif From tomas at openssl.org Wed Aug 11 10:07:39 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 11 Aug 2021 10:07:39 +0000 Subject: [openssl] master update Message-ID: <1628676459.382684.23192.nullmailer@dev.openssl.org> The branch master has been updated via 12e055991e9d755c8a395f60abf97783795be626 (commit) via aa5098021be2df0fd33bd5e8b1325c49dc519433 (commit) from c96670e59a702de71d572958ff60fda5f78637c2 (commit) - Log ----------------------------------------------------------------- commit 12e055991e9d755c8a395f60abf97783795be626 Author: Tomas Mraz Date: Tue Aug 10 09:18:19 2021 +0200 dsatest: Properly detect failure in generate/sign/verify Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16268) commit aa5098021be2df0fd33bd5e8b1325c49dc519433 Author: Tomas Mraz Date: Mon Aug 9 10:42:46 2021 +0200 Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen Fixes #16261 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16268) ----------------------------------------------------------------------- Summary of changes: crypto/ffc/ffc_params_generate.c | 10 +++++++--- test/dsatest.c | 8 +++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 36b5a873a7..f0601e1644 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -1047,7 +1047,11 @@ int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, int type, size_t L, size_t N, int *res, BN_GENCB *cb) { - return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb); + if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb)) + return 0; + + ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1); + return 1; } diff --git a/test/dsatest.c b/test/dsatest.c index 533fba1cbc..2d34ca4261 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -108,9 +108,11 @@ static int dsa_test(void) if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) goto end; - DSA_generate_key(dsa); - DSA_sign(0, str1, 20, sig, &siglen, dsa); - if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa))) + if (!TEST_true(DSA_generate_key(dsa))) + goto end; + if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa))) + goto end; + if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) ret = 1; end: From beldmit at gmail.com Wed Aug 11 15:12:44 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 11 Aug 2021 15:12:44 +0000 Subject: [openssl] master update Message-ID: <1628694764.197444.27591.nullmailer@dev.openssl.org> The branch master has been updated via 0f70d6013435308ada5d0eb662b31f370b07ebd7 (commit) from 12e055991e9d755c8a395f60abf97783795be626 (commit) - Log ----------------------------------------------------------------- commit 0f70d6013435308ada5d0eb662b31f370b07ebd7 Author: Tomas Mraz Date: Tue Aug 10 14:51:21 2021 +0200 EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable If key length is different from the existing key length and it is not a settable parameter, raise an error. Fixes #16277 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16279) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index e0f411aa06..519cab3f2b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -986,8 +986,10 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) /* Check the cipher actually understands this parameter */ if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), - OSSL_CIPHER_PARAM_KEYLEN) == NULL) + OSSL_CIPHER_PARAM_KEYLEN) == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); return 0; + } params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params); From tomas at openssl.org Wed Aug 11 16:13:50 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 11 Aug 2021 16:13:50 +0000 Subject: [openssl] master update Message-ID: <1628698430.044107.29694.nullmailer@dev.openssl.org> The branch master has been updated via 3465ec99eab5803507b577d50dd0d598b852d825 (commit) via 73dadb9300bc54ac871209843faf797721f7ab88 (commit) from 0f70d6013435308ada5d0eb662b31f370b07ebd7 (commit) - Log ----------------------------------------------------------------- commit 3465ec99eab5803507b577d50dd0d598b852d825 Author: Todd Short Date: Thu Aug 5 16:38:47 2021 -0400 Sort SSL_OP names in documentation Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16236) commit 73dadb9300bc54ac871209843faf797721f7ab88 Author: Todd Short Date: Thu Aug 5 16:29:37 2021 -0400 Add missing SSL_OP flags Add missing SSL_OP flags. Correct the list of flags set by SSL_OP_ALL. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16236) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_options.pod | 289 +++++++++++++++++++++------------------ 1 file changed, 153 insertions(+), 136 deletions(-) diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index df47e4dd03..dfd0c83afc 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -62,16 +62,11 @@ The following B options are available: =over 4 -=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG +=item SSL_OP_CRYPTOPRO_TLSEXT_BUG -Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. -OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. - -=item SSL_OP_DISABLE_TLSEXT_CA_NAMES - -Disable TLS Extension CA Names. You may want to disable it for security reasons -or for compatibility with some Windows TLS implementations crashing when this -extension is larger than 1024 bytes. +Add server-hello extension from the early version of cryptopro draft +when GOST ciphersuite is negotiated. Required for interoperability with CryptoPro +CSP 3.x. =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS @@ -80,6 +75,11 @@ vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers. +=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG + +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. +OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. + =item SSL_OP_TLSEXT_PADDING Adds a padding extension to ensure the ClientHello size is never between @@ -100,17 +100,20 @@ The following B options are available: =over 4 -=item SSL_OP_TLS_ROLLBACK_BUG +=item SSL_OP_ALLOW_CLIENT_RENEGOTIATION -Disable version rollback attack detection. +Client-initiated renegotiation is disabled by default. Use +this option to enable it. -During the client key exchange, the client must send the same information -about acceptable SSL/TLS protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: -the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server -only understands up to SSLv3. In this case the client must still use the -same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) +=item SSL_OP_ALLOW_NO_DHE_KEX + +In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. + +=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the B section for more details. =item SSL_OP_CIPHER_SERVER_PREFERENCE @@ -119,81 +122,103 @@ preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSL/TLS server will choose following its own preferences. -=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, -SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 +=item SSL_OP_CISCO_ANYCONNECT -These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol -versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, -respectively. -As of OpenSSL 1.1.0, these options are deprecated, use -L and -L instead. +Use Cisco's version identifier of DTLS_BAD_VER when establishing a DTLSv1 +connection. Only available when using the deprecated DTLSv1_client_method() API. -=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - -When performing renegotiation as a server, always start a new session -(i.e., session resumption requests are only accepted in the initial -handshake). This option is not needed for clients. - -=item SSL_OP_NO_COMPRESSION - -Do not use compression even if it is supported. +=item SSL_OP_CLEANSE_PLAINTEXT -=item SSL_OP_NO_QUERY_MTU +By default TLS connections keep a copy of received plaintext +application data in a static buffer until it is overwritten by the +next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT +deciphered application data is cleansed by calling OPENSSL_cleanse(3) +after passing data to the application. Data is also cleansed when +releasing the connection (e.g. L). -Do not query the MTU. Only affects DTLS connections. +Since OpenSSL only cleanses internal buffers, the application is still +responsible for cleansing all other buffers. Most notably, this +applies to buffers passed to functions like L, +L but also like L. =item SSL_OP_COOKIE_EXCHANGE Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects DTLS connections. -=item SSL_OP_NO_TICKET +=item SSL_OP_DISABLE_TLSEXT_CA_NAMES -SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless -session tickets. +Disable TLS Extension CA Names. You may want to disable it for security reasons +or for compatibility with some Windows TLS implementations crashing when this +extension is larger than 1024 bytes. -When using session ids a copy of the session information is -cached on the server and a unique id is sent to the client. When the client -wishes to resume it provides the unique id so that the server can retrieve the -session information from its cache. +=item SSL_OP_ENABLE_KTLS -When using stateless session tickets the server uses a session ticket encryption -key to encrypt the session information. This encrypted data is sent to the -client as a "ticket". When the client wishes to resume it sends the encrypted -data back to the server. The server uses its key to decrypt the data and resume -the session. In this way the server can operate statelessly - no session -information needs to be cached locally. +Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must +have been compiled with support for it, and it must be supported by the +negotiated ciphersuites and extensions. The specific ciphersuites and extensions +that are supported may vary by platform and kernel version. -The TLSv1.3 protocol only supports tickets and does not directly support session -ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful -and stateless. Stateless tickets work the same way as in TLSv1.2 and below. -Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. -The session information is cached on the server and the session id is wrapped up -in a ticket and sent back to the client. When the client wishes to resume, it -presents a ticket in the same way as for stateless tickets. The server can then -extract the session id from the ticket and retrieve the session information from -its cache. +The kernel TLS data-path implements the record layer, and the encryption +algorithm. The kernel will utilize the best hardware +available for encryption. Using the kernel data-path should reduce the memory +footprint of OpenSSL because no buffering is required. Also, the throughput +should improve because data copy is avoided when user data is encrypted into +kernel memory instead of the usual encrypt then copy to kernel. -By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will -cause stateless tickets to not be issued. In TLSv1.2 and below this means no -ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be -sent. This is a server-side option only. +Kernel TLS might not support all the features of OpenSSL. For instance, +renegotiation, and setting the maximum fragment size is not possible as of +Linux 4.20. -In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from -being sent by calling L or -L. +Note that with kernel TLS enabled some cryptographic operations are performed +by the kernel directly and not via any available OpenSSL Providers. This might +be undesirable if, for example, the application requires all cryptographic +operations to be performed by the FIPS provider. -=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION +=item SSL_OP_ENABLE_MIDDLEBOX_COMPAT -Allow legacy insecure renegotiation between OpenSSL and unpatched clients or -servers. See the B section for more details. +If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not CCS messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +SSL_clear_options(). A future version of OpenSSL may not set this by default. + +=item SSL_OP_IGNORE_UNEXPECTED_EOF + +Some TLS implementations do not send the mandatory close_notify alert on +shutdown. If the application tries to wait for the close_notify alert but the +peer closes the connection without sending it, an error is generated. When this +option is enabled the peer does not need to send the close_notify alert and a +closed connection will be treated as if the close_notify alert was received. + +You should only enable this option if the protocol running over TLS +can detect a truncation attack itself, and that the application is checking for +that truncation attack. + +For more information on shutting down a connection, see L. =item SSL_OP_LEGACY_SERVER_CONNECT Allow legacy insecure renegotiation between OpenSSL and unpatched servers B. See the B section for more details. +=item SSL_OP_NO_ANTI_REPLAY + +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See L for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. + +=item SSL_OP_NO_COMPRESSION + +Do not use compression even if it is supported. This option is set by default. +To switch it off use SSL_clear_options(). + =item SSL_OP_NO_ENCRYPT_THEN_MAC Normally clients and servers will transparently attempt to negotiate the @@ -210,29 +235,66 @@ RFC7627 Extended Master Secret option on TLS and DTLS connection. If this option is set, Extended Master Secret is disabled. Clients will not propose, and servers will not accept the extension. +=item SSL_OP_NO_QUERY_MTU + +Do not query the MTU. Only affects DTLS connections. + =item SSL_OP_NO_RENEGOTIATION Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello. -=item SSL_OP_IGNORE_UNEXPECTED_EOF +=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION -Some TLS implementations do not send the mandatory close_notify alert on -shutdown. If the application tries to wait for the close_notify alert but the -peer closes the connection without sending it, an error is generated. When this -option is enabled the peer does not need to send the close_notify alert and a -closed connection will be treated as if the close_notify alert was received. +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. -You should only enable this option if the protocol running over TLS -can detect a truncation attack itself, and that the application is checking for -that truncation attack. +=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, +SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 -For more information on shutting down a connection, see L. +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +L and +L instead. -=item SSL_OP_ALLOW_NO_DHE_KEX +=item SSL_OP_NO_TICKET -In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means -that there will be no forward secrecy for the resumed session. +SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless +session tickets. + +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. + +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a "ticket". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly - no session +information needs to be cached locally. + +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. + +By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. + +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling L or +L. =item SSL_OP_PRIORITIZE_CHACHA @@ -243,62 +305,17 @@ those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use AES and other ciphers. Requires B. -=item SSL_OP_ENABLE_MIDDLEBOX_COMPAT - -If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This -has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that -do not understand TLSv1.3 will not drop the connection. Regardless of whether -this option is set or not CCS messages received from the peer will always be -ignored in TLSv1.3. This option is set by default. To switch it off use -SSL_clear_options(). A future version of OpenSSL may not set this by default. - -=item SSL_OP_NO_ANTI_REPLAY - -By default, when a server is configured for early data (i.e., max_early_data > 0), -OpenSSL will switch on replay protection. See L for a -description of the replay protection feature. Anti-replay measures are required -to comply with the TLSv1.3 specification. Some applications may be able to -mitigate the replay risks in other ways and in such cases the built in OpenSSL -functionality is not required. Those applications can turn this feature off by -setting this option. This is a server-side opton only. It is ignored by -clients. - -=item SSL_OP_CLEANSE_PLAINTEXT - -By default TLS connections keep a copy of received plaintext -application data in a static buffer until it is overwritten by the -next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT -deciphered application data is cleansed by calling OPENSSL_cleanse(3) -after passing data to the application. Data is also cleansed when -releasing the connection (e.g. L). - -Since OpenSSL only cleanses internal buffers, the application is still -responsible for cleansing all other buffers. Most notably, this -applies to buffers passed to functions like L, -L but also like L. - -=item SSL_OP_ENABLE_KTLS - -Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must -have been compiled with support for it, and it must be supported by the -negotiated ciphersuites and extensions. The specific ciphersuites and extensions -that are supported may vary by platform and kernel version. - -The kernel TLS data-path implements the record layer, and the encryption -algorithm. The kernel will utilize the best hardware -available for encryption. Using the kernel data-path should reduce the memory -footprint of OpenSSL because no buffering is required. Also, the throughput -should improve because data copy is avoided when user data is encrypted into -kernel memory instead of the usual encrypt then copy to kernel. +=item SSL_OP_TLS_ROLLBACK_BUG -Kernel TLS might not support all the features of OpenSSL. For instance, -renegotiation, and setting the maximum fragment size is not possible as of -Linux 4.20. +Disable version rollback attack detection. -Note that with kernel TLS enabled some cryptographic operations are performed -by the kernel directly and not via any available OpenSSL Providers. This might -be undesirable if, for example, the application requires all cryptographic -operations to be performed by the FIPS provider. +During the client key exchange, the client must send the same information +about acceptable SSL/TLS protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) =back From pauli at openssl.org Thu Aug 12 06:26:46 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 12 Aug 2021 06:26:46 +0000 Subject: [openssl] master update Message-ID: <1628749606.281179.13944.nullmailer@dev.openssl.org> The branch master has been updated via dbd0244a16ebf577401e92cce374467dbc3226df (commit) from 3465ec99eab5803507b577d50dd0d598b852d825 (commit) - Log ----------------------------------------------------------------- commit dbd0244a16ebf577401e92cce374467dbc3226df Author: Pauli Date: Fri Aug 6 10:01:15 2021 +1000 genpkey: -quiet doesn't take an argument Fixes #16238 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16240) ----------------------------------------------------------------------- Summary of changes: apps/genpkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/genpkey.c b/apps/genpkey.c index d327bcab07..d00754eeac 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -37,7 +37,7 @@ const OPTIONS genpkey_options[] = { #endif {"paramfile", OPT_PARAMFILE, '<', "Parameters file"}, {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"}, - {"quiet", OPT_QUIET, 's', "Do not output status while generating keys"}, + {"quiet", OPT_QUIET, '-', "Do not output status while generating keys"}, {"pkeyopt", OPT_PKEYOPT, 's', "Set the public key algorithm option as opt:value"}, OPT_CONFIG_OPTION, From scan-admin at coverity.com Thu Aug 12 07:49:40 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 12 Aug 2021 07:49:40 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6114d29394a47_198dd22b07de5539b037443@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Dq5pe_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH1W2LqcNAxRoV-2Fm5VrMRgzL3gocUq2IKJ83dZKo4G7v-2FkFzJqUPGGZr2WtXwetFXS92JdIeY-2Fc0EPtSCccdDPq4AP5LtKn4dbsyflHnW-2BwNefHuMLl5-2BY947-2FT17xTV5piL7-2Bh8zK1jsI1BSHkFbb-2Bt7DqGKRjtuB44fmNfBoneRiFcWkgmS8lMCIhKykMTRs-3D Build ID: 401979 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Thu Aug 12 07:52:38 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 12 Aug 2021 07:52:38 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6114d34619e48_198ee02b07de5539b0374e0@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DLQNT_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGepRbIlVv7s3LiXnSfane-2F-2FoqsleOksA17XO9xujnhOwqoA1B5hWPKlera462RPMfR0CNEd-2BAyy7Eysk7PDZDVwbk1PYNa7cJFJWxsXzr-2BDNyYVN5O9NZ4-2FHdxbUa-2FXX1IpTSxCcoNCnUS7dMF4YwElycI4emkgLQM0ok2yOe8tcnkX8u5m5R7w7t3CiStmvI-3D Build ID: 401980 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Thu Aug 12 08:00:28 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 12 Aug 2021 08:00:28 +0000 Subject: [openssl] master update Message-ID: <1628755228.398871.7359.nullmailer@dev.openssl.org> The branch master has been updated via a5f4099d275520caf90a28a88e889cb36683b412 (commit) from dbd0244a16ebf577401e92cce374467dbc3226df (commit) - Log ----------------------------------------------------------------- commit a5f4099d275520caf90a28a88e889cb36683b412 Author: Dmitry Belyavskiy Date: Tue Aug 10 15:04:37 2021 +0200 Disclaimer about the default provider activation added to config Fixes #16249 Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16280) ----------------------------------------------------------------------- Summary of changes: apps/openssl-vms.cnf | 8 ++++++++ apps/openssl.cnf | 8 ++++++++ doc/man5/config.pod | 9 +++++++++ 3 files changed, 25 insertions(+) diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index 4d96a1f32d..59c6776a1e 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -60,6 +60,14 @@ default = default_sect # included fipsmodule.cnf. # fips = fips_sect +# If no providers are activated explicitly, the default one is activated implicitly. +# See man 7 OSSL_PROVIDER-default for more details. +# +# If you add a section explicitly activating any other provider(s), you most +# probably need to explicitly activate the default provider, otherwise it +# becomes unavailable in openssl. As a consequence applications depending on +# OpenSSL may not work correctly which could lead to significant system +# problems including inability to remotely access the system. [default_sect] # activate = 1 diff --git a/apps/openssl.cnf b/apps/openssl.cnf index ffb424a871..03330e0120 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -60,6 +60,14 @@ default = default_sect # included fipsmodule.cnf. # fips = fips_sect +# If no providers are activated explicitly, the default one is activated implicitly. +# See man 7 OSSL_PROVIDER-default for more details. +# +# If you add a section explicitly activating any other provider(s), you most +# probably need to explicitly activate the default provider, otherwise it +# becomes unavailable in openssl. As a consequence applications depending on +# OpenSSL may not work correctly which could lead to significant system +# problems including inability to remotely access the system. [default_sect] # activate = 1 diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 7bd603a2cc..77a8055e81 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -273,6 +273,15 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. +=head3 Default provider and its activation + +If no providers are activated explicitly, the default one is activated implicitly. +See L for more details. + +If you add a section explicitly activating any other provider(s), +you most probably need to explicitly activate the default provider, +otherwise it becomes unavailable in openssl. It may make the system remotely unavailable. + =head2 EVP Configuration The name B in the initialization section names the section From scan-admin at coverity.com Fri Aug 13 07:49:39 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 13 Aug 2021 07:49:39 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <61162412e263e_1b4bfb2adc67199998269f0@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Dz9Sh_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGFfGykvY0KQCLP38DZRrvWIbJ-2FbzIXiNiCW8qOyz83PJ-2F5YTauo7O9JXxYe-2F3cloRYxHqkYwg6kFpIWgVk0-2Bo0Gk5Rq5qlC6-2FwQ5AYqxsHNGP2vCt9kBRB9e59r-2B06KI56mKzc8rQUI47XN0f-2BQuJB-2FAN1m0kC8Ha1oeJJaDUQNKKTIBKokEEDNzdkP0Ddg9A-3D Build ID: 402139 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Fri Aug 13 07:53:13 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 13 Aug 2021 07:53:13 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <611624e97fe7f_1b4d392adc671999982695a@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DjShx_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG2cnqvkCu-2F1-2BinRHXHAvoEEoKx9-2FUMVzm9dhE4ccuEnu4FFb2Fm8R7II6ccYRTT6r7G6ljK1i6cWa66CaIqJ3lR5hYMTY44l-2FsVcciPci7CbUE5gCzuWTVvgVINCQf62nhYzvcripyQRxe-2F4q9DDWIhPu3lzSATWWcrU1lJJ8xgmyQwalxSJUIH6NrE7PlRxw-3D Build ID: 402140 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Fri Aug 13 08:36:13 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 13 Aug 2021 08:36:13 +0000 Subject: [openssl] master update Message-ID: <1628843773.789092.5003.nullmailer@dev.openssl.org> The branch master has been updated via 254957f768a61c91c14d89566224173d0831c2ce (commit) from a5f4099d275520caf90a28a88e889cb36683b412 (commit) - Log ----------------------------------------------------------------- commit 254957f768a61c91c14d89566224173d0831c2ce Author: Shane Lontis Date: Wed Aug 11 12:23:08 2021 +1000 Allow small RSA exponents in the default provider Fixes #16255 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16285) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_sp800_56b_check.c | 27 +++++++++------------------ test/rsa_sp800_56b_test.c | 15 +++++++++------ 2 files changed, 18 insertions(+), 24 deletions(-) diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index 9b827d2872..fc8f19b487 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -218,30 +218,21 @@ int ossl_rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx) return ret; } -#ifndef FIPS_MODULE -static int bn_is_three(const BIGNUM *bn) -{ - BIGNUM *num = BN_dup(bn); - int ret = (num != NULL && BN_sub_word(num, 3) && BN_is_zero(num)); - - BN_free(num); - return ret; -} -#endif /* FIPS_MODULE */ - -/* Check exponent is odd, and has a bitlen ranging from [17..256] */ +/* + * Check exponent is odd. + * For FIPS also check the bit length is in the range [17..256] + */ int ossl_rsa_check_public_exponent(const BIGNUM *e) { +#ifdef FIPS_MODULE int bitlen; - /* For legacy purposes RSA_3 is allowed in non fips mode */ -#ifndef FIPS_MODULE - if (bn_is_three(e)) - return 1; -#endif /* FIPS_MODULE */ - bitlen = BN_num_bits(e); return (BN_is_odd(e) && bitlen > 16 && bitlen < 257); +#else + /* Allow small exponents larger than 1 for legacy purposes */ + return BN_is_odd(e) && BN_cmp(e, BN_value_one()) > 0; +#endif /* FIPS_MODULE */ } /* diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c index 033983d58e..f5df0e4955 100644 --- a/test/rsa_sp800_56b_test.c +++ b/test/rsa_sp800_56b_test.c @@ -104,26 +104,29 @@ static BIGNUM *bn_load_new(const unsigned char *data, int sz) return ret; } +/* Check that small rsa exponents are allowed in non FIPS mode */ static int test_check_public_exponent(void) { int ret = 0; BIGNUM *e = NULL; ret = TEST_ptr(e = BN_new()) - /* e is too small */ - && TEST_true(BN_set_word(e, 65535)) + /* e is too small will fail */ + && TEST_true(BN_set_word(e, 1)) && TEST_false(ossl_rsa_check_public_exponent(e)) /* e is even will fail */ && TEST_true(BN_set_word(e, 65536)) && TEST_false(ossl_rsa_check_public_exponent(e)) /* e is ok */ + && TEST_true(BN_set_word(e, 3)) + && TEST_true(ossl_rsa_check_public_exponent(e)) + && TEST_true(BN_set_word(e, 17)) + && TEST_true(ossl_rsa_check_public_exponent(e)) && TEST_true(BN_set_word(e, 65537)) && TEST_true(ossl_rsa_check_public_exponent(e)) - /* e = 2^256 is too big */ + /* e = 2^256 + 1 is ok */ && TEST_true(BN_lshift(e, BN_value_one(), 256)) - && TEST_false(ossl_rsa_check_public_exponent(e)) - /* e = 2^256-1 is odd and in range */ - && TEST_true(BN_sub(e, e, BN_value_one())) + && TEST_true(BN_add(e, e, BN_value_one())) && TEST_true(ossl_rsa_check_public_exponent(e)); BN_free(e); return ret; From tomas at openssl.org Fri Aug 13 08:46:04 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 13 Aug 2021 08:46:04 +0000 Subject: [openssl] master update Message-ID: <1628844364.343322.12065.nullmailer@dev.openssl.org> The branch master has been updated via bd32bdb8b2a0f98d99b21e1b4d68dfaf1bd5584d (commit) from 254957f768a61c91c14d89566224173d0831c2ce (commit) - Log ----------------------------------------------------------------- commit bd32bdb8b2a0f98d99b21e1b4d68dfaf1bd5584d Author: Tomas Mraz Date: Tue Aug 10 17:07:35 2021 +0200 Add documentation about the multilib postfix and libdir Fixes #16244 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16281) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 10 ++++++++++ INSTALL.md | 8 ++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5991eb5465..bcb1601d26 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,16 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * On build targets where the multilib postfix is set in the build + configuration the libdir directory was changing based on whether + the lib directory with the multilib postfix exists on the system + or not. This unpredictable behavior was removed and eventual + multilib postfix is now always added to the default libdir. Use + `--libdir=lib` to override the libdir if adding the postfix is + undesirable. + + *Jan L?na* + * The ERR_GET_FUNC() function was removed. With the loss of meaningful function codes, this function can only cause problems for calling applications. diff --git a/INSTALL.md b/INSTALL.md index 202a66885e..c717dfcdf0 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -350,9 +350,13 @@ Directories The name of the directory under the top of the installation directory tree (see the `--prefix` option) where libraries will be installed. By default -this is `lib/`. Note that on Windows only static libraries (`*.lib`) will +this is `lib`. Note that on Windows only static libraries (`*.lib`) will be stored in this location. Shared libraries (`*.dll`) will always be -installed to the `bin/` directory. +installed to the `bin` directory. + +Some build targets have a multilib postfix set in the build configuration. +For these targets the default libdir is `lib`. Please use +`--libdir=lib` to override the libdir if adding the postfix is undesirable. ### openssldir From tomas at openssl.org Fri Aug 13 10:28:28 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 13 Aug 2021 10:28:28 +0000 Subject: [openssl] master update Message-ID: <1628850508.749349.8967.nullmailer@dev.openssl.org> The branch master has been updated via 4ccad35756dfa9df657f3853810101fa9d6ca525 (commit) from bd32bdb8b2a0f98d99b21e1b4d68dfaf1bd5584d (commit) - Log ----------------------------------------------------------------- commit 4ccad35756dfa9df657f3853810101fa9d6ca525 Author: Tomas Mraz Date: Wed Aug 11 18:46:07 2021 +0200 Correct documentation errors in regards to UTF8 params This fixes numerous bugs in documentation in regards to UTF8 params and their sizes. The returned size should always be without the terminating NUL byte. On the other hand on the requestor side the size of the buffer should include the NUL byte if it expects it being included in the returned string. Also make this clear in the EVP_PKEY_get_group_name() documentation which uses utf8 string params under the hood. Fixes #16287 Reviewed-by: Viktor Dukhovni Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16296) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_PKEY_fromdata.pod | 2 +- doc/man3/EVP_PKEY_get_group_name.pod | 4 ++-- doc/man3/EVP_PKEY_gettable_params.pod | 3 ++- doc/man3/OSSL_PARAM.pod | 8 ++++---- doc/man3/OSSL_PARAM_BLD.pod | 6 ++++-- doc/man3/OSSL_PARAM_int.pod | 13 +++++++------ 6 files changed, 20 insertions(+), 16 deletions(-) diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod index d24fb34a25..107ebf82a0 100644 --- a/doc/man3/EVP_PKEY_fromdata.pod +++ b/doc/man3/EVP_PKEY_fromdata.pod @@ -161,7 +161,7 @@ TODO Write a set of cookbook documents and link to them. 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47 }; const OSSL_PARAM params[] = { - OSSL_PARAM_utf8_string("group", "prime256v1"), + OSSL_PARAM_utf8_string("group", "prime256v1", 10), OSSL_PARAM_BN("priv", priv, sizeof(priv)), OSSL_PARAM_BN("pub", pub, sizeof(pub)), OSSL_PARAM_END diff --git a/doc/man3/EVP_PKEY_get_group_name.pod b/doc/man3/EVP_PKEY_get_group_name.pod index 3ef19b8575..5844bf1abc 100644 --- a/doc/man3/EVP_PKEY_get_group_name.pod +++ b/doc/man3/EVP_PKEY_get_group_name.pod @@ -15,8 +15,8 @@ EVP_PKEY_get_group_name - get group name of a key EVP_PKEY_get_group_name() fills in the group name of the I into I, up to at most I bytes including the ending NUL byte -and assigns I<*gname_len> the actual size of the name, if I's key type -supports it. +and assigns I<*gname_len> the actual length of the name not including +the NUL byte, if I's key type supports it. I as well as I may individually be NULL, and won't be filled in or assigned in that case. diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod index da3d99d0bf..27240b0d3b 100644 --- a/doc/man3/EVP_PKEY_gettable_params.pod +++ b/doc/man3/EVP_PKEY_gettable_params.pod @@ -49,7 +49,8 @@ is allocated by the method. EVP_PKEY_get_utf8_string_param() get a key I UTF8 string value int a buffer I of maximum size I associated with a name of I. -I<*out_sz> is the returned size of the string if it is not NULL. +If I is not NULL the I<*out_sz> is set to the length of the string +not including the terminating NUL byte. EVP_PKEY_get_octet_string_param() copy a I's octet string value into a buffer I of maximum size I associated with a name of I. diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index 98d75c9fa2..f335d6f2c8 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -306,11 +306,11 @@ This example is for setting parameters on some object: #include const char *foo = "some string"; - size_t foo_l = strlen(foo) + 1; + size_t foo_l = strlen(foo); const char bar[] = "some other string"; OSSL_PARAM set[] = { { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 }, - { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 }, + { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar) - 1, 0 }, { NULL, 0, NULL, 0, 0 } }; @@ -338,10 +338,10 @@ could fill in the parameters like this: for (i = 0; params[i].key != NULL; i++) { if (strcmp(params[i].key, "foo") == 0) { *(char **)params[i].data = "foo value"; - params[i].return_size = 10; /* size of "foo value" */ + params[i].return_size = 9; /* length of "foo value" string */ } else if (strcmp(params[i].key, "bar") == 0) { memcpy(params[i].data, "bar value", 10); - params[i].return_size = 10; /* size of "bar value" */ + params[i].return_size = 9; /* length of "bar value" string */ } /* Ignore stuff we don't know */ } diff --git a/doc/man3/OSSL_PARAM_BLD.pod b/doc/man3/OSSL_PARAM_BLD.pod index fdc9ec3081..d07eff6f27 100644 --- a/doc/man3/OSSL_PARAM_BLD.pod +++ b/doc/man3/OSSL_PARAM_BLD.pod @@ -91,7 +91,8 @@ must exist until after OSSL_PARAM_BLD_to_param() has been called. OSSL_PARAM_BLD_push_utf8_string() is a function that will create an OSSL_PARAM object that references the UTF8 string specified by I. -If the length of the string, I, is zero then it will be calculated. +The length of the string I should not include the terminating NUL byte. +If it is zero then it will be calculated. The string that I points to is stored by reference and must remain in scope until after OSSL_PARAM_BLD_to_param() has been called. @@ -102,7 +103,8 @@ scope until after OSSL_PARAM_BLD_to_param() has been called. OSSL_PARAM_BLD_push_utf8_ptr() is a function that will create an OSSL_PARAM object that references the UTF8 string specified by I. -If the length of the string, I, is zero then it will be calculated. +The length of the string I should not include the terminating NUL byte. +If it is zero then it will be calculated. The string I points to is stored by reference and must remain in scope until the OSSL_PARAM array is freed. diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 4f482ee610..8dbe830e95 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -200,7 +200,7 @@ OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET string B structure. A parameter with name I, storage I and size I is created. -OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF string +OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF8 string pointer B structure. A parameter with name I, storage pointer I<*buf> and size I is created. @@ -241,17 +241,18 @@ will be assigned the size the parameter's I buffer should have. OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter pointed to by I

. The string is stored into I<*val> with a size limit of I, -which must be large enough to accomodate a terminating NUL byte, -otherwise this function will fail. -If I<*val> is NULL, memory is allocated for the string and I -is ignored. +which must be large enough to accomodate the string. A terminating NUL byte +is added only if the buffer is longer than the string length otherwise the +string will not be NUL terminated. +If I<*val> is NULL, memory is allocated for the string (including the +terminating NUL byte) and I is ignored. If memory is allocated by this function, it must be freed by the caller. OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to by I

to the value referenced by I. If the parameter's I field is NULL, then only its I field will be assigned the minimum size the parameter's I buffer should have -to accomodate the string, including a terminating NUL byte. +to accomodate the string, not including a terminating NUL byte. OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter pointed to by I

. From scan-admin at coverity.com Sat Aug 14 07:49:46 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 14 Aug 2021 07:49:46 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <611775996d6cc_1d0d932adcb105d9a4118fa@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DTW9y_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHCm-2BhH2lHciUqBNVeSqQzFI18nCSEMKds7aqkwEi-2FzFEFTUhIz1A2dtBqw2OWTdeitRAhiKz4F1n8now3lF020nhxHcIpJ9DYrl04vGgZfIpUb-2BVZn2uFsVwH9siOXLGmwD1EKZRx5fnTsHCfqOEUQVB7B3B9x-2BXZWQxHiVXo5omdjUZrb7RtTLa-2BoQBOKugI-3D Build ID: 402296 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sat Aug 14 07:52:42 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 14 Aug 2021 07:52:42 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6117764a2b78e_1d0e802adcb105d9a411827@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DWXoA_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEOuAMVVC2WnTYtqY0oPDSeNmf5GuOp6zrl5g2MO-2B2oa32UDRnYtZHbQqEX7YDKfzmJRmbxN-2FLy2lOV85OTHoLd-2FqCuDtCY10uAsIa4WgeYEcJqgk5jCtgl1xNJGqT73MqtHaa-2BPk6br56a32JGP-2BbYae7QO4Pe3lzn0plU3M6F2-2BTnH2UxI3dpIXJVM-2BVtfe0-3D Build ID: 402297 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Aug 15 07:50:33 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 15 Aug 2021 07:50:33 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6118c748f1cf5_1ec3c82aea529af9b87896@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DTcPT_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEoJfCI5rmgdvIRnDhVD9Z8pRWxmqTDVje0hxgmXzqUOv6uN4K-2FjieyHMtOxYDW0mO8KlEal6gmzckU-2BySBbAJzWZHVLjzhUSdUHpOgVrDppVWMFE4zXeB1ij8xXGgakcJGGLv-2FT0LxVmq4AGqZfY9nhh1jYTs9Bk4miGZE0e94TeHapTloijplNAcrkn6tDRw-3D Build ID: 402478 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Aug 15 07:53:54 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 15 Aug 2021 07:53:54 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6118c81280974_1ec4bf2aea529af9b878932@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DI5ey_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGZLJcxwIb37FCivak415XcclgOsvKRboVH5eU69UUY1PM0zQe12wtDT-2FW75WZI1bSp5QBorZQc6n-2BOcKLYnfjfOeHizFY9mvxf7gRnYl1aMXmkoZGLbi-2BcIzKCP2-2BV1tTuL18b3CyneI-2FMa64544njKssFLsjEC1ms-2FLqyROtzVQPfq5HFrShWAByXU4yizZQ-3D Build ID: 402480 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 16 07:49:47 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 16 Aug 2021 07:49:47 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <611a189aa2990_207f0c2b037f7c59a442646@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DTOZI_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFYnz3xswZEO8lr4P702R2sHnydZnEFPaNqZ0aCZ6VQ8tUqH93zoB3l8DzBw-2F8kgGuTK-2FuhUdkvQR147mJvg7qelPfg41Kjs-2B6-2FPFUvMrfxk8xdYN4Nh479GRLZAEKvDJII-2F77z0Xe0iuTIslMAOzqHRCdSWdRjHtEic4g0o2bJx8yK3AvTrIcnSJfZ8INKpeE-3D Build ID: 402649 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 16 07:53:03 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 16 Aug 2021 07:53:03 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <611a195f43ff2_2080182b037f7c59a442636@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DmOWk_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG-2B6lRr-2FyzkhIrYwNxpUHplFYwMitbSIdlIjaeTuF5s8YNgJQjOZuAE3-2F2GNTlj4WTbIZpnsfcs-2FewZG-2B8hXt0xkjjEqNaxmzZlhE-2FrmHcdR7r6LCs6Bt8fhNPwadhQKd1nA5BoFpRxufk4uu1yoRWbUxvg1eBF0DWHuRdxKq1BDkjWMpNNwJHTQ6W-2BnxrhVSA-3D Build ID: 402650 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Mon Aug 16 10:55:24 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 16 Aug 2021 10:55:24 +0000 Subject: [openssl] master update Message-ID: <1629111324.024290.5539.nullmailer@dev.openssl.org> The branch master has been updated via 0ec738433e522c96c7edfe4c9ffdc76d4dfef00a (commit) from 4ccad35756dfa9df657f3853810101fa9d6ca525 (commit) - Log ----------------------------------------------------------------- commit 0ec738433e522c96c7edfe4c9ffdc76d4dfef00a Author: Tomas Mraz Date: Fri Aug 6 17:25:13 2021 +0200 Multiple fixes for getting pub key from legacy DH PKEY There were multiple issues with getting OSSL_PKEY_PARAM_PUB_KEY from a legacy EVP_PKEY DH and DHX keys. Fixes #16247 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16253) ----------------------------------------------------------------------- Summary of changes: crypto/evp/ctrl_params_translate.c | 23 ++++++++++++++++++----- test/evp_extra_test.c | 34 ++++++++++++++++++++++++++++------ 2 files changed, 46 insertions(+), 11 deletions(-) diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index a441c1f4b7..88945e13e6 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -654,9 +654,21 @@ static int default_fixup_args(enum state state, } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY) && ctx->action_type == GET) { /* For the POST state, only getting needs some work to be done */ - + unsigned int param_data_type = translation->param_data_type; + size_t size = (size_t)ctx->p1; + + if (state == PKEY) + size = ctx->sz; + if (param_data_type == 0) { + /* we must have a fixup_args function to work */ + if (!ossl_assert(translation->fixup_args != NULL)) { + ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); + return 0; + } + param_data_type = ctx->params->data_type; + } /* When getting, we populate |*params| from |p1| and |p2| */ - switch (translation->param_data_type) { + switch (param_data_type) { case OSSL_PARAM_INTEGER: return OSSL_PARAM_set_int(ctx->params, ctx->p1); case OSSL_PARAM_UNSIGNED_INTEGER: @@ -673,10 +685,10 @@ static int default_fixup_args(enum state state, return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2); case OSSL_PARAM_OCTET_STRING: return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2, - (size_t)ctx->p1); + size); case OSSL_PARAM_OCTET_PTR: return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2, - (size_t)ctx->p1); + size); default: ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, "[action:%d, state:%d] " @@ -1552,6 +1564,7 @@ static int get_payload_public_key(enum state state, ctx->p2 = NULL; switch (EVP_PKEY_get_base_id(pkey)) { #ifndef OPENSSL_NO_DH + case EVP_PKEY_DHX: case EVP_PKEY_DH: switch (ctx->params->data_type) { case OSSL_PARAM_OCTET_STRING: @@ -2249,7 +2262,7 @@ static const struct translation_st evp_pkey_translations[] = { get_payload_private_key }, { GET, -1, -1, -1, 0, NULL, NULL, OSSL_PKEY_PARAM_PUB_KEY, - 0 /* no data type, let get_payload_pub_key() handle that */, + 0 /* no data type, let get_payload_public_key() handle that */, get_payload_public_key }, /* DH and DSA */ diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index e03e2a252e..418b467f52 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -2481,13 +2481,21 @@ static int test_EVP_PKEY_set1_DH(void) EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; int ret = 0; BIGNUM *p, *g = NULL; + BIGNUM *pubkey = NULL; + unsigned char pub[2048 / 8]; + size_t len = 0; if (!TEST_ptr(p = BN_new()) || !TEST_ptr(g = BN_new()) - || !BN_set_word(p, 9999) - || !BN_set_word(g, 2) + || !TEST_ptr(pubkey = BN_new()) + || !TEST_true(BN_set_word(p, 9999)) + || !TEST_true(BN_set_word(g, 2)) + || !TEST_true(BN_set_word(pubkey, 4321)) || !TEST_ptr(noqdh = DH_new()) - || !DH_set0_pqg(noqdh, p, NULL, g)) + || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) + || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) + || !TEST_ptr(pubkey = BN_new()) + || !TEST_true(BN_set_word(pubkey, 4321))) goto err; p = g = NULL; @@ -2497,21 +2505,35 @@ static int test_EVP_PKEY_set1_DH(void) if (!TEST_ptr(x942dh) || !TEST_ptr(noqdh) || !TEST_ptr(pkey1) - || !TEST_ptr(pkey2)) + || !TEST_ptr(pkey2) + || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) goto err; + pubkey = NULL; - if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) + if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) goto err; - if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) + if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, + &pubkey)) + || !TEST_ptr(pubkey)) + goto err; + + if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) goto err; + if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, + OSSL_PKEY_PARAM_PUB_KEY, + pub, sizeof(pub), &len)) + || !TEST_size_t_ne(len, 0)) + goto err; + ret = 1; err: BN_free(p); BN_free(g); + BN_free(pubkey); EVP_PKEY_free(pkey1); EVP_PKEY_free(pkey2); DH_free(x942dh); From tomas at openssl.org Mon Aug 16 10:53:45 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 16 Aug 2021 10:53:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629111225.253164.3812.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 33e8f03e98acdf3c505b2ee82dd7e595d11e3b6f (commit) via 331c4b59077603c88d27f9ab663d86843339d034 (commit) via d84596449df6b572332fd6a107c242f308bd81ec (commit) via eacd2fefa0f9fa0be98cb19a920e01a6ae439022 (commit) via 8b169d433c026188219f3b4ca0b92d08e3012e58 (commit) from 5b31b9df7f89d2c2cb935c5e50a912cd048c07c9 (commit) - Log ----------------------------------------------------------------- commit 33e8f03e98acdf3c505b2ee82dd7e595d11e3b6f Author: Tomas Mraz Date: Fri Aug 13 13:01:38 2021 +0200 Revert "TEST: Check that i2d refuses to encode non-optional items with no content" This reverts commit 12e9b74c513a8ed3c1c260cf25221a465ae14b84. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16308) commit 331c4b59077603c88d27f9ab663d86843339d034 Author: Tomas Mraz Date: Fri Aug 13 13:01:37 2021 +0200 Revert "ASN.1: Refuse to encode to DER if non-optional items are missing" This reverts commit 006906cddda37e24a66443199444ef4476697477. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16308) commit d84596449df6b572332fd6a107c242f308bd81ec Author: Tomas Mraz Date: Fri Aug 13 13:01:35 2021 +0200 Revert "Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN" This reverts commit 5434acb6c4d56507d761b28f7e142ccab808a8fa. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16308) commit eacd2fefa0f9fa0be98cb19a920e01a6ae439022 Author: Tomas Mraz Date: Fri Aug 13 13:01:34 2021 +0200 Revert "Fix test/asn1_encode_test.c to handle encoding/decoding failure" This reverts commit f1d97905bbd8679b7647c992b97f526791069040. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16308) commit 8b169d433c026188219f3b4ca0b92d08e3012e58 Author: Tomas Mraz Date: Fri Aug 13 13:01:29 2021 +0200 Revert "make update (adds a new function code)" This reverts commit ea26844c4f624ef515d9228d3b623761a369b049. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16308) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_err.c | 4 +--- crypto/asn1/tasn_enc.c | 30 ++++++++---------------- crypto/err/openssl.txt | 1 - include/openssl/asn1err.h | 3 +-- test/asn1_encode_test.c | 59 ++++++++++++++++++++++------------------------- test/asn1_internal_test.c | 38 ------------------------------ 6 files changed, 38 insertions(+), 97 deletions(-) diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 50003a8531..cc0a59ca4c 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -82,8 +82,6 @@ static const ERR_STRING_DATA ASN1_str_functs[] = { "ASN1_STRING_type_new"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0), "asn1_template_ex_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_I2D, 0), - "asn1_template_ex_i2d"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0), "asn1_template_noexp_d2i"}, diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 6eb300a21e..bcc96337bc 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -213,7 +213,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int iclass) { - int i, ret, flags, ttag, tclass, ndef, len; + int i, ret, flags, ttag, tclass, ndef; ASN1_VALUE *tval; flags = tt->flags; @@ -300,17 +300,13 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* Determine total length of items */ skcontlen = 0; for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { + int tmplen; skitem = sk_ASN1_VALUE_value(sk, i); - len = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), - -1, iclass); - if (len == -1 || (skcontlen > INT_MAX - len)) - return -1; - if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D, - ASN1_R_ILLEGAL_ZERO_CONTENT); + tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), + -1, iclass); + if (tmplen == -1 || (skcontlen > INT_MAX - tmplen)) return -1; - } - skcontlen += len; + skcontlen += tmplen; } sklen = ASN1_object_size(ndef, skcontlen, sktag); if (sklen == -1) @@ -348,10 +344,6 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass); if (!i) return 0; - if (i == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D, ASN1_R_ILLEGAL_ZERO_CONTENT); - return -1; - } /* Find length of EXPLICIT tag */ ret = ASN1_object_size(ndef, i, ttag); if (out && ret != -1) { @@ -365,13 +357,9 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, } /* Either normal or IMPLICIT tagging: combine class and flags */ - len = ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), - ttag, tclass | iclass); - if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_I2D, ASN1_R_ILLEGAL_ZERO_CONTENT); - return -1; - } - return len; + return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), + ttag, tclass | iclass); + } /* Temporary structure used to hold DER encoding of items for SET OF */ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 34b1bb8b84..017a9a6652 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -60,7 +60,6 @@ ASN1_F_ASN1_STRING_TABLE_ADD:129:ASN1_STRING_TABLE_add ASN1_F_ASN1_STRING_TO_BN:228:asn1_string_to_bn ASN1_F_ASN1_STRING_TYPE_NEW:130:ASN1_STRING_type_new ASN1_F_ASN1_TEMPLATE_EX_D2I:132:asn1_template_ex_d2i -ASN1_F_ASN1_TEMPLATE_EX_I2D:145:asn1_template_ex_i2d ASN1_F_ASN1_TEMPLATE_NEW:133:asn1_template_new ASN1_F_ASN1_TEMPLATE_NOEXP_D2I:131:asn1_template_noexp_d2i ASN1_F_ASN1_TIME_ADJ:217:ASN1_TIME_adj diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index fc72bb70f4..e1ad1fefec 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,6 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_STRING_TO_BN 228 # define ASN1_F_ASN1_STRING_TYPE_NEW 130 # define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 -# define ASN1_F_ASN1_TEMPLATE_EX_I2D 145 # define ASN1_F_ASN1_TEMPLATE_NEW 133 # define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 # define ASN1_F_ASN1_TIME_ADJ 217 diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c index dc0dfaf7b5..51c3802942 100644 --- a/test/asn1_encode_test.c +++ b/test/asn1_encode_test.c @@ -190,7 +190,7 @@ typedef struct { } ASN1_LONG_DATA; ASN1_SEQUENCE(ASN1_LONG_DATA) = { - ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_BOOLEAN), + ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN), ASN1_SIMPLE(ASN1_LONG_DATA, test_long, LONG), ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0) } static_ASN1_SEQUENCE_END(ASN1_LONG_DATA) @@ -280,7 +280,7 @@ typedef struct { } ASN1_INT32_DATA; ASN1_SEQUENCE(ASN1_INT32_DATA) = { - ASN1_SIMPLE(ASN1_INT32_DATA, success, ASN1_BOOLEAN), + ASN1_SIMPLE(ASN1_INT32_DATA, success, ASN1_FBOOLEAN), ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32), ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0) } static_ASN1_SEQUENCE_END(ASN1_INT32_DATA) @@ -328,7 +328,7 @@ typedef struct { } ASN1_UINT32_DATA; ASN1_SEQUENCE(ASN1_UINT32_DATA) = { - ASN1_SIMPLE(ASN1_UINT32_DATA, success, ASN1_BOOLEAN), + ASN1_SIMPLE(ASN1_UINT32_DATA, success, ASN1_FBOOLEAN), ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32), ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0) } static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA) @@ -376,7 +376,7 @@ typedef struct { } ASN1_INT64_DATA; ASN1_SEQUENCE(ASN1_INT64_DATA) = { - ASN1_SIMPLE(ASN1_INT64_DATA, success, ASN1_BOOLEAN), + ASN1_SIMPLE(ASN1_INT64_DATA, success, ASN1_FBOOLEAN), ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64), ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0) } static_ASN1_SEQUENCE_END(ASN1_INT64_DATA) @@ -425,7 +425,7 @@ typedef struct { } ASN1_UINT64_DATA; ASN1_SEQUENCE(ASN1_UINT64_DATA) = { - ASN1_SIMPLE(ASN1_UINT64_DATA, success, ASN1_BOOLEAN), + ASN1_SIMPLE(ASN1_UINT64_DATA, success, ASN1_FBOOLEAN), ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64), ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0) } static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA) @@ -742,17 +742,14 @@ static int test_intern(const TEST_PACKAGE *package) sizeof(test_custom_data) / sizeof(test_custom_data[0])); for (i = 0; i < nelems; i++) { size_t pos = i * package->encode_expectations_elem_size; - EXPECTED *expected - = (EXPECTED *)&((unsigned char *)package->encode_expectations)[pos]; - - switch (do_encode_custom(expected, &test_custom_data[i], package)) { + switch (do_encode_custom((EXPECTED *)&((unsigned char *)package + ->encode_expectations)[pos], + &test_custom_data[i], package)) { case -1: - if (expected->success) { - TEST_error("Failed custom encode round trip %u of %s", - i, package->name); - TEST_openssl_errors(); - fail++; - } + TEST_error("Failed custom encode round trip %u of %s", + i, package->name); + TEST_openssl_errors(); + fail++; break; case 0: TEST_error("Custom encode round trip %u of %s mismatch", @@ -766,16 +763,16 @@ static int test_intern(const TEST_PACKAGE *package) OPENSSL_die("do_encode_custom() return unknown value", __FILE__, __LINE__); } - switch (do_decode_custom(&test_custom_data[i], expected, + switch (do_decode_custom(&test_custom_data[i], + (EXPECTED *)&((unsigned char *)package + ->encode_expectations)[pos], package->encode_expectations_elem_size, package)) { case -1: - if (expected->success) { - TEST_error("Failed custom decode round trip %u of %s", - i, package->name); - TEST_openssl_errors(); - fail++; - } + TEST_error("Failed custom decode round trip %u of %s", + i, package->name); + TEST_openssl_errors(); + fail++; break; case 0: TEST_error("Custom decode round trip %u of %s mismatch", @@ -795,17 +792,15 @@ static int test_intern(const TEST_PACKAGE *package) nelems = package->encdec_data_size / package->encdec_data_elem_size; for (i = 0; i < nelems; i++) { size_t pos = i * package->encdec_data_elem_size; - EXPECTED *expected - = (EXPECTED *)&((unsigned char *)package->encdec_data)[pos]; - - switch (do_enc_dec(expected, package->encdec_data_elem_size, package)) { + switch (do_enc_dec((EXPECTED *)&((unsigned char *)package + ->encdec_data)[pos], + package->encdec_data_elem_size, + package)) { case -1: - if (expected->success) { - TEST_error("Failed encode/decode round trip %u of %s", - i, package->name); - TEST_openssl_errors(); - fail++; - } + TEST_error("Failed encode/decode round trip %u of %s", + i, package->name); + TEST_openssl_errors(); + fail++; break; case 0: TEST_error("Encode/decode round trip %u of %s mismatch", diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c index 146d8a8994..865e058421 100644 --- a/test/asn1_internal_test.c +++ b/test/asn1_internal_test.c @@ -107,47 +107,9 @@ static int test_standard_methods(void) return 0; } -/********************************************************************** - * - * Test of that i2d fail on non-existing non-optional items - * - ***/ - -#include - -static int test_empty_nonoptional_content(void) -{ - RSA *rsa = NULL; - BIGNUM *n = NULL; - BIGNUM *e = NULL; - int ok = 0; - - if (!TEST_ptr(rsa = RSA_new()) - || !TEST_ptr(n = BN_new()) - || !TEST_ptr(e = BN_new()) - || !TEST_true(RSA_set0_key(rsa, n, e, NULL))) - goto end; - - n = e = NULL; /* They are now "owned" by |rsa| */ - - /* - * This SHOULD fail, as we're trying to encode a public key as a private - * key. The private key bits MUST be present for a proper RSAPrivateKey. - */ - if (TEST_int_le(i2d_RSAPrivateKey(rsa, NULL), 0)) - ok = 1; - - end: - RSA_free(rsa); - BN_free(n); - BN_free(e); - return ok; -} - int setup_tests(void) { ADD_TEST(test_tbl_standard); ADD_TEST(test_standard_methods); - ADD_TEST(test_empty_nonoptional_content); return 1; } From tomas at openssl.org Mon Aug 16 10:57:20 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 16 Aug 2021 10:57:20 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629111440.924701.7768.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 75a4f263ba9d3ec1e9d55ca5024aee62aec70475 (commit) from 33e8f03e98acdf3c505b2ee82dd7e595d11e3b6f (commit) - Log ----------------------------------------------------------------- commit 75a4f263ba9d3ec1e9d55ca5024aee62aec70475 Author: Todd Short Date: Fri Aug 13 09:59:59 2021 -0400 Fix potential double-free The `sk` variable is assigned to `s->session->peer_chain`. If `ssl3_digest_cached_records()` were to fail, then `sk` would still be non-NULL, and subsequently freed on the error return. When the session is freed, it will then attempt to free `s->session->peer_chain`, resulting in a double-free (of `sk`). Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16309) (cherry picked from commit 0449702abc95a3af24c049cb02c01ca6a8015cef) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 30d20f1297..d701c46b43 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3753,6 +3753,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; + sk = NULL; /* * Freeze the handshake buffer. For The branch master has been updated via 0449702abc95a3af24c049cb02c01ca6a8015cef (commit) from 0ec738433e522c96c7edfe4c9ffdc76d4dfef00a (commit) - Log ----------------------------------------------------------------- commit 0449702abc95a3af24c049cb02c01ca6a8015cef Author: Todd Short Date: Fri Aug 13 09:59:59 2021 -0400 Fix potential double-free The `sk` variable is assigned to `s->session->peer_chain`. If `ssl3_digest_cached_records()` were to fail, then `sk` would still be non-NULL, and subsequently freed on the error return. When the session is freed, it will then attempt to free `s->session->peer_chain`, resulting in a double-free (of `sk`). Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16309) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 2be50733fe..d0d8d26e11 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3556,6 +3556,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; + sk = NULL; /* * Freeze the handshake buffer. For The branch OpenSSL_1_1_1-stable has been updated via bc8c36272067f8443f875164831ce3a5a739df3f (commit) via 32f7f60ccae59c7027010ec0b54c118ade087a41 (commit) from 75a4f263ba9d3ec1e9d55ca5024aee62aec70475 (commit) - Log ----------------------------------------------------------------- commit bc8c36272067f8443f875164831ce3a5a739df3f Author: Ingo Franzki Date: Wed Aug 11 12:53:09 2021 +0200 Test EVP Cipher updating the context's IV Ensure that an EVP_CipherUpdate operation updates the context's IV for AES CBC, CFB, OFB, and CTR. An application can get the updated IV via EVP_CIPHER_CTX_iv(). The s390x implementation of the CFB and OFB ciphers did not update the IV in the context, but only within its s390x specific context data. Signed-off-by: Ingo Franzki Reviewed-by: Patrick Steuer Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16292) commit 32f7f60ccae59c7027010ec0b54c118ade087a41 Author: Ingo Franzki Date: Wed Aug 11 09:39:46 2021 +0200 s390x: AES OFB/CFB: Maintain running IV from cipher context Copy the current IV from the cipher context into the kmo/kmf param before the operation, and copy the modified IV back to the context afterwards. Without this, an application that obtains the running IV from the context would still get the original IV, but not the updated one. Signed-off-by: Ingo Franzki Reviewed-by: Patrick Steuer Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16292) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 12 ++++++ test/evp_extra_test.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index b5ea4032fd..73cadbf593 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1240,9 +1240,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); int n = cctx->res; int rem; + memcpy(cctx->kmo.param.cv, iv, ivlen); while (n && len) { *out = *in ^ cctx->kmo.param.cv[n]; n = (n + 1) & 0xf; @@ -1271,6 +1274,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } + memcpy(iv, cctx->kmo.param.cv, ivlen); cctx->res = n; return 1; } @@ -1311,10 +1315,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); int n = cctx->res; int rem; unsigned char tmp; + memcpy(cctx->kmf.param.cv, iv, ivlen); while (n && len) { tmp = *in; *out = cctx->kmf.param.cv[n] ^ tmp; @@ -1347,6 +1354,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } + memcpy(iv, cctx->kmf.param.cv, ivlen); cctx->res = n; return 1; } @@ -1382,8 +1390,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); + memcpy(cctx->kmf.param.cv, iv, ivlen); s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); + memcpy(iv, cctx->kmf.param.cv, ivlen); return 1; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 754b2d1bf1..16b3542efa 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -797,7 +797,116 @@ static int test_gcm_reinit(int idx) return testresult; } +typedef struct { + const char *cipher; + int enc; +} EVP_UPDATED_IV_TEST_st; + +static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { + { + "aes-128-cfb", 1 + }, + { + "aes-128-cfb", 0 + }, + { + "aes-128-cfb1", 1 + }, + { + "aes-128-cfb1", 0 + }, + { + "aes-128-cfb128", 1 + }, + { + "aes-128-cfb128", 0 + }, + { + "aes-128-cfb8", 1 + }, + { + "aes-128-cfb8", 0 + }, + { + "aes-128-ofb", 1 + }, + { + "aes-128-ofb", 0 + }, + { + "aes-128-ctr", 1 + }, + { + "aes-128-ctr", 0 + }, + { + "aes-128-cbc", 1 + }, + { + "aes-128-cbc", 0 + } +}; +/* + * Test that the IV in the context is updated during a crypto operation for CFB + * and OFB. + */ +static int test_evp_updated_iv(int idx) +{ + const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; + int outlen1, outlen2; + int testresult = 0; + unsigned char outbuf[1024]; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *type = NULL; + const unsigned char *updated_iv; + int iv_len; + char *errmsg = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { + errmsg = "CTX_ALLOC"; + goto err; + } + if ((type = EVP_get_cipherbyname(t->cipher)) == NULL) { + TEST_info("cipher %s not supported, skipping", t->cipher); + goto ok; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { + errmsg = "CIPHER_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { + errmsg = "PADDING"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { + errmsg = "CIPHER_UPDATE"; + goto err; + } + if (!TEST_ptr(updated_iv = EVP_CIPHER_CTX_iv(ctx))) { + errmsg = "CIPHER_CTX_IV"; + goto err; + } + if (!TEST_true(iv_len = EVP_CIPHER_CTX_iv_length(ctx))) { + errmsg = "CIPHER_CTX_IV_LEN"; + goto err; + } + if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { + errmsg = "IV_NOT_UPDATED"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL"; + goto err; + } + ok: + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + return testresult; +} static APK_DATA keydata[] = { {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, @@ -1690,6 +1799,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); + ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); return 1; } From tomas at openssl.org Mon Aug 16 11:03:13 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 16 Aug 2021 11:03:13 +0000 Subject: [openssl] master update Message-ID: <1629111793.481261.12185.nullmailer@dev.openssl.org> The branch master has been updated via f17e52778f1f7b2703de73e488e7f9229c11dce4 (commit) via c719ea171ce16a919014e5ca2f5217ae35219bdd (commit) from 0449702abc95a3af24c049cb02c01ca6a8015cef (commit) - Log ----------------------------------------------------------------- commit f17e52778f1f7b2703de73e488e7f9229c11dce4 Author: Ingo Franzki Date: Wed Aug 11 13:04:52 2021 +0200 Test EVP Cipher updating the context's IV Ensure that an EVP_CipherUpdate operation updates the context's IV for AES CBC, CFB, OFB, and CTR. An application can get the updated IV via EVP_CIPHER_CTX_iv(). The s390x implementation of the CFB and OFB ciphers in e_aes.c did not update the IV in the context, but only within its s390x specific context data. Signed-off-by: Ingo Franzki Reviewed-by: Patrick Steuer Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16291) commit c719ea171ce16a919014e5ca2f5217ae35219bdd Author: Ingo Franzki Date: Wed Aug 11 09:39:46 2021 +0200 s390x: AES OFB/CFB: Maintain running IV from cipher context Copy the current IV from the cipher context into the kmo/kmf param before the operation, and copy the modified IV back to the context afterwards. Without this, an application that obtains the running IV from the context would still get the original IV, but not the updated one. This implementation in e_aes.c now matches the code in cipher_aes_hw_s390x.inc that is used for the provider implementation. Signed-off-by: Ingo Franzki Reviewed-by: Patrick Steuer Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16291) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 12 ++++++ test/evp_extra_test.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 6d5506056e..52b9e87c1e 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1010,9 +1010,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); + const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); int n = cctx->res; int rem; + memcpy(cctx->kmo.param.cv, iv, ivlen); while (n && len) { *out = *in ^ cctx->kmo.param.cv[n]; n = (n + 1) & 0xf; @@ -1041,6 +1044,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } + memcpy(iv, cctx->kmo.param.cv, ivlen); cctx->res = n; return 1; } @@ -1071,10 +1075,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); + const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); int n = cctx->res; int rem; unsigned char tmp; + memcpy(cctx->kmf.param.cv, iv, ivlen); while (n && len) { tmp = *in; *out = cctx->kmf.param.cv[n] ^ tmp; @@ -1107,6 +1114,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } + memcpy(iv, cctx->kmf.param.cv, ivlen); cctx->res = n; return 1; } @@ -1134,8 +1142,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); + const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); + memcpy(cctx->kmf.param.cv, iv, ivlen); s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); + memcpy(iv, cctx->kmf.param.cv, ivlen); return 1; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 418b467f52..bc02cea95d 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -3333,6 +3333,113 @@ static int test_evp_reset(int idx) return testresult; } +typedef struct { + const char *cipher; + int enc; +} EVP_UPDATED_IV_TEST_st; + +static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { + { + "aes-128-cfb", 1 + }, + { + "aes-128-cfb", 0 + }, + { + "aes-128-cfb1", 1 + }, + { + "aes-128-cfb1", 0 + }, + { + "aes-128-cfb8", 1 + }, + { + "aes-128-cfb8", 0 + }, + { + "aes-128-ofb", 1 + }, + { + "aes-128-ofb", 0 + }, + { + "aes-128-ctr", 1 + }, + { + "aes-128-ctr", 0 + }, + { + "aes-128-cbc", 1 + }, + { + "aes-128-cbc", 0 + } +}; + +/* + * Test that the IV in the context is updated during a crypto operation for CFB + * and OFB. + */ +static int test_evp_updated_iv(int idx) +{ + const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; + int outlen1, outlen2; + int testresult = 0; + unsigned char outbuf[1024]; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *type = NULL; + unsigned char updated_iv[EVP_MAX_IV_LENGTH]; + int iv_len; + char *errmsg = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { + errmsg = "CTX_ALLOC"; + goto err; + } + if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { + TEST_info("cipher %s not supported, skipping", t->cipher); + goto ok; + } + + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { + errmsg = "CIPHER_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { + errmsg = "PADDING"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { + errmsg = "CIPHER_UPDATE"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { + errmsg = "CIPHER_CTX_GET_UPDATED_IV"; + goto err; + } + if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) { + errmsg = "CIPHER_CTX_GET_IV_LEN"; + goto err; + } + if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { + errmsg = "IV_NOT_UPDATED"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL"; + goto err; + } + ok: + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(type); + return testresult; +} + typedef struct { const unsigned char *iv1; const unsigned char *iv2; @@ -3851,6 +3958,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); + ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_ALL_TESTS(test_custom_pmeth, 12); From scan-admin at coverity.com Tue Aug 17 07:49:46 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 17 Aug 2021 07:49:46 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <611b6a1a7d894_223df92b04f4f21998396cc@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DwIAA_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFPfq2pMxxuFKUfF1RB-2F5Bb7uFGN2lJaozUCXAyzfVXAjrLQmdi6B44X7dpzGgdNFLwi1IUlEIf3m22FMoESe0vxN0-2BDg7MbWFcDurljzTJfmGw0DDlKw3U5cdtBtB1TQXTJNBD7tjkvI6Bd8vMcW4Jns8k-2FaDxQie97DQek9hY-2BQwfw9dWNooht2jMiZkhimM-3D Build ID: 402803 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Tue Aug 17 07:57:22 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 17 Aug 2021 07:57:22 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <611b6be1a3c75_2240b32b04f4f219983966c@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DV0zs_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEIQP3LAo9HWdTjzEl7G1KKHu12R-2BuSf2-2FbMm7nd-2BolvL8xuvctQIXvq8lMnlm2kePcscHaDxsb5KuyMItWWxfhH4AcEHpH7Xfiue3Lr1GCWxpx2ecCd24MiAWFznyafHay8ldtc79gx2JMU1Etjq67-2F8qPE6bf4NTHqKJIescWv-2F-2BJ4ZbpKdkwd-2FB8o5NYPu0-3D Build ID: 402806 Analysis Summary: New defects found: 0 Defects eliminated: 0 From levitte at openssl.org Tue Aug 17 11:51:16 2021 From: levitte at openssl.org (Richard Levitte) Date: Tue, 17 Aug 2021 11:51:16 +0000 Subject: [openssl] master update Message-ID: <1629201076.644876.27808.nullmailer@dev.openssl.org> The branch master has been updated via 43cf27c9a4fe135013dd4127dd4bcf862d1cb503 (commit) from f17e52778f1f7b2703de73e488e7f9229c11dce4 (commit) - Log ----------------------------------------------------------------- commit 43cf27c9a4fe135013dd4127dd4bcf862d1cb503 Author: Richard Levitte Date: Mon Aug 16 12:14:30 2021 +0200 Correct UTF8 params documentation further The latest change misdocumented OSSL_PARAM_get_utf8_string(), that change should have been for OSSL_PARAM_set_utf8_string(). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16318) ----------------------------------------------------------------------- Summary of changes: doc/man3/OSSL_PARAM_int.pod | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 8dbe830e95..69b723d348 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -241,15 +241,20 @@ will be assigned the size the parameter's I buffer should have. OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter pointed to by I

. The string is stored into I<*val> with a size limit of I, -which must be large enough to accomodate the string. A terminating NUL byte -is added only if the buffer is longer than the string length otherwise the -string will not be NUL terminated. +which must be large enough to accomodate a terminating NUL byte, +otherwise this function will fail. If I<*val> is NULL, memory is allocated for the string (including the terminating NUL byte) and I is ignored. If memory is allocated by this function, it must be freed by the caller. OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to by I

These options specify alternative sections to include certificate -extensions (if the B<-x509> option is present) or certificate -request extensions. This allows several different sections to +extensions (if B<-x509> is in use) or certificate request extensions. +This allows several different sections to be used in the same configuration file to specify requests for a variety of purposes. @@ -399,7 +401,8 @@ The options available are described in detail below. =over 4 -=item B +=item B +=item B The passwords for the input private key file (if present) and the output private key file (if one will be created). The @@ -479,8 +482,8 @@ extension section format. =item B This specifies the configuration file section containing a list of -extensions to add to certificate generated when the B<-x509> switch -is used. It can be overridden by the B<-extensions> command line switch. +extensions to add to certificate generated when B<-x509> is in use. +It can be overridden by the B<-extensions> command line switch. =item B From openssl at openssl.org Thu Aug 26 22:58:54 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 26 Aug 2021 22:58:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options enable-fuzz-afl no-shared no-module Message-ID: <1630018734.088228.344118.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config enable-fuzz-afl no-shared no-module Commit log since last time: 4fdb0d2535 APPS/req: Fix AKID generation in case -CA option is used f2b6edcfdd APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509 b4fec69b2a APPS/x509: fix -extfile option, which was ignored with -x509toreq 78539b250b EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls 62bae84d45 ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint a291cfdfde doc: document the rsa_oaep_md: pkeyopt 9698a56e82 aes-wrap: improve error handling 31656f2785 Add invalid input length error Build log ended with (last 100 lines): # SSL_accept() failed -1, 1 # 40E72202447F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40E72202447F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40E72202447F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685:Field=session_id, Type=SSL_SESSION_ASN1 # 40E72202447F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 40E72202447F0000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1584:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9260 # false # OPENSSL_TEST_RAND_ORDER=1630016453 not ok 372 - iteration 7 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1630016453 not ok 74 - test_dh_auto # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 40E72202447F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40E72202447F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40E72202447F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685: # 40E72202447F0000:error:0688010A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:537:Field=session_id_context, Type=SSL_SESSION_ASN1 # 40E72202447F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:1004 # No progress made # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9315 # false # OPENSSL_TEST_RAND_ORDER=1630016453 not ok 75 - test_sni_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/8E9rTQ5kmR default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 32. # Looks like you failed 1 test of 1.90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 7168 Tests: 30 Failed: 28) Failed tests: 1-21, 23-28, 30 Non-zero exit status: 28 20-test_spkac.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 2, 4 Non-zero exit status: 2 25-test_crl.t (Wstat: 256 Tests: 10 Failed: 1) Failed test: 3 Non-zero exit status: 1 25-test_sid.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 2 Non-zero exit status: 1 65-test_cmp_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_asyncio.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_clienthello.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_recordlen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_servername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ca.t (Wstat: 256 Tests: 15 Failed: 1) Failed test: 5 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_pkcs12.t (Wstat: 768 Tests: 13 Failed: 3) Failed tests: 1-3 Non-zero exit status: 3 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_v3name.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_old.t (Wstat: 1024 Tests: 6 Failed: 4) Failed tests: 3-6 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=240, Tests=2835, 259 wallclock secs (14.47 usr 1.76 sys + 897.39 cusr 67.76 csys = 981.38 CPU) Result: FAIL make[1]: *** [Makefile:2579: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2575: tests] Error 2 From pauli at openssl.org Fri Aug 27 00:15:30 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 27 Aug 2021 00:15:30 +0000 Subject: [openssl] master update Message-ID: <1630023330.051669.23171.nullmailer@dev.openssl.org> The branch master has been updated via 194fcc9ae09ea7cbe0b3b60c67061e51bb24de79 (commit) via f38af1258561eb0213b344c607037a528136099f (commit) via 6f25d3c47995c6e4948212950566dfbe541904df (commit) from 4fdb0d2535323373650bd68e7a659f9320828857 (commit) - Log ----------------------------------------------------------------- commit 194fcc9ae09ea7cbe0b3b60c67061e51bb24de79 Author: Matt Caswell Date: Wed Aug 25 14:39:29 2021 +0100 Add a test for running the config twice Make sure there are no leaks from running the config file twice. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16425) commit f38af1258561eb0213b344c607037a528136099f Author: Matt Caswell Date: Tue Aug 24 17:41:39 2021 +0100 Add locking for the provider_conf.c Avoid races where 2 threads attempt to configure activation of providers at the same time. E.g. via an explicit and an implict load of the config file at the same time. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16425) commit 6f25d3c47995c6e4948212950566dfbe541904df Author: Matt Caswell Date: Tue Aug 17 10:32:49 2021 +0100 When activating providers via config check we've not already activated them We skip the activation if we already configured them. Fixes #16250 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16425) ----------------------------------------------------------------------- Summary of changes: crypto/provider_conf.c | 106 +++++++++++++++++++++++++------------ test/build.info | 6 ++- test/prov_config_test.c | 61 +++++++++++++++++++++ test/recipes/30-test_prov_config.t | 32 +++++++++++ 4 files changed, 170 insertions(+), 35 deletions(-) create mode 100644 test/prov_config_test.c create mode 100644 test/recipes/30-test_prov_config.t diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index fe66e1158e..da3796d914 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "internal/provider.h" #include "internal/cryptlib.h" #include "provider_local.h" @@ -21,6 +22,7 @@ DEFINE_STACK_OF(OSSL_PROVIDER) /* PROVIDER config module */ typedef struct { + CRYPTO_RWLOCK *lock; STACK_OF(OSSL_PROVIDER) *activated_providers; } PROVIDER_CONF_GLOBAL; @@ -31,6 +33,12 @@ static void *prov_conf_ossl_ctx_new(OSSL_LIB_CTX *libctx) if (pcgbl == NULL) return NULL; + pcgbl->lock = CRYPTO_THREAD_lock_new(); + if (pcgbl->lock == NULL) { + OPENSSL_free(pcgbl); + return NULL; + } + return pcgbl; } @@ -42,6 +50,7 @@ static void prov_conf_ossl_ctx_free(void *vpcgbl) ossl_provider_free); OSSL_TRACE(CONF, "Cleaned up providers\n"); + CRYPTO_THREAD_lock_free(pcgbl->lock); OPENSSL_free(pcgbl); } @@ -107,6 +116,26 @@ static int provider_conf_params(OSSL_PROVIDER *prov, return ok; } +static int prov_already_activated(const char *name, + STACK_OF(OSSL_PROVIDER) *activated) +{ + int i, max; + + if (activated == NULL) + return 0; + + max = sk_OSSL_PROVIDER_num(activated); + for (i = 0; i < max; i++) { + OSSL_PROVIDER *tstprov = sk_OSSL_PROVIDER_value(activated, i); + + if (strcmp(OSSL_PROVIDER_get0_name(tstprov), name) == 0) { + return 1; + } + } + + return 0; +} + static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, const char *value, const CONF *cnf) { @@ -156,46 +185,55 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, } if (activate) { - /* - * There is an attempt to activate a provider, so we should disable - * loading of fallbacks. Otherwise a misconfiguration could mean the - * intended provider does not get loaded. Subsequent fetches could then - * fallback to the default provider - which may be the wrong thing. - */ - if (!ossl_provider_disable_fallback_loading(libctx)) { + if (!CRYPTO_THREAD_write_lock(pcgbl->lock)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); return 0; } - prov = ossl_provider_find(libctx, name, 1); - if (prov == NULL) - prov = ossl_provider_new(libctx, name, NULL, 1); - if (prov == NULL) { - if (soft) - ERR_clear_error(); - return 0; - } - - if (path != NULL) - ossl_provider_set_module_path(prov, path); - - ok = provider_conf_params(prov, NULL, NULL, value, cnf); + if (!prov_already_activated(name, pcgbl->activated_providers)) { + /* + * There is an attempt to activate a provider, so we should disable + * loading of fallbacks. Otherwise a misconfiguration could mean the + * intended provider does not get loaded. Subsequent fetches could + * then fallback to the default provider - which may be the wrong + * thing. + */ + if (!ossl_provider_disable_fallback_loading(libctx)) { + CRYPTO_THREAD_unlock(pcgbl->lock); + ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); + return 0; + } + prov = ossl_provider_find(libctx, name, 1); + if (prov == NULL) + prov = ossl_provider_new(libctx, name, NULL, 1); + if (prov == NULL) { + CRYPTO_THREAD_unlock(pcgbl->lock); + if (soft) + ERR_clear_error(); + return 0; + } - if (ok) { - if (!ossl_provider_activate(prov, 1, 0)) { - ok = 0; - } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { - ossl_provider_deactivate(prov); - ok = 0; - } else { - if (pcgbl->activated_providers == NULL) - pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); - sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual); - ok = 1; + if (path != NULL) + ossl_provider_set_module_path(prov, path); + + ok = provider_conf_params(prov, NULL, NULL, value, cnf); + + if (ok) { + if (!ossl_provider_activate(prov, 1, 0)) { + ok = 0; + } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { + ossl_provider_deactivate(prov); + ok = 0; + } else { + if (pcgbl->activated_providers == NULL) + pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); + sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual); + ok = 1; + } } + if (!ok) + ossl_provider_free(prov); } - - if (!ok) - ossl_provider_free(prov); + CRYPTO_THREAD_unlock(pcgbl->lock); } else { OSSL_PROVIDER_INFO entry; diff --git a/test/build.info b/test/build.info index af21e03255..dab5af4ebe 100644 --- a/test/build.info +++ b/test/build.info @@ -57,7 +57,7 @@ IF[{- !$disabled{tests} -}] context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test hexstr_test provider_status_test defltfips_test \ bio_readbuffer_test user_property_test pkcs7_test upcallstest \ - provfetchtest + provfetchtest prov_config_test IF[{- !$disabled{'deprecated-3.0'} -}] PROGRAMS{noinst}=enginetest @@ -176,6 +176,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[provfetchtest]=../include ../apps/include DEPEND[provfetchtest]=../libcrypto.a libtestutil.a + SOURCE[prov_config_test]=prov_config_test.c + INCLUDE[prov_config_test]=../include ../apps/include + DEPEND[prov_config_test]=../libcrypto.a libtestutil.a + SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c INCLUDE[evp_pkey_provided_test]=../include ../apps/include DEPEND[evp_pkey_provided_test]=../libcrypto.a libtestutil.a diff --git a/test/prov_config_test.c b/test/prov_config_test.c new file mode 100644 index 0000000000..4b04211fa4 --- /dev/null +++ b/test/prov_config_test.c @@ -0,0 +1,61 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "testutil.h" + +static char *configfile = NULL; + +/* + * Test to make sure there are no leaks or failures from loading the config + * file twice. + */ +static int test_double_config(void) +{ + OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); + int testresult = 0; + EVP_MD *sha256 = NULL; + + if (!TEST_ptr(configfile)) + return 0; + if (!TEST_ptr(ctx)) + return 0; + + if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) + return 0; + if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) + return 0; + + /* Check we can actually fetch something */ + sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); + if (!TEST_ptr(sha256)) + goto err; + + testresult = 1; + err: + EVP_MD_free(sha256); + OSSL_LIB_CTX_free(ctx); + return testresult; +} + +OPT_TEST_DECLARE_USAGE("configfile\n") + +int setup_tests(void) +{ + if (!test_skip_common_options()) { + TEST_error("Error parsing test options\n"); + return 0; + } + + if (!TEST_ptr(configfile = test_get_argument(0))) + return 0; + + ADD_TEST(test_double_config); + return 1; +} diff --git a/test/recipes/30-test_prov_config.t b/test/recipes/30-test_prov_config.t new file mode 100644 index 0000000000..f97a26dbe9 --- /dev/null +++ b/test/recipes/30-test_prov_config.t @@ -0,0 +1,32 @@ +#! /usr/bin/env perl +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; +use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir/; +use OpenSSL::Test::Utils; + +BEGIN { +setup("test_prov_config"); +} + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); + +plan tests => 2; + +ok(run(test(["prov_config_test", srctop_file("test", "default.cnf")])), + "running prov_config_test default.cnf"); +SKIP: { + skip "Skipping FIPS test in this build", 1 if $no_fips; + + ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf")])), + "running prov_config_test fips.cnf"); +} From pauli at openssl.org Fri Aug 27 00:20:28 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 27 Aug 2021 00:20:28 +0000 Subject: [openssl] master update Message-ID: <1630023628.240161.26110.nullmailer@dev.openssl.org> The branch master has been updated via 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 (commit) from 194fcc9ae09ea7cbe0b3b60c67061e51bb24de79 (commit) - Log ----------------------------------------------------------------- commit 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 Author: Tomas Mraz Date: Wed Aug 25 17:06:47 2021 +0200 doc: Add note about operation parameters validation Fixes #16394 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16424) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 11 +++++++++++ doc/man7/migration_guide.pod | 12 ++++++++++++ 2 files changed, 23 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index ac10632734..5b16e34dd5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,17 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Due to move of the implementation of cryptographic operations + to the providers, validation of various operation parameters can + be postponed until the actual operation is executed where previously + it happened immediately when an operation parameter was set. + + For example when setting an unsupported curve with + EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not + fail but later keygen operations with the EVP_PKEY_CTX will fail. + + *OpenSSL team members and many third party contributors* + * On build targets where the multilib postfix is set in the build configuration the libdir directory was changing based on whether the lib directory with the multilib postfix exists on the system diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 7e0bbf465d..02d2327ee2 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -440,6 +440,18 @@ If using a cipher from a provider the B flag can only be set B the cipher has been assigned to the cipher context. See L for more information. +=head4 Validation of operation context parameters + +Due to move of the implementation of cryptographic operations to the +providers, validation of various operation parameters can be postponed until +the actual operation is executed where previously it happened immediately +when an operation parameter was set. + +For example when setting an unsupported curve with +EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail +but later keygen operations with the EVP_PKEY_CTX will fail. + + =head2 Installation and Compilation Please refer to the INSTALL.md file in the top of the distribution for From tomas at openssl.org Fri Aug 27 06:51:45 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 27 Aug 2021 06:51:45 +0000 Subject: [openssl] master update Message-ID: <1630047105.282923.19925.nullmailer@dev.openssl.org> The branch master has been updated via c023d98dcf2ba1cc30f545ae54d0e037e80a8794 (commit) from 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 (commit) - Log ----------------------------------------------------------------- commit c023d98dcf2ba1cc30f545ae54d0e037e80a8794 Author: David Carlier Date: Wed Aug 25 08:54:38 2021 +0100 Darwin platform allows to build on releases before Yosemite/ios 8. backport #16409 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16418) ----------------------------------------------------------------------- Summary of changes: include/crypto/rand.h | 10 ++++++++++ providers/implementations/rands/seeding/rand_unix.c | 6 +----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/include/crypto/rand.h b/include/crypto/rand.h index d9432b241d..ac41a9f62b 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -22,6 +22,16 @@ # include # include "crypto/rand_pool.h" +# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) +# include +# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \ + (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) +# define OPENSSL_APPLE_CRYPTO_RANDOM 1 +# include +# include +# endif +# endif + /* * Defines related to seed sources */ diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index 5048383077..750afca58e 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -40,10 +40,6 @@ # include # include #endif -#if defined(__APPLE__) -# include -# include -#endif #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ || defined(__DJGPP__) @@ -370,7 +366,7 @@ static ssize_t syscall_random(void *buf, size_t buflen) if (errno != ENOSYS) return -1; } -# elif defined(__APPLE__) +# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) return (ssize_t)buflen; From tomas at openssl.org Fri Aug 27 06:53:23 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 27 Aug 2021 06:53:23 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630047203.092428.22275.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 96ac8f13f4d0ee96baf5724d9f96c44c34b8606c (commit) from 15d1ddde5de9d28b671d3f6fe8757f4b87e67821 (commit) - Log ----------------------------------------------------------------- commit 96ac8f13f4d0ee96baf5724d9f96c44c34b8606c Author: David Carlier Date: Tue Aug 24 22:40:14 2021 +0100 Darwin platform allows to build on releases before Yosemite/ios 8. issue #16407 #16408 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16409) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 5 +---- include/crypto/rand.h | 10 ++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 43f1069d15..0f4525106a 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -34,9 +34,6 @@ #if defined(__OpenBSD__) # include #endif -#if defined(__APPLE__) -# include -#endif #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) # include @@ -381,7 +378,7 @@ static ssize_t syscall_random(void *buf, size_t buflen) if (errno != ENOSYS) return -1; } -# elif defined(__APPLE__) +# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) return (ssize_t)buflen; diff --git a/include/crypto/rand.h b/include/crypto/rand.h index 5350d3a931..674f840fd1 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -20,6 +20,16 @@ # include +# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) +# include +# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \ + (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) +# define OPENSSL_APPLE_CRYPTO_RANDOM 1 +# include +# include +# endif +# endif + /* forward declaration */ typedef struct rand_pool_st RAND_POOL; From tomas at openssl.org Fri Aug 27 07:21:39 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 27 Aug 2021 07:21:39 +0000 Subject: [openssl] master update Message-ID: <1630048899.547147.3912.nullmailer@dev.openssl.org> The branch master has been updated via 597d24e2ab395991cb2048529714ea534c173591 (commit) from c023d98dcf2ba1cc30f545ae54d0e037e80a8794 (commit) - Log ----------------------------------------------------------------- commit 597d24e2ab395991cb2048529714ea534c173591 Author: Xiaofei Bai Date: Wed Aug 18 07:57:26 2021 +0000 Fix libdir path on darwin In current Configure script, libdir can be specified either an absolute path or relative, while in Configurations/shared-info.pl, on darwin system "-install_name" only accepts relative libdir path, and the program fails when receiving absolute libdir path. This PR is to fix this and match requirements of scripts. Reviewed-by: Paul Dale Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16393) ----------------------------------------------------------------------- Summary of changes: Configurations/shared-info.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index 2b236b4b9b..abf2d98dcc 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -43,7 +43,7 @@ my %shared_info; 'darwin-shared' => { module_ldflags => '-bundle', shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)', - shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/', + shared_sonameflag => '-install_name $(libdir)/', }, 'cygwin-shared' => { shared_ldflag => '-shared -Wl,--enable-auto-image-base', From tomas at openssl.org Fri Aug 27 07:24:59 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 27 Aug 2021 07:24:59 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630049099.824105.7220.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 58e1e397c6774be11b903c0f88e85bd2b8c4206f (commit) from 96ac8f13f4d0ee96baf5724d9f96c44c34b8606c (commit) - Log ----------------------------------------------------------------- commit 58e1e397c6774be11b903c0f88e85bd2b8c4206f Author: zhaozg Date: Tue Aug 24 22:43:18 2021 +0800 cms: fix memleaks in cms_env.c CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16403) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_env.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 04940146fd..fe078f1a7f 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -737,6 +737,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, goto err; } + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = ukey; ec->keylen = ukeylen; From tomas at openssl.org Fri Aug 27 07:26:21 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 27 Aug 2021 07:26:21 +0000 Subject: [openssl] master update Message-ID: <1630049181.628948.8220.nullmailer@dev.openssl.org> The branch master has been updated via 5327da81f0c70e35bdd8860af9af351313ca4ae2 (commit) from 597d24e2ab395991cb2048529714ea534c173591 (commit) - Log ----------------------------------------------------------------- commit 5327da81f0c70e35bdd8860af9af351313ca4ae2 Author: zhaozg Date: Tue Aug 24 22:43:18 2021 +0800 cms: fix memleaks in cms_env.c CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16403) (cherry picked from commit 58e1e397c6774be11b903c0f88e85bd2b8c4206f) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_env.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 673880f6d9..51a1d7df84 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -951,6 +951,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, } ukeylen += outlen; + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = ukey; ec->keylen = ukeylen; From scan-admin at coverity.com Fri Aug 27 07:49:13 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 27 Aug 2021 07:49:13 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <612898f92ad5e_33c8552b0a45dc19a8275@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Ds0hW_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFw9hoc7L3MPZ0s-2F9YLI8t7jESA4FaBdvaFi-2B95Ops6bokcGqTHh5oXKFYacrbjpPGYrkgp-2B17k4-2FD9Iy7W3dnCUwWWm7q8hvptYJ3Rtvh1pPK4PmsnaQcZ1tBqN0EFyYeTjdz-2BWxD7ZbhHEw1je6tHWthzYtOlm11C7vVBXDNG78A2WugNhkqCOaq0YP-2BCeGc-3D Build ID: 404476 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Fri Aug 27 07:54:02 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 27 Aug 2021 07:54:02 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <61289a1968c02_33c9ee2b0a45dc19a82e2@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DeB4-_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGHWcqansoMnY0DK6-2FNqpICvGh9uMQ5h1a-2FE9Q7XEbhxwVUHEP-2BfZpjlKWVop-2FTXzAVnNi95Xc3NmLbGbx2keAkbjmSdQcBA6SDnA8p8A6VsYvHfiF8W5SPSaobFE4TOwdf-2BTBA1PSsavnF9gcP59dpoI8KYO3LfJZzNv-2FTW-2FSWLmM-2FKvn2Fuh2uciWpUu0qTY-3D Build ID: 404480 Analysis Summary: New defects found: 0 Defects eliminated: 0 From matt at openssl.org Fri Aug 27 08:38:58 2021 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Aug 2021 08:38:58 +0000 Subject: [web] master update Message-ID: <1630053538.441902.12977.nullmailer@dev.openssl.org> The branch master has been updated via 0374f7e7bd8802894fee0c15c474bd20e04f5731 (commit) from bac471c10fd4ed7b906de2a525ccd14e88bb15fb (commit) - Log ----------------------------------------------------------------- commit 0374f7e7bd8802894fee0c15c474bd20e04f5731 Author: Oleg Pekar Date: Fri Aug 27 00:15:52 2021 +0300 Update vulnerabilities.xml CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/253) ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index bc380b1..a4211ca 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -94,7 +94,7 @@ heap allocated. - + From nic.tuv at gmail.com Fri Aug 27 11:55:50 2021 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Fri, 27 Aug 2021 11:55:50 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630065350.665879.3779.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e93a82da60f52e6fc799323b99499ee51e8c7215 (commit) from 58e1e397c6774be11b903c0f88e85bd2b8c4206f (commit) - Log ----------------------------------------------------------------- commit e93a82da60f52e6fc799323b99499ee51e8c7215 Author: Bernd Edlinger Date: Wed Aug 25 14:30:12 2021 +0200 Fix instances of pointer addition with the NULL pointer ubsan found undefined pointer addtions in crypto/bio/bss_mem.c (mem_ctrl), crypto/pem/pem_lib.c (PEM_read_bio_ex), test/testutil/format_output.c (test_fail_string_common, test_fail_memory_common). Mostly a straight back-port-of: a07dc81 Additionally enable the ubsan run-checker, to prevent regressions. Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/16423) ----------------------------------------------------------------------- Summary of changes: .github/workflows/run-checker-merge.yml | 3 +-- crypto/bio/bss_mem.c | 2 +- crypto/pem/pem_lib.c | 23 +++++++++++++---------- test/testutil/format_output.c | 12 ++++++++---- 4 files changed, 23 insertions(+), 17 deletions(-) diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index 29419a2396..ff2d666b6d 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -16,8 +16,7 @@ jobs: no-engine no-shared, no-err, no-filenames, -# ubsan build is temporarily disabled, due to failures to be investigated separately -# enable-ubsan no-asm -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, + enable-ubsan no-asm -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, no-unit-test, enable-weak-ssl-ciphers, enable-zlib, diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 7cb4a57813..14bfd00173 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -280,7 +280,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)bm->length; if (ptr != NULL) { pptr = (char **)ptr; - *pptr = (char *)&(bm->data[0]); + *pptr = (char *)bm->data; } break; case BIO_C_SET_BUF_MEM: diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index a26322119a..92dcd90a7f 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -899,18 +899,13 @@ err: int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, unsigned char **data, long *len_out, unsigned int flags) { - EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + EVP_ENCODE_CTX *ctx = NULL; const BIO_METHOD *bmeth; BIO *headerB = NULL, *dataB = NULL; char *name = NULL; int len, taillen, headerlen, ret = 0; BUF_MEM * buf_mem; - if (ctx == NULL) { - PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); - return 0; - } - *len_out = 0; *name_out = *header = NULL; *data = NULL; @@ -933,9 +928,20 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, if (!get_header_and_data(bp, &headerB, &dataB, name, flags)) goto end; - EVP_DecodeInit(ctx); BIO_get_mem_ptr(dataB, &buf_mem); len = buf_mem->length; + + /* There was no data in the PEM file */ + if (len == 0) + goto end; + + ctx = EVP_ENCODE_CTX_new(); + if (ctx == NULL) { + PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); + goto end; + } + + EVP_DecodeInit(ctx); if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len, (unsigned char*)buf_mem->data, len) < 0 || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]), @@ -946,9 +952,6 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, len += taillen; buf_mem->length = len; - /* There was no data in the PEM file; avoid malloc(0). */ - if (len == 0) - goto end; headerlen = BIO_get_mem_data(headerB, NULL); *header = pem_malloc(headerlen + 1, flags); *data = pem_malloc(len, flags); diff --git a/test/testutil/format_output.c b/test/testutil/format_output.c index 6ee2a1d266..f42141fd8d 100644 --- a/test/testutil/format_output.c +++ b/test/testutil/format_output.c @@ -107,8 +107,10 @@ static void test_fail_string_common(const char *prefix, const char *file, if (diff && i > 0) test_printf_stderr("% 4s %s\n", "", bdiff); } - m1 += n1; - m2 += n2; + if (m1 != NULL) + m1 += n1; + if (m2 != NULL) + m2 += n2; l1 -= n1; l2 -= n2; cnt += width; @@ -495,8 +497,10 @@ static void test_fail_memory_common(const char *prefix, const char *file, if (diff && i > 0) test_printf_stderr("% 4s %s\n", "", bdiff); } - m1 += n1; - m2 += n2; + if (m1 != NULL) + m1 += n1; + if (m2 != NULL) + m2 += n2; l1 -= n1; l2 -= n2; cnt += bytes; From bernd.edlinger at hotmail.de Sat Aug 28 05:23:24 2021 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 28 Aug 2021 05:23:24 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630128204.390148.12078.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 876b7e97b848ba179c1dbe4a4a265dfffae0eba6 (commit) from e93a82da60f52e6fc799323b99499ee51e8c7215 (commit) - Log ----------------------------------------------------------------- commit 876b7e97b848ba179c1dbe4a4a265dfffae0eba6 Author: Bernd Edlinger Date: Thu Aug 26 20:10:16 2021 +0200 Fix enable-asan with C++ buildtest the following config: ./config no-shared enable-asan enable-buildtest-c++ enable-external-tests fails to build with unresolved asan symbols when linking test/ossl_shim/ossl_shim Fixed by passing all sanitizer-flags to cxxflags. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16434) ----------------------------------------------------------------------- Summary of changes: Configure | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Configure b/Configure index b286dd0678..faf57b155a 100755 --- a/Configure +++ b/Configure @@ -1304,16 +1304,19 @@ if ($disabled{"dynamic-engine"}) { unless ($disabled{asan}) { push @{$config{cflags}}, "-fsanitize=address"; + push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX}; } unless ($disabled{ubsan}) { # -DPEDANTIC or -fnosanitize=alignment may also be required on some # platforms. push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; + push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" if $config{CXX}; } unless ($disabled{msan}) { push @{$config{cflags}}, "-fsanitize=memory"; + push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX}; } unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} From scan-admin at coverity.com Sat Aug 28 07:52:40 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 28 Aug 2021 07:52:40 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6129eb47a7d94_3580792aba18061998489ec@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DpZvS_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFP9ueB6lSO4tGU1yxYpTB5EZV2ogrqk2D-2BM-2FQOluNeEQ8XZSSNWQ71fPawDVWxPjJBQygpLn0XIYwFP62zOi624zX-2B4lUNb1I8gxUieg3IG7VukTKsTfXF5bM7mY4bhTYrIrSrUpTtPNuLxHhTxbDpS9RCupgr4FuEbUU2lC4ZwerjtAtqiHRraJNR3Lunyv0-3D Build ID: 404632 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sat Aug 28 07:53:01 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 28 Aug 2021 07:53:01 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6129eb5d3dd31_3580af2aba1806199848922@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DC4pq_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGlaE244uFVxusbb36c6-2FD9Azng4wP6l2mYCFO6g9f6Hbup-2BsZztOy3ozTNYjjygtgeNf7JJmulRbzclkR0NNYIt-2FVDlCvFcaL0Ccnq-2FJNw6Irilo1NqnAThfHgZTI-2FqgHG2C7mqKitQfgO4w7moQDBqhpF-2BB94NPgxhNDk7f-2FfChM9smfiyvOFBCSanxOFzTU-3D Build ID: 404633 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Sat Aug 28 09:13:09 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sat, 28 Aug 2021 09:13:09 +0000 Subject: [openssl] master update Message-ID: <1630141989.664360.6234.nullmailer@dev.openssl.org> The branch master has been updated via 20b39175b59b5ae83223bbb9f743c73ae822d681 (commit) from 5327da81f0c70e35bdd8860af9af351313ca4ae2 (commit) - Log ----------------------------------------------------------------- commit 20b39175b59b5ae83223bbb9f743c73ae822d681 Author: Rich Salz Date: Thu Aug 26 16:03:15 2021 -0400 Yet another doc-nits fix Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16436) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-req.pod.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 9926901571..e78b04c65b 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -401,8 +401,7 @@ The options available are described in detail below. =over 4 -=item B -=item B +=item B, B The passwords for the input private key file (if present) and the output private key file (if one will be created). The From bernd.edlinger at hotmail.de Sat Aug 28 14:46:58 2021 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 28 Aug 2021 14:46:58 +0000 Subject: [openssl] master update Message-ID: <1630162018.652510.8996.nullmailer@dev.openssl.org> The branch master has been updated via cce935b23ce2f7942e2ef4368dd93b60e21d3d83 (commit) from 20b39175b59b5ae83223bbb9f743c73ae822d681 (commit) - Log ----------------------------------------------------------------- commit cce935b23ce2f7942e2ef4368dd93b60e21d3d83 Author: Bernd Edlinger Date: Fri Aug 27 13:11:39 2021 +0200 Fix the "Out of memory" EVP KDF scrypt test This test did not really execute, since usually the OPENSSL_malloc(0) will fail and prevent the execution of the KDF. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16444) ----------------------------------------------------------------------- Summary of changes: test/evp_test.c | 4 ++-- test/recipes/30-test_evp_data/evpkdf_scrypt.txt | 2 +- test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index 0009cae442..075abc5ad9 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2664,7 +2664,7 @@ static int kdf_test_run(EVP_TEST *t) t->err = "KDF_CTRL_ERROR"; return 1; } - if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { t->err = "INTERNAL_ERROR"; goto err; } @@ -2760,7 +2760,7 @@ static int pkey_kdf_test_run(EVP_TEST *t) unsigned char *got = NULL; size_t got_len = expected->output_len; - if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { t->err = "INTERNAL_ERROR"; goto err; } diff --git a/test/recipes/30-test_evp_data/evpkdf_scrypt.txt b/test/recipes/30-test_evp_data/evpkdf_scrypt.txt index 7aba716246..64176091fc 100644 --- a/test/recipes/30-test_evp_data/evpkdf_scrypt.txt +++ b/test/recipes/30-test_evp_data/evpkdf_scrypt.txt @@ -60,4 +60,4 @@ Ctrl.salt = salt:SodiumChloride Ctrl.N = n:1048576 Ctrl.r = r:8 Ctrl.p = p:1 -Result = INTERNAL_ERROR +Result = KDF_MISMATCH diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt b/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt index 086451a44c..1f7c06c6d4 100644 --- a/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt +++ b/test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt @@ -60,4 +60,4 @@ Ctrl.salt = salt:SodiumChloride Ctrl.N = N:1048576 Ctrl.r = r:8 Ctrl.p = p:1 -Result = INTERNAL_ERROR +Result = KDF_MISMATCH From bernd.edlinger at hotmail.de Sat Aug 28 14:50:01 2021 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 28 Aug 2021 14:50:01 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630162201.176586.10230.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via dc3520b1ad3e1d70b899210bacc002318ebe276a (commit) from 876b7e97b848ba179c1dbe4a4a265dfffae0eba6 (commit) - Log ----------------------------------------------------------------- commit dc3520b1ad3e1d70b899210bacc002318ebe276a Author: Bernd Edlinger Date: Fri Aug 27 13:11:39 2021 +0200 Fix the "Out of memory" EVP KDF scrypt test This test did not really execute, since usually the OPENSSL_malloc(0) will fail and prevent the execution of the KDF. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16446) ----------------------------------------------------------------------- Summary of changes: test/evp_test.c | 2 +- test/recipes/30-test_evp_data/evpkdf.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index abb51384e8..d4cca6dbcb 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1777,7 +1777,7 @@ static int kdf_test_run(EVP_TEST *t) unsigned char *got = NULL; size_t got_len = expected->output_len; - if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { t->err = "INTERNAL_ERROR"; goto err; } diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt index 9a6cc28385..8fe0df3972 100644 --- a/test/recipes/30-test_evp_data/evpkdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf.txt @@ -301,5 +301,5 @@ Ctrl.salt = salt:SodiumChloride Ctrl.N = N:1048576 Ctrl.r = r:8 Ctrl.p = p:1 -Result = INTERNAL_ERROR +Result = KDF_MISMATCH From beldmit at gmail.com Sat Aug 28 19:33:28 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sat, 28 Aug 2021 19:33:28 +0000 Subject: [openssl] master update Message-ID: <1630179208.618766.12929.nullmailer@dev.openssl.org> The branch master has been updated via d15506874bff1b128b36ceb847d24ac4b8cd4958 (commit) from cce935b23ce2f7942e2ef4368dd93b60e21d3d83 (commit) - Log ----------------------------------------------------------------- commit d15506874bff1b128b36ceb847d24ac4b8cd4958 Author: Dmitry Belyavskiy Date: Fri Aug 27 18:03:15 2021 +0200 Adjust the list of default provider's algorithms Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16448) ----------------------------------------------------------------------- Summary of changes: doc/man7/OSSL_PROVIDER-default.pod | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod index 88ae3fec9d..14d590cbde 100644 --- a/doc/man7/OSSL_PROVIDER-default.pod +++ b/doc/man7/OSSL_PROVIDER-default.pod @@ -81,24 +81,12 @@ The OpenSSL default provider supports these operations and algorithms: =item CAMELLIA, see L -=item DES, see L - -=item BF, see L - -=item IDEA, see L - -=item CAST5, see L +=item 3DES, see L =item SEED, see L =item SM4, see L -=item RC2, see L - -=item RC4, see L - -=item RC5, see L - =item ChaCha20, see L =item ChaCha20-Poly1305, see L From scan-admin at coverity.com Sun Aug 29 07:49:46 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 29 Aug 2021 07:49:46 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <612b3c1996711_3738992b1c3dd079902438@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DHoSa_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGhBLrhkAfFpJWKILw4BeuUuTPvgRKTfKJ65QDME5tlCI9FrLPu9BZ1-2BEbrRtZL6LkqLJUmYkofMpVe07b3IDgEaRDIlpv3KxF20g-2F8RbeOfnO26CnJGpc8MYI7AaRJ2vNqmbDCEZtDKAC1AOlosL-2FH-2BPdRINlx-2BnlTK5bwSIFgStv6gW2e2MEee56FteM4uLw-3D Build ID: 404789 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Aug 29 07:52:49 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 29 Aug 2021 07:52:49 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <612b3cd151274_3739922b1c3dd079902489@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D92Uz_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHm1Ctd-2FBYyQXQEEqHZ-2Bj-2BkH9-2BubA8P8Cu8sd0bUfYHgqhxORrch1Z-2B34JkTiApPJhjxtCNu6DnkJQOpXTVoz3TZPti2d0RvNSpaE6r43n4OzVkHFKPxdBepIXcyRrRphij9qpoISkexBh3x3kFvrPGAZLvAzWObbOgO2Rhkb3tTNpVUBfeePSoFT-2BQqdQ-2FwPg-3D Build ID: 404790 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Sun Aug 29 16:55:26 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sun, 29 Aug 2021 16:55:26 +0000 Subject: [openssl] master update Message-ID: <1630256126.750783.8918.nullmailer@dev.openssl.org> The branch master has been updated via e8e1f6d1a9e599d575431f559200018b8f822e0f (commit) from d15506874bff1b128b36ceb847d24ac4b8cd4958 (commit) - Log ----------------------------------------------------------------- commit e8e1f6d1a9e599d575431f559200018b8f822e0f Author: Daniel Kr?gler Date: Fri Aug 27 18:32:20 2021 +0200 Ensure that _GNU_SOURCE is defined for bss_dgram.c This fixes the following error with gcc10 under strict ANSI conditions: .../crypto/bio/bss_dgram.c:373:20: error: 'const struct in6_addr' has no member named 's6_addr32' CLA: trivial Fixes #16449 Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16451) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index c79abe8746..8e7daa1998 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + #include #include From beldmit at gmail.com Sun Aug 29 16:56:46 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sun, 29 Aug 2021 16:56:46 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630256206.249837.9979.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 0888183816636f994a3384cde211c88e0d4d1f6a (commit) from dc3520b1ad3e1d70b899210bacc002318ebe276a (commit) - Log ----------------------------------------------------------------- commit 0888183816636f994a3384cde211c88e0d4d1f6a Author: Daniel Kr?gler Date: Fri Aug 27 18:32:20 2021 +0200 Ensure that _GNU_SOURCE is defined for bss_dgram.c This fixes the following error with gcc10 under strict ANSI conditions: .../crypto/bio/bss_dgram.c:373:20: error: 'const struct in6_addr' has no member named 's6_addr32' CLA: trivial Fixes #16449 Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16451) (cherry picked from commit e8e1f6d1a9e599d575431f559200018b8f822e0f) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 942fd8b514..2b2e4d5f88 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + #include #include From openssl at openssl.org Sun Aug 29 22:59:28 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 29 Aug 2021 22:59:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options enable-fuzz-afl no-shared no-module Message-ID: <1630277968.735023.737322.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config enable-fuzz-afl no-shared no-module Commit log since last time: e8e1f6d1a9 Ensure that _GNU_SOURCE is defined for bss_dgram.c d15506874b Adjust the list of default provider's algorithms cce935b23c Fix the "Out of memory" EVP KDF scrypt test 20b39175b5 Yet another doc-nits fix 5327da81f0 cms: fix memleaks in cms_env.c 597d24e2ab Fix libdir path on darwin c023d98dcf Darwin platform allows to build on releases before Yosemite/ios 8. 6f242d224c doc: Add note about operation parameters validation 194fcc9ae0 Add a test for running the config twice f38af12585 Add locking for the provider_conf.c 6f25d3c479 When activating providers via config check we've not already activated them Build log ended with (last 100 lines): # SSL_accept() failed -1, 1 # 40C72C5BD57F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40C72C5BD57F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40C72C5BD57F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685:Field=session_id, Type=SSL_SESSION_ASN1 # 40C72C5BD57F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 40C72C5BD57F0000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1584:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9260 # false # OPENSSL_TEST_RAND_ORDER=1630275661 not ok 372 - iteration 7 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1630275661 not ok 74 - test_dh_auto # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 40C72C5BD57F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40C72C5BD57F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40C72C5BD57F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685: # 40C72C5BD57F0000:error:0688010A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:537:Field=session_id_context, Type=SSL_SESSION_ASN1 # 40C72C5BD57F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:1004 # No progress made # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9315 # false # OPENSSL_TEST_RAND_ORDER=1630275661 not ok 75 - test_sni_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/tUlXl_w_Bz default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 32. # Looks like you failed 1 test of 1.90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 7168 Tests: 30 Failed: 28) Failed tests: 1-21, 23-28, 30 Non-zero exit status: 28 20-test_spkac.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 2, 4 Non-zero exit status: 2 25-test_crl.t (Wstat: 256 Tests: 10 Failed: 1) Failed test: 3 Non-zero exit status: 1 25-test_sid.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 2 Non-zero exit status: 1 65-test_cmp_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_asyncio.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_clienthello.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_recordlen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_servername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ca.t (Wstat: 256 Tests: 15 Failed: 1) Failed test: 5 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_pkcs12.t (Wstat: 768 Tests: 13 Failed: 3) Failed tests: 1-3 Non-zero exit status: 3 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_v3name.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_old.t (Wstat: 1024 Tests: 6 Failed: 4) Failed tests: 3-6 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=241, Tests=2837, 277 wallclock secs (14.91 usr 1.68 sys + 947.48 cusr 73.84 csys = 1037.91 CPU) Result: FAIL make[1]: *** [Makefile:2581: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2577: tests] Error 2 From scan-admin at coverity.com Mon Aug 30 07:54:09 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 30 Aug 2021 07:54:09 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <612c8ea11ed7b_38f4ac2b0d162859a8158fa@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DoVbZ_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF5vr58wLfxqrTl1x7m7FYk52Ox2AyFzQywLd-2B3gsmXhGhvm0WEkX0xHl2e-2BiQPKniAWWb24WRjTMBeaUJ8gC7meiIdToLgnAuxQsRHpHlNGc7nDaboMBQKTjDHRb28mGGY6ASPXZnvKCJsbVRCcpfgmoYHRIewc2FQ8YUlMzaIoh7uN3S-2Bhor5Mr4VhTcD5BU-3D Build ID: 404946 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 30 07:54:51 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 30 Aug 2021 07:54:51 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <612c8ecaba8d1_38f4f12b0d162859a815883@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DoW_d_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHFvxbnlGGBJWL-2Bz9TxafMCMmdWjIMzyRvZUUG-2FhDDGiXH4TBgo6Pn6xCXzMRu9G6txtn-2BgjxqV8m0ks3ll9GfcS0MX1rsD1U78Dp-2Fv8oxAuzJkwAbDiWDA-2BUD6ENa7PiiFkyXoDV-2FCsfiOXRXBebtRwyFG1eH4rpYwnHWE8IEblfwqup63CpCrLbcyiw5HI8Y-3D Build ID: 404944 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Mon Aug 30 10:28:29 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 30 Aug 2021 10:28:29 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630319309.208459.3822.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via f661c76a9e27a87f4bbbed135faf89a3fccac75f (commit) from 0888183816636f994a3384cde211c88e0d4d1f6a (commit) - Log ----------------------------------------------------------------- commit f661c76a9e27a87f4bbbed135faf89a3fccac75f Author: Bernd Edlinger Date: Fri Aug 27 21:34:37 2021 +0200 Fix no-tls1_3 tests This recently added test needs DH2048 to work without tls1_3. Fixes: #16335 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16453) ----------------------------------------------------------------------- Summary of changes: .github/workflows/run-checker-ci.yml | 3 +-- .github/workflows/run-checker-daily.yml | 3 +-- test/recipes/80-test_ssl_old.t | 2 +- test/ssltest_old.c | 41 +++++++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 5 deletions(-) diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index 7a171bff9d..a999492207 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -20,8 +20,7 @@ jobs: no-tests, no-threads, no-tls, -# no-tls1_3 temporarily disabled due to failures to be investigated separately -# no-tls1_3, + no-tls1_3, no-ts, no-ui, ] diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index c1b0327ae3..e335b87b31 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -50,8 +50,7 @@ jobs: no-egd, no-engine, no-external-tests, -# no-tls1_3 temporarily disabled due to failures to be investigated separately -# no-tls1_3, + no-tls1_3, no-fuzz-afl, no-fuzz-libfuzzer, no-gost, diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 6f5fdb7669..9800de0fc8 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -519,7 +519,7 @@ sub testssl { skip "skipping auto PSK tests", 1 if ($no_dh || $no_psk || $no_ec); - ok(run(test(['ssltest_old', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), + ok(run(test(['ssltest_old', '-dhe2048', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), 'test auto DH meets security strength'); } } diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 36e6031f3a..cc98e4f866 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -95,6 +95,7 @@ struct app_verify_arg { static DH *get_dh512(void); static DH *get_dh1024(void); static DH *get_dh1024dsa(void); +static DH *get_dh2048(void); #endif static char *psk_key = NULL; /* by default PSK is not used */ @@ -641,6 +642,8 @@ static void sv_usage(void) " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, + " -dhe2048 - use 2048 bit key (rfc3526 pime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); #endif #ifndef OPENSSL_NO_EC @@ -895,6 +898,7 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_DH DH *dh; int dhe512 = 0, dhe1024dsa = 0; + int dhe2048 = 0; #endif int no_dhe = 0; int no_psk = 0; @@ -989,6 +993,13 @@ int main(int argc, char *argv[]) #else fprintf(stderr, "ignoring -dhe512, since I'm compiled without DH\n"); +#endif + } else if (strcmp(*argv, "-dhe2048") == 0) { +#ifndef OPENSSL_NO_DH + dhe2048 = 1; +#else + fprintf(stderr, + "ignoring -dhe2048, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH @@ -1482,6 +1493,8 @@ int main(int argc, char *argv[]) dh = get_dh1024dsa(); } else if (dhe512) dh = get_dh512(); + else if (dhe2048) + dh = get_dh2048(); else dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); @@ -3019,6 +3032,34 @@ static DH *get_dh1024dsa(void) DH_set_length(dh, 160); return dh; } + +static DH *get_dh2048(void) +{ + BIGNUM *p = NULL, *g = NULL; + DH *dh = NULL; + + if ((dh = DH_new()) == NULL) + return NULL; + + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) + goto err; + + p = BN_get_rfc3526_prime_2048(NULL); + if (p == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + + return dh; + + err: + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; +} #endif #ifndef OPENSSL_NO_PSK From nic.tuv at gmail.com Mon Aug 30 12:24:12 2021 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 30 Aug 2021 12:24:12 +0000 Subject: [openssl] master update Message-ID: <1630326252.449686.24257.nullmailer@dev.openssl.org> The branch master has been updated via 78082769fa8129e3453ee4cb2255feb259846646 (commit) via 7aa3dfc42104588f65301d20324388ac2c9a6b11 (commit) via cca8a4cedaafe63b0b5729b72133661ece24ff08 (commit) via ea1128e94e36fa9fa25278dc6b3f5b42d8735782 (commit) from e8e1f6d1a9e599d575431f559200018b8f822e0f (commit) - Log ----------------------------------------------------------------- commit 78082769fa8129e3453ee4cb2255feb259846646 Author: Nicola Tuveri Date: Sat Aug 21 04:04:51 2021 +0300 Use applink to fix windows tests (readapted from 5c69c66a6972f84d56160c9ea4b30bab8fc2d3d4 by @bernd-edlinger) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16355) commit 7aa3dfc42104588f65301d20324388ac2c9a6b11 Author: Nicola Tuveri Date: Thu Jul 16 03:23:26 2020 +0300 [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID Some curves don't have an associated OID: for those we should not default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. This is a follow-up to https://github.com/openssl/openssl/pull/12312 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16355) commit cca8a4cedaafe63b0b5729b72133661ece24ff08 Author: Nicola Tuveri Date: Thu Jul 16 02:02:16 2020 +0300 Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros These functions are part of the public API but we don't have tests covering their usage. They are actually implemented as macros and the absence of tests has caused them to fall out-of-sync with the latest changes to ASN1 related functions and cause compilation warnings. This commit fixes the public headers to reflect these changes. Fixes #12443 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16355) commit ea1128e94e36fa9fa25278dc6b3f5b42d8735782 Author: Nicola Tuveri Date: Thu Jul 16 01:57:09 2020 +0300 Add tests for i2d_TYPE_fp and d2i_TYPE_fp These functions are part of the public API but we don't have tests covering their usage. They are actually implemented as macros and the absence of tests has caused them to fall out-of-sync with the latest changes to ASN1 related functions and cause compilation warnings. @@ Note: This commit limits to ECPKParameters as a type. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16355) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_curve.c | 37 +++++++++++++++++++++++++++++++++++++ include/openssl/ec.h | 6 +++--- test/build.info | 7 ++++++- test/ec_internal_test.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 90 insertions(+), 5 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index b3a791eb64..31519137c6 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -485,7 +485,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPARAMETERS_free(ret->value.parameters); } - if (EC_GROUP_get_asn1_flag(group)) { + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { /* * use the asn1 OID to describe the elliptic curve parameters */ diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 6f1435c69f..b5b2f3342d 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3223,6 +3223,43 @@ static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, goto err; } } + +#ifndef FIPS_MODULE + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { + /* + * Some curves don't have an associated OID: for those we should not + * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and + * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. + * + * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on + * `EC_GROUP_new()`, when we don't have enough elements to determine if + * an OID for the curve name actually exists. + * We could implement this check on `EC_GROUP_set_curve_name()` but + * overloading the simple setter with this lookup could have a negative + * performance impact and unexpected consequences. + */ + ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid); + + if (asn1obj == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); + goto err; + } + if (OBJ_length(asn1obj) == 0) + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + + ASN1_OBJECT_free(asn1obj); + } +#else + /* + * Inside the FIPS module we do not support explicit curves anyway + * so the above check is not necessary. + * + * Skipping it is also necessary because `OBJ_length()` and + * `ASN1_OBJECT_free()` are not available within the FIPS module + * boundaries. + */ +#endif + ok = 1; err: if (!ok) { diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 8b1abcebb7..f59b4f9288 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -915,10 +915,10 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); # define i2d_ECPKParameters_bio(bp,x) \ ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x) # define d2i_ECPKParameters_fp(fp,x) \ - (EC_GROUP *)ASN1_d2i_fp(NULL, (char *(*)())d2i_ECPKParameters, (fp), \ - (unsigned char **)(x)) + (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ + (void **)(x)) # define i2d_ECPKParameters_fp(fp,x) \ - ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x)) + ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, diff --git a/test/build.info b/test/build.info index dab5af4ebe..2e209b45c7 100644 --- a/test/build.info +++ b/test/build.info @@ -12,6 +12,11 @@ ENDIF IF[{- $config{target} =~ /^vms-/ -}] $AUXLIBAPPSSRC=../apps/lib/vms_term_sock.c ../apps/lib/vms_decc_argv.c ENDIF +# Program init source, that don't have direct linkage with the rest of the +# source, and can therefore not be part of a library. +IF[{- !$disabled{uplink} -}] + $INITSRC=../ms/applink.c +ENDIF $LIBAPPSSRC=../apps/lib/opt.c $AUXLIBAPPSSRC IF[{- !$disabled{tests} -}] @@ -712,7 +717,7 @@ IF[{- !$disabled{tests} -}] INCLUDE[rc5test]=../include ../apps/include DEPEND[rc5test]=../libcrypto.a libtestutil.a - SOURCE[ec_internal_test]=ec_internal_test.c + SOURCE[ec_internal_test]=ec_internal_test.c $INITSRC INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c index e0e6a859cb..57092942a1 100644 --- a/test/ec_internal_test.c +++ b/test/ec_internal_test.c @@ -359,6 +359,47 @@ static int decoded_flag_test(void) return testresult; } +static +int ecpkparams_i2d2i_test(int n) +{ + EC_GROUP *g1 = NULL, *g2 = NULL; + FILE *fp = NULL; + int nid = curves[n].nid; + int testresult = 0; + + /* create group */ + if (!TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) + goto end; + + /* encode params to file */ + if (!TEST_ptr(fp = fopen("params.der", "wb")) + || !TEST_true(i2d_ECPKParameters_fp(fp, g1))) + goto end; + + /* flush and close file */ + if (!TEST_int_eq(fclose(fp), 0)) { + fp = NULL; + goto end; + } + fp = NULL; + + /* decode params from file */ + if (!TEST_ptr(fp = fopen("params.der", "rb")) + || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL))) + goto end; + + testresult = 1; /* PASS */ + +end: + if (fp != NULL) + fclose(fp); + + EC_GROUP_free(g1); + EC_GROUP_free(g2); + + return testresult; +} + int setup_tests(void) { crv_len = EC_get_builtin_curves(NULL, 0); @@ -376,6 +417,8 @@ int setup_tests(void) ADD_TEST(underflow_test); #endif ADD_TEST(decoded_flag_test); + ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len); + return 1; } From openssl at openssl.org Mon Aug 30 22:58:30 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 30 Aug 2021 22:58:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options enable-fuzz-afl no-shared no-module Message-ID: <1630364310.552579.932682.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config enable-fuzz-afl no-shared no-module Commit log since last time: 78082769fa Use applink to fix windows tests 7aa3dfc421 [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID cca8a4ceda Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros ea1128e94e Add tests for i2d_TYPE_fp and d2i_TYPE_fp Build log ended with (last 100 lines): # SSL_accept() failed -1, 1 # 40C7DCFB677F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40C7DCFB677F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40C7DCFB677F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685:Field=session_id, Type=SSL_SESSION_ASN1 # 40C7DCFB677F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 40C7DCFB677F0000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1584:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9260 # false # OPENSSL_TEST_RAND_ORDER=1630362035 not ok 372 - iteration 7 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1630362035 not ok 74 - test_dh_auto # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 40C7DCFB677F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40C7DCFB677F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40C7DCFB677F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685: # 40C7DCFB677F0000:error:0688010A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:537:Field=session_id_context, Type=SSL_SESSION_ASN1 # 40C7DCFB677F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:1004 # No progress made # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9315 # false # OPENSSL_TEST_RAND_ORDER=1630362035 not ok 75 - test_sni_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/SMS8pjqaWV default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 32. # Looks like you failed 1 test of 1.90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 7168 Tests: 30 Failed: 28) Failed tests: 1-21, 23-28, 30 Non-zero exit status: 28 20-test_spkac.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 2, 4 Non-zero exit status: 2 25-test_crl.t (Wstat: 256 Tests: 10 Failed: 1) Failed test: 3 Non-zero exit status: 1 25-test_sid.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 2 Non-zero exit status: 1 65-test_cmp_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_asyncio.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_clienthello.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_recordlen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_servername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ca.t (Wstat: 256 Tests: 15 Failed: 1) Failed test: 5 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_pkcs12.t (Wstat: 768 Tests: 13 Failed: 3) Failed tests: 1-3 Non-zero exit status: 3 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_v3name.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_old.t (Wstat: 1024 Tests: 6 Failed: 4) Failed tests: 3-6 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=241, Tests=2837, 263 wallclock secs (13.99 usr 1.78 sys + 909.57 cusr 68.64 csys = 993.98 CPU) Result: FAIL make[1]: *** [Makefile:2566: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2562: tests] Error 2 From scan-admin at coverity.com Tue Aug 31 07:58:27 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 31 Aug 2021 07:58:27 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <612de122e4a1a_3ab8b42ad5f92f59a032558@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DQ1fU_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHRIssZ9k0CvbiLobdv0hibavib2cPz2luqS77HtjEomqjOTWX9X3EXM07NZ0cqCVNshIoSxvaQaLo6fGSHaG-2FqPO0BCCTX1tUgTmm-2Br6-2FL2huWmkAHlcetuEgL92E55FAhuMvbDJmls7Tp7-2B0yvMlnbRLSUkrIwGHYYUBFBhA8YuZdSP-2B9r60nfzMVyqrWaCU-3D Build ID: 405110 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Tue Aug 31 08:05:51 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 31 Aug 2021 08:05:51 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <612de2de71b30_3abc0b2ad5f92f59a032526@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DE7Ne_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGQYjN-2F1Td3APfUUU5-2FlmzRx4YfZws0ZgFULARhunOHvq7WGTmlzaGyai9cLH8SJsUvlYlmPlsKFacf6-2BABt0Jp5cAkq5qqwAZvGUidaQsoPXT9THllmiDhAiA2U3yIID3MNSk9QgdeoZWf2sjacTslm6N6uo31ACriiRMRTK5Zx7j-2BVyjvipWPfYbkgFdrioY-3D Build ID: 405111 Analysis Summary: New defects found: 0 Defects eliminated: 0 From mark at openssl.org Tue Aug 31 09:57:09 2021 From: mark at openssl.org (Mark J. Cox) Date: Tue, 31 Aug 2021 09:57:09 +0000 Subject: [web] master update Message-ID: <1630403829.315015.7942.nullmailer@dev.openssl.org> The branch master has been updated via 30a512b2e4a02e643216a163af87db97ccbf00d2 (commit) via d3f3bf5b0d8ef336acb45a3e8077436001be82f9 (commit) from 0374f7e7bd8802894fee0c15c474bd20e04f5731 (commit) - Log ----------------------------------------------------------------- commit 30a512b2e4a02e643216a163af87db97ccbf00d2 Merge: 0374f7e d3f3bf5 Author: Mark J. Cox Date: Tue Aug 31 10:55:38 2021 +0100 Merge pull request #254 from iamamoose/20210831sponsors Add CarGurus sponsorship (silver) commit d3f3bf5b0d8ef336acb45a3e8077436001be82f9 Author: Mark J. Cox Date: Tue Aug 31 10:20:05 2021 +0100 Add CarGurus sponsorship (silver) ----------------------------------------------------------------------- Summary of changes: support/acks.html | 1 + 1 file changed, 1 insertion(+) diff --git a/support/acks.html b/support/acks.html index 8a81815..0b70d47 100644 --- a/support/acks.html +++ b/support/acks.html @@ -46,6 +46,7 @@

Silver:

+

CarGurus

Shiguredo Inc.

From tomas at openssl.org Tue Aug 31 10:15:40 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 31 Aug 2021 10:15:40 +0000 Subject: [openssl] master update Message-ID: <1630404940.261374.7896.nullmailer@dev.openssl.org> The branch master has been updated via 028593f546f66d50d399a4f9286364d97c68da78 (commit) from 78082769fa8129e3453ee4cb2255feb259846646 (commit) - Log ----------------------------------------------------------------- commit 028593f546f66d50d399a4f9286364d97c68da78 Author: Jaime Hablutzel Date: Mon Aug 30 13:18:48 2021 -0500 Typo correction. CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16470) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-verification-options.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index 895ee07c60..5fa3907c28 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -21,7 +21,7 @@ It is a complicated process consisting of a number of steps and depending on numerous options. The most important of them are detailed in the following sections. -In a nutshell, a valid chain of certifciates needs to be built up and verified +In a nutshell, a valid chain of certificates needs to be built up and verified starting from the I that is to be verified and ending in a certificate that due to some policy is trusted. Verification is done relative to the given I, which is the intended use From tomas at openssl.org Tue Aug 31 10:18:29 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 31 Aug 2021 10:18:29 +0000 Subject: [openssl] master update Message-ID: <1630405109.409668.11211.nullmailer@dev.openssl.org> The branch master has been updated via 69222552252c86e7d68dcc24b2ce1aa0793ab3aa (commit) from 028593f546f66d50d399a4f9286364d97c68da78 (commit) - Log ----------------------------------------------------------------- commit 69222552252c86e7d68dcc24b2ce1aa0793ab3aa Author: slontis Date: Wed Aug 25 11:50:20 2021 +1000 Document that EVP_get_cipherbyname() does not work for some new algorithm names. These algorithms were added to providers but have no const EVP_CIPHER* mapping. Ciphers for SIV and CTS were previously only available via low level function calls that are deprecated. Reported by @reaperhulk. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16414) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 7 +++++++ doc/man3/EVP_EncryptInit.pod | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 5b16e34dd5..a24b30e651 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -41,6 +41,13 @@ breaking changes, and mappings for the large list of deprecated functions. *OpenSSL team members and many third party contributors* + * The EVP_get_cipherbyname() function will return NULL for algorithms such as + "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were + previously only accessible via low level interfaces. Use EVP_CIPHER_fetch() + instead to retrieve these algorithms from a provider. + + *Shane Lontis* + * On build targets where the multilib postfix is set in the build configuration the libdir directory was changing based on whether the lib directory with the multilib postfix exists on the system diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index cb36629684..62d9047dce 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -447,6 +447,11 @@ EVP_CipherFinal_ex() instead. Return an EVP_CIPHER structure when passed a cipher name, a NID or an ASN1_OBJECT structure. +EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV", +"AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only +accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve +these algorithms from a provider. + =item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() Return the NID of a cipher when passed an B or B From tomas at openssl.org Tue Aug 31 10:20:47 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 31 Aug 2021 10:20:47 +0000 Subject: [openssl] master update Message-ID: <1630405247.480296.31580.nullmailer@dev.openssl.org> The branch master has been updated via 2bdab81198ae366d25547b1441609c7d324b0bb4 (commit) via 3f7ad402b06fd75397f11fd9f0b2ad6778a31f99 (commit) via 72a509f94fc2be80c9903b7512715cd526a82e25 (commit) from 69222552252c86e7d68dcc24b2ce1aa0793ab3aa (commit) - Log ----------------------------------------------------------------- commit 2bdab81198ae366d25547b1441609c7d324b0bb4 Author: Tomas Mraz Date: Tue Aug 31 09:05:59 2021 +0200 apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/16433) commit 3f7ad402b06fd75397f11fd9f0b2ad6778a31f99 Author: Tomas Mraz Date: Thu Aug 26 15:13:58 2021 +0200 ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/16433) commit 72a509f94fc2be80c9903b7512715cd526a82e25 Author: Tomas Mraz Date: Thu Aug 26 15:08:15 2021 +0200 Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests Fixes #16428 Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/16433) ----------------------------------------------------------------------- Summary of changes: .github/workflows/ci.yml | 2 +- apps/pkcs12.c | 3 ++- crypto/asn1/a_print.c | 7 ++++--- crypto/asn1/asn1_lib.c | 11 ++++++++--- ssl/ssl_asn1.c | 2 +- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bcb5cd5775..2f2a9b9fb2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -130,7 +130,7 @@ jobs: steps: - uses: actions/checkout at v2 - name: config - run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump + run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/apps/pkcs12.c b/apps/pkcs12.c index d745df8494..dcb173f201 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -1142,7 +1142,8 @@ void print_attribute(BIO *out, const ASN1_TYPE *av) break; case V_ASN1_UTF8STRING: - BIO_printf(out, "%s\n", av->value.utf8string->data); + BIO_printf(out, "%.*s\n", av->value.utf8string->length, + av->value.utf8string->data); break; case V_ASN1_OCTET_STRING: diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 328e0abcc5..e04f9b1f2e 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len) int ia5 = 0; int t61 = 0; - if (len <= 0) - len = -1; if (s == NULL) return V_ASN1_PRINTABLESTRING; - while ((*s) && (len-- != 0)) { + if (len < 0) + len = strlen((const char *)s); + + while (len-- > 0) { c = *(s++); if (!ossl_isasn1print(c)) ia5 = 1; diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 02c34a4438..5359cbc117 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -303,7 +303,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) c = str->data; #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* No NUL terminator in fuzzing builds */ - str->data = OPENSSL_realloc(c, len); + str->data = OPENSSL_realloc(c, len != 0 ? len : 1); #else str->data = OPENSSL_realloc(c, len + 1); #endif @@ -316,7 +316,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) str->length = len; if (data != NULL) { memcpy(str->data, data, len); -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* Set the unused byte to something non NUL and printable. */ + if (len == 0) + str->data[len] = '~'; +#else /* * Add a NUL terminator. This should not be necessary - but we add it as * a safety precaution @@ -384,7 +388,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) i = (a->length - b->length); if (i == 0) { - i = memcmp(a->data, b->data, a->length); + if (a->length != 0) + i = memcmp(a->data, b->data, a->length); if (i == 0) return a->type - b->type; else diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 2cbd95fa1b..3503fdc210 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -229,7 +229,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, ASN1_OCTET_STRING *src, size_t maxlen) { - if (src == NULL) { + if (src == NULL || src->length == 0) { *pdstlen = 0; return 1; } From pauli at openssl.org Tue Aug 31 10:42:22 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 31 Aug 2021 10:42:22 +0000 Subject: [openssl] master update Message-ID: <1630406542.888079.3887.nullmailer@dev.openssl.org> The branch master has been updated via c7468c17d7090492c266492ffa4ccf5baf93ffc4 (commit) from 2bdab81198ae366d25547b1441609c7d324b0bb4 (commit) - Log ----------------------------------------------------------------- commit c7468c17d7090492c266492ffa4ccf5baf93ffc4 Author: Pauli Date: Mon Aug 30 16:06:49 2021 +1000 CI: add builds covering a number of different compiler versions Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/16463) ----------------------------------------------------------------------- Summary of changes: .github/workflows/compiler-zoo.yml | 53 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/compiler-zoo.yml diff --git a/.github/workflows/compiler-zoo.yml b/.github/workflows/compiler-zoo.yml new file mode 100644 index 0000000000..29a9097343 --- /dev/null +++ b/.github/workflows/compiler-zoo.yml @@ -0,0 +1,53 @@ +name: Compiler Zoo CI + +on: [push] + +jobs: + compiler: + strategy: + fail-fast: false + matrix: + zoo: [ + { + cc: gcc-7 + }, { + cc: gcc-8 + }, { + cc: gcc-9 + }, { + cc: gcc-10 + }, { + cc: clang-6.0 + }, { + cc: clang-7 + }, { + cc: clang-8 + }, { + cc: clang-9 + }, { + cc: clang-10 + }, { + cc: clang-11 + }, { + cc: clang-12 + } + ] + runs-on: ubuntu-latest + steps: + - name: install packages + run: | + sudo apt-get update + sudo apt-get -yq --force-yes install ${{ matrix.zoo.cc }} + - uses: actions/checkout at v2 + + - name: config + run: | + CC=${{ matrix.zoo.cc }} ./config --banner=Configured no-shared \ + -Wall -Werror enable-fips --strict-warnings + + - name: config dump + run: ./configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} From pauli at openssl.org Tue Aug 31 10:45:09 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 31 Aug 2021 10:45:09 +0000 Subject: [openssl] master update Message-ID: <1630406709.647667.5930.nullmailer@dev.openssl.org> The branch master has been updated via 9b6d17e423da138ea7fd190ae366580c539dceca (commit) via 4f8e0272c1bde43d97bc1c4471dbaecfc89f7aae (commit) via 2b4a611ef18b0696bff57da889622e0e42ed4521 (commit) via 03c137de971354b7c2e00f0198e85446ead6cfc3 (commit) from c7468c17d7090492c266492ffa4ccf5baf93ffc4 (commit) - Log ----------------------------------------------------------------- commit 9b6d17e423da138ea7fd190ae366580c539dceca Author: Matt Caswell Date: Mon Aug 30 15:54:22 2021 +0100 Add a warning about locking in the child provider callback docs The child provider callbacks can hold the store lock. In order to avoid deadlocks we require that the callback implementations don't themselves call functions that may aquire those locks. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16469) commit 4f8e0272c1bde43d97bc1c4471dbaecfc89f7aae Author: Pauli Date: Mon Aug 16 12:20:56 2021 +1000 Add additional test to thread sanitizer build Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16469) commit 2b4a611ef18b0696bff57da889622e0e42ed4521 Author: Matt Caswell Date: Mon Aug 30 13:04:31 2021 +0100 Refactor provider_core.c to adhere to the locking rules The previous commit provided some guidelines and some rules for using locking in order to avoid deadlocks. This commit refactors the code in order to adhere to those guidelines and rules. Fixes #16312 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16469) commit 03c137de971354b7c2e00f0198e85446ead6cfc3 Author: Matt Caswell Date: Mon Aug 30 15:33:07 2021 +0100 Add commentary about lock usage in provider_core.c Provide some guidelines, as well as some rules for using the locks in provider_core.c, in order to avoid the introduction of deadlocks. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16469) ----------------------------------------------------------------------- Summary of changes: .github/workflows/ci.yml | 2 +- crypto/provider_core.c | 239 +++++++++++++++++++++++++++++++++++---------- doc/man7/provider-base.pod | 6 +- 3 files changed, 190 insertions(+), 57 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2f2a9b9fb2..601ba5f6b1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -157,7 +157,7 @@ jobs: - name: make run: make -s -j4 - name: make test - run: make TESTS=test_threads test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp" test HARNESS_JOBS=${HARNESS_JOBS:-4} enable_non-default_options: runs-on: ubuntu-latest diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 1f688557c1..e4069eb4f7 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -28,6 +28,89 @@ # include #endif +/* + * This file defines and uses a number of different structures: + * + * OSSL_PROVIDER (provider_st): Used to represent all information related to a + * single instance of a provider. + * + * provider_store_st: Holds information about the collection of providers that + * are available within the current library context (OSSL_LIB_CTX). It also + * holds configuration information about providers that could be loaded at some + * future point. + * + * OSSL_PROVIDER_CHILD_CB: An instance of this structure holds the callbacks + * that have been registered for a child library context and the associated + * provider that registered those callbacks. + * + * Where a child library context exists then it has its own instance of the + * provider store. Each provider that exists in the parent provider store, has + * an associated child provider in the child library context's provider store. + * As providers get activated or deactivated this needs to be mirrored in the + * associated child providers. + * + * LOCKING + * ======= + * + * There are a number of different locks used in this file and it is important + * to understand how they should be used in order to avoid deadlocks. + * + * Fields within a structure can often be "write once" on creation, and then + * "read many". Creation of a structure is done by a single thread, and + * therefore no lock is required for the "write once/read many" fields. It is + * safe for multiple threads to read these fields without a lock, because they + * will never be changed. + * + * However some fields may be changed after a structure has been created and + * shared between multiple threads. Where this is the case a lock is required. + * + * The locks available are: + * + * The provider flag_lock: Used to control updates to the various provider + * "flags" (flag_initialized, flag_activated, flag_fallback) and associated + * "counts" (activatecnt). + * + * The provider refcnt_lock: Only ever used to control updates to the provider + * refcnt value. + * + * The provider optbits_lock: Used to control access to the provider's + * operation_bits and operation_bits_sz fields. + * + * The store default_path_lock: Used to control access to the provider store's + * default search path value (default_path) + * + * The store lock: Used to control the stack of provider's held within the + * provider store, as well as the stack of registered child provider callbacks. + * + * As a general rule-of-thumb it is best to: + * - keep the scope of the code that is protected by a lock to the absolute + * minimum possible; + * - try to keep the scope of the lock to within a single function (i.e. avoid + * making calls to other functions while holding a lock); + * - try to only ever hold one lock at a time. + * + * Unfortunately, it is not always possible to stick to the above guidelines. + * Where they are not adhered to there is always a danger of inadvertently + * introducing the possibility of deadlock. The following rules MUST be adhered + * to in order to avoid that: + * - Holding multiple locks at the same time is only allowed for the + * provider store lock, the provider flag_lock and the provider refcnt_lock. + * - When holding multiple locks they must be acquired in the following order of + * precedence: + * 1) provider store lock + * 2) provider flag_lock + * 3) provider refcnt_lock + * - When releasing locks they must be released in the reverse order to which + * they were acquired + * - No locks may be held when making an upcall. NOTE: Some common functions + * can make upcalls as part of their normal operation. If you need to call + * some other function while holding a lock make sure you know whether it + * will make any upcalls or not. For example ossl_provider_up_ref() can call + * ossl_provider_up_ref_parent() which can call the c_prov_up_ref() upcall. + * - It is permissible to hold the store lock when calling child provider + * callbacks. No other locks may be held during such callbacks. + */ + static OSSL_PROVIDER *provider_new(const char *name, OSSL_provider_init_fn *init_function, STACK_OF(INFOPAIR) *parameters); @@ -343,11 +426,11 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, tmpl.name = (char *)name; if (!CRYPTO_THREAD_read_lock(store->lock)) return NULL; - if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1 - || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL - || !ossl_provider_up_ref(prov)) - prov = NULL; + if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) != -1) + prov = sk_OSSL_PROVIDER_value(store->providers, i); CRYPTO_THREAD_unlock(store->lock); + if (prov != NULL && !ossl_provider_up_ref(prov)) + prov = NULL; } return prov; @@ -532,15 +615,6 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, else actualtmp = sk_OSSL_PROVIDER_value(store->providers, idx); - if (actualprov != NULL) { - if (!ossl_provider_up_ref(actualtmp)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - actualtmp = NULL; - goto err; - } - *actualprov = actualtmp; - } - if (idx == -1) { if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) goto err; @@ -555,7 +629,16 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, CRYPTO_THREAD_unlock(store->lock); - if (actualtmp != prov) { + if (actualprov != NULL) { + if (!ossl_provider_up_ref(actualtmp)) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + actualtmp = NULL; + goto err; + } + *actualprov = actualtmp; + } + + if (idx >= 0) { /* * The provider is already in the store. Probably two threads * independently initialised their own provider objects with the same @@ -923,10 +1006,13 @@ static int provider_init(OSSL_PROVIDER *prov) * Deactivate a provider. * Return -1 on failure and the activation count on success */ -static int provider_deactivate(OSSL_PROVIDER *prov) +static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls) { int count; struct provider_store_st *store; +#ifndef FIPS_MODULE + int freeparent = 0, removechildren = 0; +#endif if (!ossl_assert(prov != NULL)) return -1; @@ -943,32 +1029,42 @@ static int provider_deactivate(OSSL_PROVIDER *prov) } #ifndef FIPS_MODULE - if (prov->activatecnt == 2 && prov->ischild) { + if (prov->activatecnt >= 2 && prov->ischild && upcalls) { /* * We have had a direct activation in this child libctx so we need to - * now down the ref count in the parent provider. + * now down the ref count in the parent provider. We do the actual down + * ref outside of the flag_lock, since it could involve getting other + * locks. */ - ossl_provider_free_parent(prov, 1); + freeparent = 1; } #endif if ((count = --prov->activatecnt) < 1) { prov->flag_activated = 0; #ifndef FIPS_MODULE - { - int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); - OSSL_PROVIDER_CHILD_CB *child_cb; - - for (i = 0; i < max; i++) { - child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); - child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); - } - } + removechildren = 1; #endif } CRYPTO_THREAD_unlock(prov->flag_lock); + +#ifndef FIPS_MODULE + if (removechildren) { + int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); + OSSL_PROVIDER_CHILD_CB *child_cb; + + for (i = 0; i < max; i++) { + child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); + child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); + } + } +#endif CRYPTO_THREAD_unlock(store->lock); +#ifndef FIPS_MODULE + if (freeparent) + ossl_provider_free_parent(prov, 1); +#endif /* We don't deinit here, that's done in ossl_provider_free() */ return count; @@ -982,7 +1078,7 @@ static int provider_activate(OSSL_PROVIDER *prov, int lock, int upcalls) { int count = -1; struct provider_store_st *store; - int ret = 1; + int ret = 1, createchildren = 0; store = prov->store; /* @@ -995,31 +1091,41 @@ static int provider_activate(OSSL_PROVIDER *prov, int lock, int upcalls) return -1; } - if (lock && !CRYPTO_THREAD_read_lock(store->lock)) +#ifndef FIPS_MODULE + if (prov->ischild && upcalls && !ossl_provider_up_ref_parent(prov, 1)) return -1; +#endif - if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) { - CRYPTO_THREAD_unlock(store->lock); + if (lock && !CRYPTO_THREAD_read_lock(store->lock)) { +#ifndef FIPS_MODULE + if (prov->ischild && upcalls) + ossl_provider_free_parent(prov, 1); +#endif return -1; } + if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) { + CRYPTO_THREAD_unlock(store->lock); #ifndef FIPS_MODULE - if (prov->ischild && upcalls) - ret = ossl_provider_up_ref_parent(prov, 1); + if (prov->ischild && upcalls) + ossl_provider_free_parent(prov, 1); #endif + return -1; + } - if (ret) { - count = ++prov->activatecnt; - prov->flag_activated = 1; + count = ++prov->activatecnt; + prov->flag_activated = 1; - if (prov->activatecnt == 1 && store != NULL) - ret = create_provider_children(prov); - } + if (prov->activatecnt == 1 && store != NULL) + createchildren = 1; - if (lock) { + if (lock) CRYPTO_THREAD_unlock(prov->flag_lock); + if (createchildren) + ret = create_provider_children(prov); + if (lock) CRYPTO_THREAD_unlock(store->lock); - } + if (!ret) return -1; @@ -1068,7 +1174,7 @@ int ossl_provider_deactivate(OSSL_PROVIDER *prov) { int count; - if (prov == NULL || (count = provider_deactivate(prov)) < 0) + if (prov == NULL || (count = provider_deactivate(prov, 1)) < 0) return 0; return count == 0 ? provider_flush_store_cache(prov) : 1; } @@ -1155,7 +1261,7 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, void *cbdata), void *cbdata) { - int ret = 0, curr, max; + int ret = 0, curr, max, ref = 0; struct provider_store_st *store = get_provider_store(ctx); STACK_OF(OSSL_PROVIDER) *provs = NULL; @@ -1195,16 +1301,25 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, if (!CRYPTO_THREAD_write_lock(prov->flag_lock)) goto err_unlock; if (prov->flag_activated) { - if (!ossl_provider_up_ref(prov)){ + /* + * We call CRYPTO_UP_REF directly rather than ossl_provider_up_ref + * to avoid upping the ref count on the parent provider, which we + * must not do while holding locks. + */ + if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0) { CRYPTO_THREAD_unlock(prov->flag_lock); goto err_unlock; } /* * It's already activated, but we up the activated count to ensure * it remains activated until after we've called the user callback. + * We do this with no locking (because we already hold the locks) + * and no upcalls (which must not be called when locks are held). In + * theory this could mean the parent provider goes inactive, whilst + * still activated in the child for a short period. That's ok. */ - if (provider_activate(prov, 0, 1) < 0) { - ossl_provider_free(prov); + if (provider_activate(prov, 0, 0) < 0) { + CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock); CRYPTO_THREAD_unlock(prov->flag_lock); goto err_unlock; } @@ -1241,8 +1356,18 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, for (curr++; curr < max; curr++) { OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); - provider_deactivate(prov); - ossl_provider_free(prov); + provider_deactivate(prov, 0); + /* + * As above where we did the up-ref, we don't call ossl_provider_free + * to avoid making upcalls. There should always be at least one ref + * to the provider in the store, so this should never drop to 0. + */ + CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock); + /* + * Not much we can do if this assert ever fails. So we don't use + * ossl_assert here. + */ + assert(ref > 0); } sk_OSSL_PROVIDER_free(provs); return ret; @@ -1562,19 +1687,25 @@ static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle, } max = sk_OSSL_PROVIDER_num(store->providers); for (i = 0; i < max; i++) { + int activated; + prov = sk_OSSL_PROVIDER_value(store->providers, i); if (!CRYPTO_THREAD_read_lock(prov->flag_lock)) break; + activated = prov->flag_activated; + CRYPTO_THREAD_unlock(prov->flag_lock); /* - * We hold the lock while calling the user callback. This means that the - * user callback must be short and simple and not do anything likely to - * cause a deadlock. + * We hold the store lock while calling the user callback. This means + * that the user callback must be short and simple and not do anything + * likely to cause a deadlock. We don't hold the flag_lock during this + * call. In theory this means that another thread could deactivate it + * while we are calling create. This is ok because the other thread + * will also call remove_cb, but won't be able to do so until we release + * the store lock. */ - if (prov->flag_activated - && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata)) + if (activated && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata)) break; - CRYPTO_THREAD_unlock(prov->flag_lock); } if (i == max) { /* Success */ diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 92c167638b..ac197accca 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -123,7 +123,7 @@ provider-base All "functions" mentioned here are passed as function pointers between F and the provider in B arrays, in the call of the provider initialization function. See L -for a description of the initialization function. +for a description of the initialization function. They are known as "upcalls". All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the @@ -328,7 +328,9 @@ provider_register_child_cb() registers callbacks for being informed about the loading and unloading of providers in the application's library context. I is this provider's handle and I is this provider's data that will be passed back to the callbacks. It returns 1 on success or 0 -otherwise. +otherwise. These callbacks may be called while holding locks in libcrypto. In +order to avoid deadlocks the callback implementation must not be long running +and must not call other OpenSSL API functions or upcalls. I is a callback that will be called when a new provider is loaded into the application's library context. It is also called for any providers that From pauli at openssl.org Tue Aug 31 10:46:22 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 31 Aug 2021 10:46:22 +0000 Subject: [openssl] master update Message-ID: <1630406782.823939.7717.nullmailer@dev.openssl.org> The branch master has been updated via 5595058714832bdff03604c881cf44f91c14b5fc (commit) from 9b6d17e423da138ea7fd190ae366580c539dceca (commit) - Log ----------------------------------------------------------------- commit 5595058714832bdff03604c881cf44f91c14b5fc Author: slontis Date: Mon Aug 30 09:59:54 2021 +1000 Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE Fixes #16457 The ECDSA and DSA signature tests use Pairwise tests instead of KATS. Note there is a seperate type used by the keygen for conditional Pairwise Tests. Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16461) ----------------------------------------------------------------------- Summary of changes: doc/man7/OSSL_PROVIDER-FIPS.pod | 6 +++++- include/openssl/self_test.h | 3 ++- providers/fips/self_test_kats.c | 6 +++++- test/recipes/03-test_fipsinstall.t | 2 +- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 62e495aef1..0eac85b324 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -214,6 +214,10 @@ Known answer test for a digest. Known answer test for a signature. +=item "PCT_Signature" (B) + +Pairwise Consistency check for a signature. + =item "KAT_KDF" (B) Known answer test for a key derivation function. @@ -226,7 +230,7 @@ Known answer test for key agreement. Known answer test for a Deterministic Random Bit Generator. -=item "Pairwise_Consistency_Test" (B) +=item "Conditional_PCT" (B) Conditional test that is run during the generation of key pairs. diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index 564fc95088..77c600a0d1 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -29,11 +29,12 @@ extern "C" { # define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" # define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" # define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" -# define OSSL_SELF_TEST_TYPE_PCT "Pairwise_Consistency_Test" +# define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" # define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" # define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" # define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" # define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" +# define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature" # define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" # define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" # define OSSL_SELF_TEST_TYPE_DRBG "DRBG" diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index d411767205..81f7226ba1 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -452,8 +452,12 @@ static int self_test_sign(const ST_KAT_SIGN *t, 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 }; + const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE; - OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc); + if (t->sig_expected == NULL) + typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE; + + OSSL_SELF_TEST_onbegin(st, typ, t->desc); bnctx = BN_CTX_new_ex(libctx); if (bnctx == NULL) diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index db64362538..d99974e467 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -235,7 +235,7 @@ SKIP: { '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", '-section_name', 'fips_sect', '-corrupt_desc', 'DSA', - '-corrupt_type', 'KAT_Signature'])), + '-corrupt_type', 'PCT_Signature'])), "fipsinstall fails when the signature result is corrupted"); } From pauli at openssl.org Tue Aug 31 10:48:03 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 31 Aug 2021 10:48:03 +0000 Subject: [openssl] master update Message-ID: <1630406883.309845.10420.nullmailer@dev.openssl.org> The branch master has been updated via 59f4a51a7f2c53b9fd161b032d0fcb8a85f4f19d (commit) via c7f8edfc1186a48463c14cfdc7f70456cbcb1cda (commit) from 5595058714832bdff03604c881cf44f91c14b5fc (commit) - Log ----------------------------------------------------------------- commit 59f4a51a7f2c53b9fd161b032d0fcb8a85f4f19d Author: Matt Caswell Date: Thu Aug 26 10:03:51 2021 +0100 Add a test for verifying an email with a bad othername type Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16443) commit c7f8edfc1186a48463c14cfdc7f70456cbcb1cda Author: Matt Caswell Date: Thu Aug 26 09:43:50 2021 +0100 Ensure that we check the ASN.1 type of an "otherName" before using it We should not assume that the type of an ASN.1 value is UTF8String as expected. We must actually check it, otherwise we could get a NULL ptr deref, or worse memory errors. Reported by David Benjamin. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16443) ----------------------------------------------------------------------- Summary of changes: crypto/x509/v3_utl.c | 17 ++++++++++++----- test/recipes/25-test_eai_data.t | 14 ++++++++++++-- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 5c63d2d9d8..a70917a39b 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -901,12 +901,19 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, if (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox) { san_present = 1; - cstr = gen->d.otherName->value->value.utf8string; - /* Positive on success, negative on error! */ - if ((rv = do_check_string(cstr, 0, equal, flags, - chk, chklen, peername)) != 0) - break; + /* + * If it is not a UTF8String then that is unexpected and we + * treat it as no match + */ + if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { + cstr = gen->d.otherName->value->value.utf8string; + + /* Positive on success, negative on error! */ + if ((rv = do_check_string(cstr, 0, equal, flags, + chk, chklen, peername)) != 0) + break; + } } else continue; } else { diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t index 8aebf5d621..522982ddfb 100644 --- a/test/recipes/25-test_eai_data.t +++ b/test/recipes/25-test_eai_data.t @@ -12,7 +12,7 @@ use warnings; use File::Spec; use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_file with/; setup("test_eai_data"); @@ -21,7 +21,7 @@ setup("test_eai_data"); #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem -plan tests => 11; +plan tests => 12; require_ok(srctop_file('test','recipes','tconversion.pl')); my $folder = "test/recipes/25-test_eai_data"; @@ -60,3 +60,13 @@ ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile" ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); +#Check that we get the expected failure return code +with({ exit_checker => sub { return shift == 2; } }, + sub { + ok(run(app(["openssl", "verify", "-CAfile", + srctop_file("test", "certs", "bad-othername-namec.pem"), + "-partial_chain", "-no_check_time", "-verify_email", + 'foo at example.com', + srctop_file("test", "certs", "bad-othername-namec.pem")]))); + }); + From nic.tuv at gmail.com Tue Aug 31 22:19:09 2021 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Tue, 31 Aug 2021 22:19:09 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1630448349.281689.310.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a9972440d26e482cec9d7a8c4c0063baa20d9eac (commit) via f397efb0b999af6a54bc192ce8551e76c79ff245 (commit) via 45487dba0fb8c36fe390fa8131204403c00c01fc (commit) via 3d97638062595efb23b32f9150c38d60db89de7f (commit) from f661c76a9e27a87f4bbbed135faf89a3fccac75f (commit) - Log ----------------------------------------------------------------- commit a9972440d26e482cec9d7a8c4c0063baa20d9eac Author: Bernd Edlinger Date: Fri Aug 20 20:42:55 2021 +0200 Use applink to fix windows tests (cherry picked from commit ) Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12457) commit f397efb0b999af6a54bc192ce8551e76c79ff245 Author: Nicola Tuveri Date: Thu Jul 16 03:23:26 2020 +0300 [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID Some curves don't have an associated OID: for those we should not default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. This is a follow-up to https://github.com/openssl/openssl/pull/12312 (cherry picked from commit 7aa3dfc42104588f65301d20324388ac2c9a6b11) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12457) commit 45487dba0fb8c36fe390fa8131204403c00c01fc Author: Nicola Tuveri Date: Thu Jul 16 02:02:16 2020 +0300 Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros These functions are part of the public API but we don't have tests covering their usage. They are actually implemented as macros and the absence of tests has caused them to fall out-of-sync with the latest changes to ASN1 related functions and cause compilation warnings. This commit fixes the public headers to reflect these changes. Fixes #12443 (cherry picked from commit cca8a4cedaafe63b0b5729b72133661ece24ff08) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12457) commit 3d97638062595efb23b32f9150c38d60db89de7f Author: Nicola Tuveri Date: Thu Jul 16 01:57:09 2020 +0300 Add tests for i2d_TYPE_fp and d2i_TYPE_fp These functions are part of the public API but we don't have tests covering their usage. They are actually implemented as macros and the absence of tests has caused them to fall out-of-sync with the latest changes to ASN1 related functions and cause compilation warnings. @@ Note: This commit limits to ECPKParameters as a type. (cherry picked from commit ea1128e94e36fa9fa25278dc6b3f5b42d8735782) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12457) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_curve.c | 27 +++++++++++++++++++++++++++ include/openssl/ec.h | 15 +++++++++------ test/build.info | 4 +++- test/ec_internal_test.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+), 8 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c8ee1e6f17..4335b3da1a 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -548,7 +548,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPARAMETERS_free(ret->value.parameters); } - if (EC_GROUP_get_asn1_flag(group)) { + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { /* * use the asn1 OID to describe the elliptic curve parameters */ diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 8de486cbd7..dfe5263f59 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -12,6 +12,7 @@ #include "ec_local.h" #include #include +#include #include #include "internal/nelem.h" @@ -3097,6 +3098,32 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) goto err; } } + + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { + /* + * Some curves don't have an associated OID: for those we should not + * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and + * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. + * + * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on + * `EC_GROUP_new()`, when we don't have enough elements to determine if + * an OID for the curve name actually exists. + * We could implement this check on `EC_GROUP_set_curve_name()` but + * overloading the simple setter with this lookup could have a negative + * performance impact and unexpected consequences. + */ + ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid); + + if (asn1obj == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_OBJ_LIB); + goto err; + } + if (OBJ_length(asn1obj) == 0) + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + + ASN1_OBJECT_free(asn1obj); + } + ok = 1; err: if (!ok) { diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 44cc139966..a9f77b245f 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -793,12 +793,15 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); -# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) -# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) -# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ - (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) -# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ - (unsigned char *)(x)) +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of_const(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ + (void **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); # ifndef OPENSSL_NO_STDIO diff --git a/test/build.info b/test/build.info index bc3dae81f9..6357a7f2fe 100644 --- a/test/build.info +++ b/test/build.info @@ -515,7 +515,9 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[sm4_internal_test]=.. ../include DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a - SOURCE[ec_internal_test]=ec_internal_test.c + SOURCE[ec_internal_test]=ec_internal_test.c \ + {- rebase_files("../apps", + split(/\s+/, $target{apps_init_src})) -} INCLUDE[ec_internal_test]=../include ../crypto/ec DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c index 5b708e201c..7ca408b3c2 100644 --- a/test/ec_internal_test.c +++ b/test/ec_internal_test.c @@ -283,6 +283,47 @@ static int decoded_flag_test(void) return testresult; } +static +int ecpkparams_i2d2i_test(int n) +{ + EC_GROUP *g1 = NULL, *g2 = NULL; + FILE *fp = NULL; + int nid = curves[n].nid; + int testresult = 0; + + /* create group */ + if (!TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) + goto end; + + /* encode params to file */ + if (!TEST_ptr(fp = fopen("params.der", "wb")) + || !TEST_true(i2d_ECPKParameters_fp(fp, g1))) + goto end; + + /* flush and close file */ + if (!TEST_int_eq(fclose(fp), 0)) { + fp = NULL; + goto end; + } + fp = NULL; + + /* decode params from file */ + if (!TEST_ptr(fp = fopen("params.der", "rb")) + || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL))) + goto end; + + testresult = 1; /* PASS */ + +end: + if (fp != NULL) + fclose(fp); + + EC_GROUP_free(g1); + EC_GROUP_free(g2); + + return testresult; +} + int setup_tests(void) { crv_len = EC_get_builtin_curves(NULL, 0); @@ -297,6 +338,8 @@ int setup_tests(void) #endif ADD_ALL_TESTS(field_tests_default, crv_len); ADD_TEST(decoded_flag_test); + ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len); + return 1; } From openssl at openssl.org Tue Aug 31 22:58:59 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 31 Aug 2021 22:58:59 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options enable-fuzz-afl no-shared no-module Message-ID: <1630450739.595699.1126165.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config enable-fuzz-afl no-shared no-module Commit log since last time: 59f4a51a7f Add a test for verifying an email with a bad othername type c7f8edfc11 Ensure that we check the ASN.1 type of an "otherName" before using it 5595058714 Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE 9b6d17e423 Add a warning about locking in the child provider callback docs 4f8e0272c1 Add additional test to thread sanitizer build 2b4a611ef1 Refactor provider_core.c to adhere to the locking rules 03c137de97 Add commentary about lock usage in provider_core.c c7468c17d7 CI: add builds covering a number of different compiler versions 2bdab81198 apps/pkcs12: Do not assume null termination of ASN1_UTF8STRING 3f7ad402b0 ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build 72a509f94f Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests 6922255225 Document that EVP_get_cipherbyname() does not work for some new algorithm names. 028593f546 Typo correction.

to the value referenced by I. +If the parameter's I field isn't NULL, its I must indicate +that the buffer is large enough to accomodate the string that I points at, +not including the terminating NUL byte, or this function will fail. +A terminating NUL byte is added only if the parameter's I indicates +the buffer is longer than the string length, otherwise the string will not be +NUL terminated. If the parameter's I field is NULL, then only its I field will be assigned the minimum size the parameter's I buffer should have to accomodate the string, not including a terminating NUL byte. From no-reply at appveyor.com Tue Aug 17 14:43:22 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 17 Aug 2021 14:43:22 +0000 Subject: Build failed: openssl master.42576 Message-ID: <20210817144322.1.5D10E18966922503@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Aug 17 22:40:15 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 17 Aug 2021 22:40:15 +0000 Subject: [openssl] master update Message-ID: <1629240015.413388.20580.nullmailer@dev.openssl.org> The branch master has been updated via 46ac83eaf30efb676d12583080216f354951e0ae (commit) via 7daabe78a04902d3ae53af3e4a2acfdf6a1f1ec9 (commit) via 7f5a9399d27564a7136eed2df693755a3bec2cfc (commit) via 42281f26174dcc6ef4847894f17627f305bdfa2b (commit) from 43cf27c9a4fe135013dd4127dd4bcf862d1cb503 (commit) - Log ----------------------------------------------------------------- commit 46ac83eaf30efb676d12583080216f354951e0ae Author: Shane Lontis Date: Fri Aug 13 14:36:21 2021 +1000 Fix CTS cipher decrypt so that the updated IV is returned correctly. Adding KRB5 test vector 'NextIV' values to evp_test data for AES CTS indicated that the CTS decrypt functions incorrectly returned the wrong IV. The returned IV should match the value returned by the encrypt methods. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16286) commit 7daabe78a04902d3ae53af3e4a2acfdf6a1f1ec9 Author: Shane Lontis Date: Thu Aug 12 19:20:05 2021 +1000 Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16286) commit 7f5a9399d27564a7136eed2df693755a3bec2cfc Author: Shane Lontis Date: Thu Aug 12 18:22:50 2021 +1000 Add support for camellia cbc cts mode Fixes #16276 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16286) commit 42281f26174dcc6ef4847894f17627f305bdfa2b Author: Shane Lontis Date: Thu Aug 12 18:20:48 2021 +1000 Refactor cipher aes_cts code so that it can be used by other 128bit ciphers Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16286) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_EncryptInit.pod | 20 +-- doc/man7/EVP_CIPHER-CAMELLIA.pod | 2 + doc/man7/migration_guide.pod | 18 ++- providers/defltprov.c | 3 + providers/implementations/ciphers/build.info | 2 +- providers/implementations/ciphers/cipher_aes_cts.h | 16 --- .../implementations/ciphers/cipher_aes_cts.inc | 50 +------- .../implementations/ciphers/cipher_camellia.c | 1 + .../ciphers/cipher_camellia_cts.inc | 94 ++++++++++++++ .../ciphers/{cipher_aes_cts.c => cipher_cts.c} | 122 ++++++++++-------- providers/implementations/ciphers/cipher_cts.h | 52 ++++++++ .../implementations/include/prov/implementations.h | 3 + providers/implementations/include/prov/names.h | 3 + test/recipes/30-test_evp.t | 1 + test/recipes/30-test_evp_data/evpciph_aes_cts.txt | 40 +++++- .../30-test_evp_data/evpciph_camellia_cts.txt | 141 +++++++++++++++++++++ 16 files changed, 444 insertions(+), 124 deletions(-) delete mode 100644 providers/implementations/ciphers/cipher_aes_cts.h create mode 100644 providers/implementations/ciphers/cipher_camellia_cts.inc rename providers/implementations/ciphers/{cipher_aes_cts.c => cipher_cts.c} (72%) create mode 100644 providers/implementations/ciphers/cipher_cts.h create mode 100644 test/recipes/30-test_evp_data/evpciph_camellia_cts.txt diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index a03c31ea35..cb36629684 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -738,7 +738,8 @@ that has the flag B set. =item "cts_mode" (B) Gets or sets the cipher text stealing mode. For all modes the output size is the -same as the input size. +same as the input size. The input length must be greater than or equal to the +block size. (The block size for AES and CAMELLIA is 16 bytes). Valid values for the mode are: @@ -747,25 +748,28 @@ Valid values for the mode are: =item "CS1" The NIST variant of cipher text stealing. -For message lengths that are multiples of the block size it is equivalent to -using a "AES-CBC" cipher otherwise the second last cipher text block is a -partial block. +For input lengths that are multiples of the block size it is equivalent to +using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last +cipher text block is a partial block. =item "CS2" -For message lengths that are multiples of the block size it is equivalent to -using a "AES-CBC" cipher, otherwise it is the same as "CS3". +For input lengths that are multiples of the block size it is equivalent to +using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as +"CS3" mode. =item "CS3" The Kerberos5 variant of cipher text stealing which always swaps the last cipher text block with the previous block (which may be a partial or full block -depending on the input length). +depending on the input length). If the input length is exactly one full block +then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher. =back The default is "CS1". -This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". +This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", +"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". =item "tls1multi_interleave" (B) diff --git a/doc/man7/EVP_CIPHER-CAMELLIA.pod b/doc/man7/EVP_CIPHER-CAMELLIA.pod index 7b129c6407..bba8001d00 100644 --- a/doc/man7/EVP_CIPHER-CAMELLIA.pod +++ b/doc/man7/EVP_CIPHER-CAMELLIA.pod @@ -16,6 +16,8 @@ The following algorithms are available in the default provider: =item "CAMELLIA-128-CBC", "CAMELLIA-192-CBC" and "CAMELLIA-256-CBC" +=item "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS" + =item "CAMELLIA-128-CFB", "CAMELLIA-192-CFB", "CAMELLIA-256-CFB", "CAMELLIA-128-CFB1", "CAMELLIA-192-CFB1", "CAMELLIA-256-CFB1", "CAMELLIA-128-CFB8", "CAMELLIA-192-CFB8" and "CAMELLIA-256-CFB8" diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 8cc017dfa6..7e0bbf465d 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -219,9 +219,10 @@ unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV", =item * -AES CTS cipher added to EVP layer. +CTS ciphers added to EVP layer. -The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". +The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", +"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". CS1, CS2 and CS3 variants are supported. =back @@ -1220,6 +1221,19 @@ tools, such as compiler memory and leak sanitizers or Valgrind. =item * +CRYPTO_cts128_encrypt_block(), CRYPTO_cts128_encrypt(), +CRYPTO_cts128_decrypt_block(), CRYPTO_cts128_decrypt(), +CRYPTO_nistcts128_encrypt_block(), CRYPTO_nistcts128_encrypt(), +CRYPTO_nistcts128_decrypt_block(), CRYPTO_nistcts128_decrypt() + +Use the higher level functions EVP_CipherInit_ex2(), EVP_CipherUpdate() and +EVP_CipherFinal_ex() instead. +See the "cts_mode" parameter in +L. +See L for a AES-256-CBC-CTS example. + +=item * + d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(), d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(), d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(), diff --git a/providers/defltprov.c b/providers/defltprov.c index 498c4eaa2a..62258da723 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -251,6 +251,9 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = { ALG(PROV_NAMES_CAMELLIA_256_CBC, ossl_camellia256cbc_functions), ALG(PROV_NAMES_CAMELLIA_192_CBC, ossl_camellia192cbc_functions), ALG(PROV_NAMES_CAMELLIA_128_CBC, ossl_camellia128cbc_functions), + ALG(PROV_NAMES_CAMELLIA_128_CBC_CTS, ossl_camellia128cbc_cts_functions), + ALG(PROV_NAMES_CAMELLIA_192_CBC_CTS, ossl_camellia192cbc_cts_functions), + ALG(PROV_NAMES_CAMELLIA_256_CBC_CTS, ossl_camellia256cbc_cts_functions), ALG(PROV_NAMES_CAMELLIA_256_OFB, ossl_camellia256ofb_functions), ALG(PROV_NAMES_CAMELLIA_192_OFB, ossl_camellia192ofb_functions), ALG(PROV_NAMES_CAMELLIA_128_OFB, ossl_camellia128ofb_functions), diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info index cb87ea62d9..e4c5f4f051 100644 --- a/providers/implementations/ciphers/build.info +++ b/providers/implementations/ciphers/build.info @@ -47,7 +47,7 @@ SOURCE[$AES_GOAL]=\ cipher_aes_wrp.c \ cipher_aes_cbc_hmac_sha.c \ cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \ - cipher_aes_cts.c + cipher_cts.c # Extra code to satisfy the FIPS and non-FIPS separation. # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed. diff --git a/providers/implementations/ciphers/cipher_aes_cts.h b/providers/implementations/ciphers/cipher_aes_cts.h deleted file mode 100644 index 37dd3df329..0000000000 --- a/providers/implementations/ciphers/cipher_aes_cts.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "crypto/evp.h" - -OSSL_FUNC_cipher_update_fn ossl_aes_cbc_cts_block_update; -OSSL_FUNC_cipher_final_fn ossl_aes_cbc_cts_block_final; - -const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id); -int ossl_aes_cbc_cts_mode_name2id(const char *name); diff --git a/providers/implementations/ciphers/cipher_aes_cts.inc b/providers/implementations/ciphers/cipher_aes_cts.inc index 2a3b88b2c0..1fb5ec3553 100644 --- a/providers/implementations/ciphers/cipher_aes_cts.inc +++ b/providers/implementations/ciphers/cipher_aes_cts.inc @@ -10,9 +10,9 @@ /* Dispatch functions for AES CBC CTS ciphers */ #include -#include "cipher_aes_cts.h" +#include "cipher_cts.h" -#define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS +#define CTS_FLAGS PROV_CIPHER_FLAG_CTS static OSSL_FUNC_cipher_encrypt_init_fn aes_cbc_cts_einit; static OSSL_FUNC_cipher_decrypt_init_fn aes_cbc_cts_dinit; @@ -50,7 +50,7 @@ static int aes_cbc_cts_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE); if (p != NULL) { - const char *name = ossl_aes_cbc_cts_mode_id2name(ctx->cts_mode); + const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode); if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); @@ -74,7 +74,7 @@ static int aes_cbc_cts_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) goto err; - id = ossl_aes_cbc_cts_mode_name2id(p->data); + id = ossl_cipher_cbc_cts_mode_name2id(p->data); if (id < 0) goto err; @@ -86,45 +86,9 @@ err: return 0; } -/* NOTE: The underlying block cipher is AES CBC so we reuse most of the code */ -#define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ -static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \ - kbits, blkbits, ivbits); \ -} \ -const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_cbc_cts_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_cbc_cts_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, \ - (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_update }, \ - { OSSL_FUNC_CIPHER_FINAL, \ - (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))aes_cbc_cts_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))aes_cbc_cts_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))aes_cbc_cts_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))aes_cbc_cts_settable_ctx_params }, \ - { 0, NULL } \ -}; - /* ossl_aes256cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 256, 128, 128, block) /* ossl_aes192cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 192, 128, 128, block) /* ossl_aes128cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 128, 128, 128, block) diff --git a/providers/implementations/ciphers/cipher_camellia.c b/providers/implementations/ciphers/cipher_camellia.c index 02bef547fd..5f0607a199 100644 --- a/providers/implementations/ciphers/cipher_camellia.c +++ b/providers/implementations/ciphers/cipher_camellia.c @@ -91,3 +91,4 @@ IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, stream) /* ossl_camellia128ctr_functions */ IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream) +#include "cipher_camellia_cts.inc" diff --git a/providers/implementations/ciphers/cipher_camellia_cts.inc b/providers/implementations/ciphers/cipher_camellia_cts.inc new file mode 100644 index 0000000000..84ea992b8d --- /dev/null +++ b/providers/implementations/ciphers/cipher_camellia_cts.inc @@ -0,0 +1,94 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for CAMELLIA CBC CTS ciphers */ + +#include +#include "cipher_cts.h" + +#define CTS_FLAGS PROV_CIPHER_FLAG_CTS + +static OSSL_FUNC_cipher_encrypt_init_fn camellia_cbc_cts_einit; +static OSSL_FUNC_cipher_decrypt_init_fn camellia_cbc_cts_dinit; +static OSSL_FUNC_cipher_get_ctx_params_fn camellia_cbc_cts_get_ctx_params; +static OSSL_FUNC_cipher_set_ctx_params_fn camellia_cbc_cts_set_ctx_params; +static OSSL_FUNC_cipher_gettable_ctx_params_fn camellia_cbc_cts_gettable_ctx_params; +static OSSL_FUNC_cipher_settable_ctx_params_fn camellia_cbc_cts_settable_ctx_params; + +CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(camellia_cbc_cts) +OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0), +CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(camellia_cbc_cts) + +static int camellia_cbc_cts_einit(void *ctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) +{ + if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL)) + return 0; + return camellia_cbc_cts_set_ctx_params(ctx, params); +} + +static int camellia_cbc_cts_dinit(void *ctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) +{ + if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL)) + return 0; + return camellia_cbc_cts_set_ctx_params(ctx, params); +} + +static int camellia_cbc_cts_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE); + if (p != NULL) { + const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode); + + if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } + return ossl_cipher_generic_get_ctx_params(vctx, params); +} + +CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(camellia_cbc_cts) +OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0), +CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(camellia_cbc_cts) + +static int camellia_cbc_cts_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + const OSSL_PARAM *p; + int id; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_CTS_MODE); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + goto err; + id = ossl_cipher_cbc_cts_mode_name2id(p->data); + if (id < 0) + goto err; + + ctx->cts_mode = (unsigned int)id; + } + return ossl_cipher_generic_set_ctx_params(vctx, params); +err: + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; +} + +/* ossl_camellia256cbc_cts_functions */ +IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 256, 128, 128, block) +/* ossl_camellia192cbc_cts_functions */ +IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 192, 128, 128, block) +/* ossl_camellia128cbc_cts_functions */ +IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 128, 128, 128, block) diff --git a/providers/implementations/ciphers/cipher_aes_cts.c b/providers/implementations/ciphers/cipher_cts.c similarity index 72% rename from providers/implementations/ciphers/cipher_aes_cts.c rename to providers/implementations/ciphers/cipher_cts.c index 1eafa39abb..cb3372c646 100644 --- a/providers/implementations/ciphers/cipher_aes_cts.c +++ b/providers/implementations/ciphers/cipher_cts.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,10 +8,10 @@ */ /* - * Helper functions for AES CBC CTS ciphers. + * Helper functions for 128 bit CBC CTS ciphers (Currently AES and Camellia). * * The function dispatch tables are embedded into cipher_aes.c - * using cipher_aes_cts.inc + * and cipher_camellia.c using cipher_aes_cts.inc and cipher_camellia_cts.inc */ /* @@ -48,19 +48,20 @@ #include "e_os.h" /* strcasecmp */ #include -#include #include "prov/ciphercommon.h" #include "internal/nelem.h" -#include "cipher_aes_cts.h" +#include "cipher_cts.h" /* The value assigned to 0 is the default */ #define CTS_CS1 0 #define CTS_CS2 1 #define CTS_CS3 2 +#define CTS_BLOCK_SIZE 16 + typedef union { size_t align; - unsigned char c[AES_BLOCK_SIZE]; + unsigned char c[CTS_BLOCK_SIZE]; } aligned_16bytes; typedef struct cts_mode_name2id_st { @@ -75,7 +76,7 @@ static CTS_MODE_NAME2ID cts_modes[] = { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 }, }; -const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id) +const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id) { size_t i; @@ -86,7 +87,7 @@ const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id) return NULL; } -int ossl_aes_cbc_cts_mode_name2id(const char *name) +int ossl_cipher_cbc_cts_mode_name2id(const char *name) { size_t i; @@ -103,7 +104,7 @@ static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, aligned_16bytes tmp_in; size_t residue; - residue = len % AES_BLOCK_SIZE; + residue = len % CTS_BLOCK_SIZE; len -= residue; if (!ctx->hw->cipher(ctx, out, in, len)) return 0; @@ -116,8 +117,8 @@ static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, memset(tmp_in.c, 0, sizeof(tmp_in)); memcpy(tmp_in.c, in, residue); - if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE + residue, tmp_in.c, - AES_BLOCK_SIZE)) + if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE + residue, tmp_in.c, + CTS_BLOCK_SIZE)) return 0; return len + residue; } @@ -134,10 +135,10 @@ static void do_xor(const unsigned char *in1, const unsigned char *in2, static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len) { - aligned_16bytes mid_iv, ct_mid, pt_last; + aligned_16bytes mid_iv, ct_mid, cn, pt_last; size_t residue; - residue = len % AES_BLOCK_SIZE; + residue = len % CTS_BLOCK_SIZE; if (residue == 0) { /* If there are no partial blocks then it is the same as CBC mode */ if (!ctx->hw->cipher(ctx, out, in, len)) @@ -145,7 +146,7 @@ static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, return len; } /* Process blocks at the start - but leave the last 2 blocks */ - len -= AES_BLOCK_SIZE + residue; + len -= CTS_BLOCK_SIZE + residue; if (len > 0) { if (!ctx->hw->cipher(ctx, out, in, len)) return 0; @@ -153,11 +154,13 @@ static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, out += len; } /* Save the iv that will be used by the second last block */ - memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE); + memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE); + /* Save the C(n) block */ + memcpy(cn.c, in + residue, CTS_BLOCK_SIZE); /* Decrypt the last block first using an iv of zero */ - memset(ctx->iv, 0, AES_BLOCK_SIZE); - if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, AES_BLOCK_SIZE)) + memset(ctx->iv, 0, CTS_BLOCK_SIZE); + if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, CTS_BLOCK_SIZE)) return 0; /* @@ -166,26 +169,29 @@ static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, * of the partial second last block. */ memcpy(ct_mid.c, in, residue); - memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue); + memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue); /* * Restore the last partial ciphertext block. * Now that we have the cipher text of the second last block, apply * that to the partial plaintext end block. We have already decrypted the * block using an IV of zero. For decryption the IV is just XORed after - * doing an AES block - so just XOR in the cipher text. + * doing an Cipher CBC block - so just XOR in the cipher text. */ - do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE); + do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE); /* Restore the iv needed by the second last block */ - memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE); + memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE); + /* * Decrypt the second last plaintext block now that we have rebuilt the * ciphertext. */ - if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE)) + if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE)) return 0; - return len + AES_BLOCK_SIZE + residue; + /* The returned iv is the C(n) block */ + memcpy(ctx->iv, cn.c, CTS_BLOCK_SIZE); + return len + CTS_BLOCK_SIZE + residue; } static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, @@ -194,12 +200,16 @@ static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, aligned_16bytes tmp_in; size_t residue; - if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */ + if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ return 0; - residue = len % AES_BLOCK_SIZE; + /* If we only have one block then just process the aligned block */ + if (len == CTS_BLOCK_SIZE) + return ctx->hw->cipher(ctx, out, in, len) ? len : 0; + + residue = len % CTS_BLOCK_SIZE; if (residue == 0) - residue = AES_BLOCK_SIZE; + residue = CTS_BLOCK_SIZE; len -= residue; if (!ctx->hw->cipher(ctx, out, in, len)) @@ -210,8 +220,8 @@ static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, memset(tmp_in.c, 0, sizeof(tmp_in)); memcpy(tmp_in.c, in, residue); - memcpy(out, out - AES_BLOCK_SIZE, residue); - if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE, tmp_in.c, AES_BLOCK_SIZE)) + memcpy(out, out - CTS_BLOCK_SIZE, residue); + if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE, tmp_in.c, CTS_BLOCK_SIZE)) return 0; return len + residue; } @@ -227,17 +237,21 @@ static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len) { - aligned_16bytes mid_iv, ct_mid, pt_last; + aligned_16bytes mid_iv, ct_mid, cn, pt_last; size_t residue; - if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */ + if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ return 0; + /* If we only have one block then just process the aligned block */ + if (len == CTS_BLOCK_SIZE) + return ctx->hw->cipher(ctx, out, in, len) ? len : 0; + /* Process blocks at the start - but leave the last 2 blocks */ - residue = len % AES_BLOCK_SIZE; + residue = len % CTS_BLOCK_SIZE; if (residue == 0) - residue = AES_BLOCK_SIZE; - len -= AES_BLOCK_SIZE + residue; + residue = CTS_BLOCK_SIZE; + len -= CTS_BLOCK_SIZE + residue; if (len > 0) { if (!ctx->hw->cipher(ctx, out, in, len)) @@ -246,11 +260,13 @@ static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, out += len; } /* Save the iv that will be used by the second last block */ - memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE); + memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE); + /* Save the C(n) block : For CS3 it is C(1)||...||C(n-2)||C(n)||C(n-1)* */ + memcpy(cn.c, in, CTS_BLOCK_SIZE); - /* Decrypt the Cn block first using an iv of zero */ - memset(ctx->iv, 0, AES_BLOCK_SIZE); - if (!ctx->hw->cipher(ctx, pt_last.c, in, AES_BLOCK_SIZE)) + /* Decrypt the C(n) block first using an iv of zero */ + memset(ctx->iv, 0, CTS_BLOCK_SIZE); + if (!ctx->hw->cipher(ctx, pt_last.c, in, CTS_BLOCK_SIZE)) return 0; /* @@ -258,9 +274,9 @@ static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, * the decrypted C(n) block + replace the start with the ciphertext bytes * of the partial last block. */ - memcpy(ct_mid.c, in + AES_BLOCK_SIZE, residue); - if (residue != AES_BLOCK_SIZE) - memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue); + memcpy(ct_mid.c, in + CTS_BLOCK_SIZE, residue); + if (residue != CTS_BLOCK_SIZE) + memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue); /* * Restore the last partial ciphertext block. * Now that we have the cipher text of the second last block, apply @@ -268,24 +284,26 @@ static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, * block using an IV of zero. For decryption the IV is just XORed after * doing an AES block - so just XOR in the ciphertext. */ - do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE); + do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE); /* Restore the iv needed by the second last block */ - memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE); + memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE); /* * Decrypt the second last plaintext block now that we have rebuilt the * ciphertext. */ - if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE)) + if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE)) return 0; - return len + AES_BLOCK_SIZE + residue; + /* The returned iv is the C(n) block */ + memcpy(ctx->iv, cn.c, CTS_BLOCK_SIZE); + return len + CTS_BLOCK_SIZE + residue; } static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len) { - if (len % AES_BLOCK_SIZE == 0) { + if (len % CTS_BLOCK_SIZE == 0) { /* If there are no partial blocks then it is the same as CBC mode */ if (!ctx->hw->cipher(ctx, out, in, len)) return 0; @@ -298,7 +316,7 @@ static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len) { - if (len % AES_BLOCK_SIZE == 0) { + if (len % CTS_BLOCK_SIZE == 0) { /* If there are no partial blocks then it is the same as CBC mode */ if (!ctx->hw->cipher(ctx, out, in, len)) return 0; @@ -308,14 +326,14 @@ static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, return cts128_cs3_decrypt(ctx, in, out, len); } -int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) +int ossl_cipher_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, + size_t inl) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; size_t sz = 0; - if (inl < AES_BLOCK_SIZE) /* There must be at least one block for CTS mode */ + if (inl < CTS_BLOCK_SIZE) /* There must be at least one block for CTS mode */ return 0; if (outsize < inl) return 0; @@ -353,8 +371,8 @@ int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, return 1; } -int ossl_aes_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) +int ossl_cipher_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) { *outl = 0; return 1; diff --git a/providers/implementations/ciphers/cipher_cts.h b/providers/implementations/ciphers/cipher_cts.h new file mode 100644 index 0000000000..9473fbde88 --- /dev/null +++ b/providers/implementations/ciphers/cipher_cts.h @@ -0,0 +1,52 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "crypto/evp.h" + +/* NOTE: The underlying block cipher is CBC so we reuse most of the code */ +#define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ +static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ +static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ +{ \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ +} \ +const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) alg##_cbc_cts_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) alg##_cbc_cts_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, \ + (void (*)(void)) ossl_cipher_cbc_cts_block_update }, \ + { OSSL_FUNC_CIPHER_FINAL, \ + (void (*)(void)) ossl_cipher_cbc_cts_block_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void)) alg##_cbc_cts_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void)) alg##_cbc_cts_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void)) alg##_cbc_cts_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void)) alg##_cbc_cts_settable_ctx_params }, \ + { 0, NULL } \ +}; + +OSSL_FUNC_cipher_update_fn ossl_cipher_cbc_cts_block_update; +OSSL_FUNC_cipher_final_fn ossl_cipher_cbc_cts_block_final; + +const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id); +int ossl_cipher_cbc_cts_mode_name2id(const char *name); diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index c80b0dcfa3..8bdd491d0d 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -129,6 +129,9 @@ extern const OSSL_DISPATCH ossl_camellia128ecb_functions[]; extern const OSSL_DISPATCH ossl_camellia256cbc_functions[]; extern const OSSL_DISPATCH ossl_camellia192cbc_functions[]; extern const OSSL_DISPATCH ossl_camellia128cbc_functions[]; +extern const OSSL_DISPATCH ossl_camellia256cbc_cts_functions[]; +extern const OSSL_DISPATCH ossl_camellia192cbc_cts_functions[]; +extern const OSSL_DISPATCH ossl_camellia128cbc_cts_functions[]; extern const OSSL_DISPATCH ossl_camellia256ofb_functions[]; extern const OSSL_DISPATCH ossl_camellia192ofb_functions[]; extern const OSSL_DISPATCH ossl_camellia128ofb_functions[]; diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h index b05776e4f6..e0dbb69a9d 100644 --- a/providers/implementations/include/prov/names.h +++ b/providers/implementations/include/prov/names.h @@ -130,6 +130,9 @@ #define PROV_NAMES_CAMELLIA_256_CBC "CAMELLIA-256-CBC:CAMELLIA256:1.2.392.200011.61.1.1.1.4" #define PROV_NAMES_CAMELLIA_192_CBC "CAMELLIA-192-CBC:CAMELLIA192:1.2.392.200011.61.1.1.1.3" #define PROV_NAMES_CAMELLIA_128_CBC "CAMELLIA-128-CBC:CAMELLIA128:1.2.392.200011.61.1.1.1.2" +#define PROV_NAMES_CAMELLIA_256_CBC_CTS "CAMELLIA-256-CBC-CTS" +#define PROV_NAMES_CAMELLIA_192_CBC_CTS "CAMELLIA-192-CBC-CTS" +#define PROV_NAMES_CAMELLIA_128_CBC_CTS "CAMELLIA-128-CBC-CTS" #define PROV_NAMES_CAMELLIA_256_OFB "CAMELLIA-256-OFB:0.3.4401.5.3.1.9.43" #define PROV_NAMES_CAMELLIA_192_OFB "CAMELLIA-192-OFB:0.3.4401.5.3.1.9.23" #define PROV_NAMES_CAMELLIA_128_OFB "CAMELLIA-128-OFB:0.3.4401.5.3.1.9.3" diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 96fc394fca..7ae546e1d7 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -86,6 +86,7 @@ my @defltfiles = qw( evpciph_aria.txt evpciph_bf.txt evpciph_camellia.txt + evpciph_camellia_cts.txt evpciph_cast5.txt evpciph_chacha.txt evpciph_des.txt diff --git a/test/recipes/30-test_evp_data/evpciph_aes_cts.txt b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt index 0c22e9d905..106eec403f 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_cts.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt @@ -48,6 +48,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b652074686520 Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f +NextIV = c6353568f2bf8cb4d8a580362da7ff7f # 31 bytes input Cipher = AES-128-CBC-CTS @@ -56,6 +57,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22 +NextIV = fc00783e0efdb2c1d445d4c8eff7ed22 # 32 bytes input Cipher = AES-128-CBC-CTS @@ -64,6 +66,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 +NextIV = 39312523a78662d5be7fcbcc98ebf5a8 # 47 bytes input Cipher = AES-128-CBC-CTS @@ -71,6 +74,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e +NextIV = b3fffd940c16a18c1b5549d2f838029e # 64 bytes input (CS1 is equivalent to CBC when the last block in full) Cipher = AES-128-CBC-CTS @@ -79,6 +83,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 +NextIV = 4807efe836ee89a526730dbc2f7bc840 #------------------------------------------------------------------------------- # Generated test values using an IV. @@ -159,6 +164,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b652074686520 Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97 +NextIV = c6353568f2bf8cb4d8a580362da7ff7f # 31 bytes input (For partial blocks the output should match CS3) Cipher = AES-128-CBC-CTS @@ -167,6 +173,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5 +NextIV = fc00783e0efdb2c1d445d4c8eff7ed22 # 32 bytes input (Aligned blocks should match normal CBC mode) Cipher = AES-128-CBC-CTS @@ -175,6 +182,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 +NextIV = 39312523a78662d5be7fcbcc98ebf5a8 # 47 bytes input Cipher = AES-128-CBC-CTS @@ -183,6 +191,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5 +NextIV = b3fffd940c16a18c1b5549d2f838029e # 64 bytes input (CS2 is equivalent to CBC when the last block in full) Cipher = AES-128-CBC-CTS @@ -191,6 +200,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 +NextIV = 4807efe836ee89a526730dbc2f7bc840 # Generated test values using an IV. @@ -236,6 +246,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b652074686520 Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97 +NextIV = c6353568f2bf8cb4d8a580362da7ff7f # 31 bytes input Cipher = AES-128-CBC-CTS @@ -244,6 +255,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5 +NextIV = fc00783e0efdb2c1d445d4c8eff7ed22 # 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block) Cipher = AES-128-CBC-CTS @@ -252,6 +264,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584 +NextIV = 39312523a78662d5be7fcbcc98ebf5a8 # 47 bytes input Cipher = AES-128-CBC-CTS @@ -260,6 +273,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5 +NextIV = b3fffd940c16a18c1b5549d2f838029e # 48 bytes input Cipher = AES-128-CBC-CTS @@ -268,6 +282,7 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20 Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8 +NextIV = 9dad8bbb96c4cdc03bc103e1a194bbd8 # 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block) Cipher = AES-128-CBC-CTS @@ -344,11 +359,32 @@ IV = 00000000000000000000000000000000 Plaintext = 0102030405060708090A0B0C0D0E0F Result = CIPHERUPDATE_ERROR -# 16 bytes should fail for CS3 (since it always needs 2 blocks). +# 16 bytes input +Cipher = AES-128-CBC +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F00 +Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e + +# 16 bytes with CS3 should return the same as plain CBC mode. +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F00 +Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e + +Cipher = AES-128-CBC-CTS +CTSMode = CS2 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F00 +Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e + Cipher = AES-128-CBC-CTS CTSMode = CS3 Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 0102030405060708090A0B0C0D0E0F00 -Result = CIPHERUPDATE_ERROR +Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e diff --git a/test/recipes/30-test_evp_data/evpciph_camellia_cts.txt b/test/recipes/30-test_evp_data/evpciph_camellia_cts.txt new file mode 100644 index 0000000000..4bc698e3ca --- /dev/null +++ b/test/recipes/30-test_evp_data/evpciph_camellia_cts.txt @@ -0,0 +1,141 @@ +# +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +Title = Camellia CTS tests from RFC6803 + +# The encryption test vectors in RFC6803 specify the base_key, +# not the derived encryption key. +# The encryption key was manually derived using: +# ke = KBKDF(mac = CMAC, mode = FEEDBACK, base_key, +# salt = 0000000 || usage || AA, +# seed = 00000000000000000000000000000000) +# NOTE: that the usage was not specified in the test vectors, +# but is listed here in https://www.rfc-editor.org/errata_search.php?rfc=6803 +# +# e.g: openssl kdf -cipher CAMELLIA-128-CBC +# -keylen 16 +# -kdfopt hexkey:1DC46A8D763F4F93742BCBA3387576C3 +# -kdfopt hexsalt:00000000AA +# -kdfopt mode:FEEDBACK +# -kdfopt hexseed:00000000000000000000000000000000 +# -mac CMAC +# KBKDF +# +# The ciphertext result also contains a MAC result so this was also manually stripped from the test data. +# The random confounder is also prepended to the plaintext. +# + +# 128-bit Camellia key: 1DC46A8D763F4F93742BCBA3387576C3 +# Key usage: 0 +# Random confounder: B69822A19A6B09C0EBC8557D1F1B6C0A +# Plaintext: (empty) +Cipher = CAMELLIA-128-CBC-CTS +CTSMode = CS3 +Key = E99B82B36C4AE8EA19E95DFA9EDE882C +IV = 00000000000000000000000000000000 +Plaintext = B69822A19A6B09C0EBC8557D1F1B6C0A +Ciphertext = C466F1871069921EDB7C6FDE244A52DB + +# 128-bit Camellia key: 5027BC231D0F3A9D23333F1CA6FDBE7C +# Key usage: 1 +# Random confounder: 6F2FC3C2A166FD8898967A83DE9596D9 +# Plaintext: 1 (31) +Cipher = CAMELLIA-128-CBC-CTS +CTSMode = CS3 +Key = A7EDCD5397EA6D12B0AFF4CB8DAA57AD +IV = 00000000000000000000000000000000 +Plaintext = 6F2FC3C2A166FD8898967A83DE9596D931 +Ciphertext = 842D21FD950311C0DD464A3F4BE8D6DA88 + +# 128-bit Camellia key: A1BB61E805F9BA6DDE8FDBDDC05CDEA0 +# Key usage: 2 +# Random confounder: A5B4A71E077AEEF93C8763C18FDB1F10 +# Plaintext: 9 bytesss (392062797465737373) +Cipher = CAMELLIA-128-CBC-CTS +CTSMode = CS3 +Key = DDE42ECA7CD9863FC3CE89CBC94362D7 +IV = 00000000000000000000000000000000 +Plaintext = A5B4A71E077AEEF93C8763C18FDB1F10392062797465737373 +Ciphertext = 619FF072E36286FF0A28DEB3A352EC0D0EDF5C5160D663C901 + +# 128-bit Camellia key: 2CA27A5FAF5532244506434E1CEF6676 +# Key usage: 3 +# Random confounder: 19FEE40D810C524B5B22F01874C693DA +# Plaintext: 13 bytes byte (31332062797465732062797465) +Cipher = CAMELLIA-128-CBC-CTS +CTSMode = CS3 +Key = C3113A258590B9AEBF721B1AF6B0CBF8 +IV = 00000000000000000000000000000000 +Plaintext = 19FEE40D810C524B5B22F01874C693DA31332062797465732062797465 +Ciphertext = B8ECA3167AE6315512E59F98A7C500205E5F63FF3BB389AF1C41A21D64 + +# 128-bit Camellia key: 7824F8C16F83FF354C6BF7515B973F43 +# Key usage: 4 +# Random confounder: CA7A7AB4BE192DABD603506DB19C39E2 +# Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974) +Cipher = CAMELLIA-128-CBC-CTS +CTSMode = CS3 +Key = 8B07EED30149916AA20DB3F5CED8AFAD +IV = 00000000000000000000000000000000 +Plaintext = CA7A7AB4BE192DABD603506DB19C39E2333020627974657320627974657320627974657320627974657320627974 +Ciphertext = A26A3905A4FFD5816B7B1E27380D08090C8EC1F304496E1ABDCD2BDCD1DFFC660989E117A713DDBB57A4146C1587 + +# 256-bit Camellia key: B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B +# Key usage: 0 +# Random confounder: 3CBBD2B45917941067F96599BB98926C +# Plaintext: (empty) +Cipher = CAMELLIA-256-CBC-CTS +CTSMode = CS3 +Key = 6CCB3F25D8AE57F4E8F6CA474BDDEFF116CE131B3F71012E756D6B1E3F70A7F1 +IV = 00000000000000000000000000000000 +Plaintext = 3CBBD2B45917941067F96599BB98926C +Ciphertext = 03886D03310B47A6D8F06D7B94D1DD83 + +# 256-bit Camellia key: 1B97FE0A190E2021EB30753E1B6E1E77B0754B1D684610355864104963463833 +# Key usage: 1 +# Random confounder: DEF487FCEBE6DE6346D4DA4521BBA2D2 +# Plaintext: 1 (31) +Cipher = CAMELLIA-256-CBC-CTS +CTSMode = CS3 +Key = E93173AA01EB3C246231DAFC7802EE32AF24851D8C7387D18CB9B2C5B7F570B8 +IV = 00000000000000000000000000000000 +Plaintext = DEF487FCEBE6DE6346D4DA4521BBA2D231 +Ciphertext = 2C9C1570133C99BF6A34BC1B0212002FD1 + +# 256-bit Camellia key: 32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05 +# Key usage: 2 +# Random confounder: AD4FF904D34E555384B14100FC465F88 +# Plaintext: 9 bytesss (392062797465737373) +Cipher = CAMELLIA-256-CBC-CTS +CTSMode = CS3 +Key = CDA2D39A9B243FFEB56E8D5F4BD528741ECB520C62123FB040B8418B15C7D70C +IV = 00000000000000000000000000000000 +Plaintext = AD4FF904D34E555384B14100FC465F88392062797465737373 +Ciphertext = 9C6DE75F812DE7ED0D28B2963557A115640998275B0AF51527 + +# 256-bit Camellia key: B038B132CD8E06612267FAB7170066D88AECCBA0B744BFC60DC89BCA182D0715 +# Key usage: 3 +# Random confounder: CF9BCA6DF1144E0C0AF9B8F34C90D514 +# Plaintext: 13 bytes byte (31332062797465732062797465) +Cipher = CAMELLIA-256-CBC-CTS +CTSMode = CS3 +Key = CD8A10E279DADDB6901EC30BDF9873250F6EFC6A77367D74DC3EE7F74BC7774E +IV = 00000000000000000000000000000000 +Plaintext = CF9BCA6DF1144E0C0AF9B8F34C90D51431332062797465732062797465 +Ciphertext = EEEC85A9813CDC536772AB9B42DEFC5706F726E975DDE05A87EB5406EA + +# 256-bit Camellia key: CCFCD349BF4C6677E86E4B02B8EAB924A546AC731CF9BF6989B996E7D6BFBBA7 +# Key usage: 4 +# Random confounder: 644DEF38DA35007275878D216855E228 +# Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974) +Cipher = CAMELLIA-256-CBC-CTS +CTSMode = CS3 +Key = 1D5147F34BB001A04A68A71346E7654E0223A60D90BC2B79B4D87956D47CD42A +IV = 00000000000000000000000000000000 +Plaintext = 644DEF38DA35007275878D216855E228333020627974657320627974657320627974657320627974657320627974 +Ciphertext = 0E44680985855F2D1F1812529CA83BFD8E349DE6FD9ADA0BAAA048D68E265FEBF34AD1255A344999AD37146887A6 From no-reply at appveyor.com Tue Aug 17 22:51:15 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 17 Aug 2021 22:51:15 +0000 Subject: Build failed: openssl master.42577 Message-ID: <20210817225115.1.01BE373C8584990A@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Aug 18 06:13:03 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 18 Aug 2021 06:13:03 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629267183.379536.17556.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 9d868840b821fddf895e3bf6b589ecf6be7b1b13 (commit) from bc8c36272067f8443f875164831ce3a5a739df3f (commit) - Log ----------------------------------------------------------------- commit 9d868840b821fddf895e3bf6b589ecf6be7b1b13 Author: Pauli Date: Tue Aug 17 13:19:32 2021 +1000 pkcs12: check for zero length digest to avoid division by zero Fixes #16331 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/16333) ----------------------------------------------------------------------- Summary of changes: crypto/pkcs12/p12_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index ab31a61295..b814f79216 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -101,7 +101,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, #endif v = EVP_MD_block_size(md_type); u = EVP_MD_size(md_type); - if (u < 0 || v <= 0) + if (u <= 0 || v <= 0) goto err; D = OPENSSL_malloc(v); Ai = OPENSSL_malloc(u); From pauli at openssl.org Wed Aug 18 06:15:07 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 18 Aug 2021 06:15:07 +0000 Subject: [openssl] master update Message-ID: <1629267307.492805.19824.nullmailer@dev.openssl.org> The branch master has been updated via 9f81ef9c0b6f3f9b3a091c5c40af52fb3f8556e3 (commit) from 46ac83eaf30efb676d12583080216f354951e0ae (commit) - Log ----------------------------------------------------------------- commit 9f81ef9c0b6f3f9b3a091c5c40af52fb3f8556e3 Author: Pauli Date: Tue Aug 17 13:17:17 2021 +1000 pkcs12: check for zero length digest to avoid division by zero Fixes #16331 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/16332) ----------------------------------------------------------------------- Summary of changes: providers/implementations/kdfs/pkcs12kdf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c index 0ca83dd243..2037b458c8 100644 --- a/providers/implementations/kdfs/pkcs12kdf.c +++ b/providers/implementations/kdfs/pkcs12kdf.c @@ -64,7 +64,7 @@ static int pkcs12kdf_derive(const unsigned char *pass, size_t passlen, } vi = EVP_MD_get_block_size(md_type); ui = EVP_MD_get_size(md_type); - if (ui < 0 || vi <= 0) { + if (ui <= 0 || vi <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE); goto end; } From pauli at openssl.org Wed Aug 18 06:17:04 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 18 Aug 2021 06:17:04 +0000 Subject: [openssl] master update Message-ID: <1629267424.935202.22257.nullmailer@dev.openssl.org> The branch master has been updated via 2fbf0a560d77551d37e188b2d230b8fd8a94ac1f (commit) from 9f81ef9c0b6f3f9b3a091c5c40af52fb3f8556e3 (commit) - Log ----------------------------------------------------------------- commit 2fbf0a560d77551d37e188b2d230b8fd8a94ac1f Author: Pauli Date: Tue Aug 17 08:54:55 2021 +1000 doc: remove errant blank line to appease doc-nits Fixes #16328 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/16330) ----------------------------------------------------------------------- Summary of changes: doc/man3/TS_RESP_CTX_new.pod | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/man3/TS_RESP_CTX_new.pod b/doc/man3/TS_RESP_CTX_new.pod index 659946bf20..725a1921d1 100644 --- a/doc/man3/TS_RESP_CTX_new.pod +++ b/doc/man3/TS_RESP_CTX_new.pod @@ -5,7 +5,6 @@ TS_RESP_CTX_new_ex, TS_RESP_CTX_new, TS_RESP_CTX_free - Timestamp response context object creation - =head1 SYNOPSIS #include From no-reply at appveyor.com Wed Aug 18 07:21:41 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 18 Aug 2021 07:21:41 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.42578 Message-ID: <20210818072141.1.C64E7B593ED006A0@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Wed Aug 18 07:49:34 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 18 Aug 2021 07:49:34 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <611cbb8dd28d9_23fcca2b18df43d99c5204f@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DUpUd_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFSDjCwSLp8HQ7D5J6JreZ19r2qhQJzaGHHXs07WhSWL4UVdtzsorSy-2BZNPX830JO2pqhKURA1zDFeGMYJDmkdI0GM9vkH4r-2Ft6xT4NWLnHq2ivlxBoKzWsUm859rY15j9bstFCFkCDh7AHrE4YLf43blqnby8FQ9-2BOcwK02zklbjgb2MeBBDRfJeeEA2m25so-3D Build ID: 402967 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Wed Aug 18 07:52:02 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 18 Aug 2021 07:52:02 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <611cbc223201c_23fdcc2b18df43d99c52079@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DGUoG_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHWGBOKCBEOh-2Bneu0AkxDNAOfbR1w1Q25Hg-2BBBREJBdTcd2w7fNt6ajGTsgfIrTmEr9sPdyyGHV1vXn-2FFqJonO1FBFvQYpAY1ZMgHvzK-2FsR3KZ1vjXKaZv4tjVlBihOPRkam8bQM2ptYNncZDnPzMJlTs-2F-2BCAwfeRoi-2BAZnquX1QUuc7JIfn6InubtXaGpQAkE-3D Build ID: 402969 Analysis Summary: New defects found: 0 Defects eliminated: 0 From levitte at openssl.org Wed Aug 18 15:06:39 2021 From: levitte at openssl.org (Richard Levitte) Date: Wed, 18 Aug 2021 15:06:39 +0000 Subject: [openssl] master update Message-ID: <1629299199.462771.6377.nullmailer@dev.openssl.org> The branch master has been updated via d68820d95634322108316f3051a1746ead88adaf (commit) via 4e92d5c79d501d09a978fd896c715da07902d8b7 (commit) from 2fbf0a560d77551d37e188b2d230b8fd8a94ac1f (commit) - Log ----------------------------------------------------------------- commit d68820d95634322108316f3051a1746ead88adaf Author: Richard Levitte Date: Tue Aug 17 14:32:35 2021 +0200 Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/16334) commit 4e92d5c79d501d09a978fd896c715da07902d8b7 Author: Richard Levitte Date: Tue Aug 17 08:46:23 2021 +0200 EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated A check is added to fail this function if the string buffer isn't large enough to accomodate a terminating NUL byte. Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/16334) ----------------------------------------------------------------------- Summary of changes: crypto/evp/p_lib.c | 20 ++++++++++++++------ doc/man3/EVP_PKEY_gettable_params.pod | 14 ++++++++------ test/evp_pkey_provided_test.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 12 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index fa3a0258fa..2bc1237488 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -2145,7 +2145,7 @@ err: int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, unsigned char *buf, size_t max_buf_sz, - size_t *out_sz) + size_t *out_len) { OSSL_PARAM params[2]; int ret1 = 0, ret2 = 0; @@ -2157,14 +2157,14 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, params[1] = OSSL_PARAM_construct_end(); if ((ret1 = EVP_PKEY_get_params(pkey, params))) ret2 = OSSL_PARAM_modified(params); - if (ret2 && out_sz != NULL) - *out_sz = params[0].return_size; + if (ret2 && out_len != NULL) + *out_len = params[0].return_size; return ret1 && ret2; } int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, char *str, size_t max_buf_sz, - size_t *out_sz) + size_t *out_len) { OSSL_PARAM params[2]; int ret1 = 0, ret2 = 0; @@ -2176,8 +2176,16 @@ int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, params[1] = OSSL_PARAM_construct_end(); if ((ret1 = EVP_PKEY_get_params(pkey, params))) ret2 = OSSL_PARAM_modified(params); - if (ret2 && out_sz != NULL) - *out_sz = params[0].return_size; + if (ret2 && out_len != NULL) + *out_len = params[0].return_size; + + if (ret2 && params[0].return_size == max_buf_sz) + /* There was no space for a NUL byte */ + return 0; + /* Add a terminating NUL byte for good measure */ + if (ret2 && str != NULL) + str[params[0].return_size] = '\0'; + return ret1 && ret2; } diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod index 27240b0d3b..4c0737d050 100644 --- a/doc/man3/EVP_PKEY_gettable_params.pod +++ b/doc/man3/EVP_PKEY_gettable_params.pod @@ -47,14 +47,16 @@ EVP_PKEY_get_bn_param() retrieves a key I BIGNUM value I<**bn> associated with a name of I. If I<*bn> is NULL then the BIGNUM is allocated by the method. -EVP_PKEY_get_utf8_string_param() get a key I UTF8 string value int a buffer -I of maximum size I associated with a name of I. -If I is not NULL the I<*out_sz> is set to the length of the string +EVP_PKEY_get_utf8_string_param() get a key I UTF8 string value into a +buffer I of maximum size I associated with a name of +I. The maximum size must be large enough to accomodate the string +value including a terminating NUL byte, or this function will fail. +If I is not NULL, I<*out_len> is set to the length of the string not including the terminating NUL byte. -EVP_PKEY_get_octet_string_param() copy a I's octet string value into a buffer -I of maximum size I associated with a name of I. -I<*out_sz> is the returned size of the buffer if it is not NULL. +EVP_PKEY_get_octet_string_param() get a key I's octet string value into a +buffer I of maximum size I associated with a name of I. +If I is not NULL, I<*out_len> is set to the length of the contents. =head1 NOTES diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index f075f40b0c..593f7090eb 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -526,6 +526,37 @@ static int test_fromdata_dh_named_group(void) fromdata_params))) goto err; + /* + * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that + * it behaves as expected with regards to string length and terminating + * NUL byte. + */ + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + NULL, sizeof(name_out), + &len)) + || !TEST_size_t_eq(len, sizeof(group_name) - 1) + /* Just enough space to hold the group name and a terminating NUL */ + || !TEST_true(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name), + &len)) + || !TEST_size_t_eq(len, sizeof(group_name) - 1) + /* Too small buffer to hold the terminating NUL byte */ + || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name) - 1, + &len)) + /* Too small buffer to hold the whole group name, even! */ + || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name) - 2, + &len))) + goto err; + while (dup_pk == NULL) { ret = 0; if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) From nic.tuv at gmail.com Wed Aug 18 22:05:08 2021 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Wed, 18 Aug 2021 22:05:08 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629324308.502290.2191.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a7ce0c00a2eb8fe88786c4eb28e9ed385581eab7 (commit) via 9e12ea3ae5d546f2be11a7c9864c80e7a1adfd73 (commit) via 854b6fa89afcd4a683b3e91d701a4a045db60ad7 (commit) via ce5b8f101db2b96bf893ddcc4c5a16a07fc41751 (commit) via 6398f974e9cb26a8508584e732b9683797125652 (commit) via 7952f04ddf8065ba4df7887f91fd5199d34a9d11 (commit) via aa23aa759cf33b4f481fc719d42cb7bae8b2eaf0 (commit) via 4c7b49d37dd7957d534da9cb1ff9b15886e34cda (commit) via 4c038f59a3d962715344168412e60be7e9785f0a (commit) via 048c06124d19f82ddefd2aa270327def6e1be917 (commit) via d9fdb3a69e4192266f71d579143b9d504ebfb014 (commit) via c10d86c9fdbbbf615c98a8679cf0fddab29b0265 (commit) from 9d868840b821fddf895e3bf6b589ecf6be7b1b13 (commit) - Log ----------------------------------------------------------------- commit a7ce0c00a2eb8fe88786c4eb28e9ed385581eab7 Author: Pauli Date: Tue Aug 17 23:34:52 2021 +1000 [github-ci] Add comment about our approach to GitHub Actions CI Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/16252) commit 9e12ea3ae5d546f2be11a7c9864c80e7a1adfd73 Author: Nicola Tuveri Date: Sat Aug 7 09:54:08 2021 +0300 [github-ci][run-checker-merge.yml] Disable ubsan build This commit temporarily disables the ubsan build, due to failures to be investigated in a dedicated PR. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit 854b6fa89afcd4a683b3e91d701a4a045db60ad7 Author: Nicola Tuveri Date: Sat Aug 7 13:49:03 2021 +0300 [github-ci][ci.yml] Disable memory sanitizer build In 1.1.1 currently we do not support running multiple tests in parallel, and the `--debug -O1` msan build required more than 3h to run the tests. This commit temporarily disables this build configuration. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit ce5b8f101db2b96bf893ddcc4c5a16a07fc41751 Author: Nicola Tuveri Date: Sat Aug 7 10:15:16 2021 +0300 [github-ci][run-checker-ci.yml] Disable no-tls1_3 tests This commit temporarily disables tests for no-tls1_3, due to failures to be investigated in a dedicated PR. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit 6398f974e9cb26a8508584e732b9683797125652 Author: Nicola Tuveri Date: Sat Aug 7 09:54:08 2021 +0300 [github-ci][ci.yml] Disable pyca external tests This commit temporarily disables pyca external tests, due to failures to be investigated in a dedicated PR. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit 7952f04ddf8065ba4df7887f91fd5199d34a9d11 Author: Nicola Tuveri Date: Sat Aug 7 09:53:08 2021 +0300 [github-ci][ci.yml] Disable krb5 external tests This commit temporarily disables krb5 external tests, due to failures to be investigated in a dedicated PR. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit aa23aa759cf33b4f481fc719d42cb7bae8b2eaf0 Author: Nicola Tuveri Date: Sat Aug 7 09:46:19 2021 +0300 [github-ci][cross-compiles.yml] Disable sparcv9 This commit temporarily disables cross-compiling tests for sparcv9, due to failures to be investigated in a dedicated PR. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit 4c7b49d37dd7957d534da9cb1ff9b15886e34cda Author: Nicola Tuveri Date: Fri Aug 6 18:37:02 2021 +0300 [github-ci] Import run-checker daily workflow from master The daily run-checker is scheduled to start at 6:42, instead of the start of the hour. The official GitHub documentation remarks the following regarding scheduled workflows: > Note: The schedule event can be delayed during periods of high loads > of GitHub Actions workflow runs. High load times include the start of > every hour. To decrease the chance of delay, schedule your workflow to > run at a different time of the hour. 42, obviously, has been picked because it is the answer to the ultimate question of life, the universe, and everything. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit 4c038f59a3d962715344168412e60be7e9785f0a Author: Nicola Tuveri Date: Fri Aug 6 18:37:02 2021 +0300 [github-ci] Import run-checker workflows from master This commit does not include the daily run-checker workflow. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit 048c06124d19f82ddefd2aa270327def6e1be917 Author: Nicola Tuveri Date: Fri Aug 6 18:26:11 2021 +0300 [github-ci] Import cross-compiles.yml workflow from master Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit d9fdb3a69e4192266f71d579143b9d504ebfb014 Author: Nicola Tuveri Date: Fri Aug 6 17:55:31 2021 +0300 [github-ci] Import windows.yml workflow from master Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) commit c10d86c9fdbbbf615c98a8679cf0fddab29b0265 Author: Nicola Tuveri Date: Fri Aug 6 17:49:32 2021 +0300 [github-ci] Sync ci.yml workflow with master Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16252) ----------------------------------------------------------------------- Summary of changes: .github/workflows/README.md | 40 +++++ .github/workflows/ci.yml | 293 +++++++++++++++++++++++--------- .github/workflows/cross-compiles.yml | 153 +++++++++++++++++ .github/workflows/run-checker-ci.yml | 38 +++++ .github/workflows/run-checker-daily.yml | 126 ++++++++++++++ .github/workflows/run-checker-merge.yml | 35 ++++ .github/workflows/windows.yml | 93 ++++++++++ 7 files changed, 700 insertions(+), 78 deletions(-) create mode 100644 .github/workflows/README.md create mode 100644 .github/workflows/cross-compiles.yml create mode 100644 .github/workflows/run-checker-ci.yml create mode 100644 .github/workflows/run-checker-daily.yml create mode 100644 .github/workflows/run-checker-merge.yml create mode 100644 .github/workflows/windows.yml diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 0000000000..ac956f0cf4 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,40 @@ +## Rationale about our design for the GitHub Actions CI + +The balance is between the time taken and the number of jobs. +We're allowed 180 concurrent jobs in total across the entire project. +Currently we're running about 60 on pull_request, a few more on push and +a pile per day. +So three simultaneous PRs should finish quickly enough. +Given that most jobs run quickly, this could scale up to 5 or 6 without +problem. + +Moving more jobs into the `pull_request` category will limit the number +of parallel builds (from different PRs) we can handle. +We got into quite some strife over this with our older CI hosts +-- remember builds taking the best part of a day to run. +We really want to avoid that again. + +I've been trying to limit total job time per job to around 20-30 minutes +(there are some longer ones I know of), with most jobs running in the +sub 5 minute range. +There are some longer lived CIs -- up to an hour and I try to delegate +these to push or daily rather than pull_request. + +Still, there is no hard and fast rule about what runs when or where. +Make a suggestion about bettering the CIs -- Ideally I'd like the +`pull_request` jobs to be the ones catching most of the problems and the +push and daily being predictably boring successes. +Just make an effort to rationally justify the inclusions/changes. + +Things like the sanitiser builds, we know catch problems often. +So even though they are slow they are worthwhile on `pull_request`. +A lot of the daily builds are unlikely to catch much since they are +checking options can be turned off and on, so they are fine not running +as much. +The demarkation between `pull_request` and `pull_request + push` is the +difficult choice. +I believe we should do all pull_request jobs as part of push too. +The question is how many more should there be. + +I don't have a good answer but I think we're converging on a practical +number and we should get better as we gain experience. diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5822e36ccb..6b61af9c03 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,5 @@ -name: GitHub CI +--- +name: GitHub CI for 1.1.1 on: [pull_request, push] @@ -22,7 +23,7 @@ jobs: - name: make build_generated run: make -s build_generated - name: make update - run: make -s update + run: make update - name: git diff run: git diff --exit-code @@ -37,111 +38,247 @@ jobs: - name: make doc-nits run: make doc-nits + # This checks that we use ANSI C language syntax and semantics. + # We are not as strict with libraries, but rather adapt to what's + # expected to be available in a certain version of each platform. + check-ansi: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + - name: config + run: CPPFLAGS=-ansi ./config no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump + - name: make + run: make -s -j4 + basic_gcc: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: ./config --strict-warnings && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test + - uses: actions/checkout at v2 + - name: config + run: CC=gcc ./config --strict-warnings && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test basic_clang: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: CC=clang ./config --strict-warnings && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test + - uses: actions/checkout at v2 + - name: config + run: CC=clang ./config --strict-warnings && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test minimal: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: ./config --strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test + - uses: actions/checkout at v2 + - name: config + run: ./config --strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump + - name: make + run: make -j4 # verbose, so no -s here + - name: make test + run: make test - out-of-tree_build: + no-deprecated: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: setup build dir - run: | - set -eux - mkdir -p ${myblddir:=../_build/nest/a/little/more} - echo "mysrcdir=$(realpath .)" | tee -a $GITHUB_ENV - echo "myblddir=$(realpath $myblddir)" | tee -a $GITHUB_ENV - - name: config - run: set -eux ; cd ${{ env.myblddir }} && ${{ env.mysrcdir }}/config --strict-warnings && perl configdata.pm --dump - - name: make build_generated - run: set -eux; cd ${{ env.myblddir }} && make -s build_generated - - name: make update - run: set -eux; cd ${{ env.myblddir }} && make update - - name: make - run: set -eux; cd ${{ env.myblddir }} && make -s -j4 - - name: make test (minimal subset) - run: set -eux; cd ${{ env.myblddir }} && make test TESTS='0[0-9]' + - uses: actions/checkout at v2 + - name: config + run: ./config --strict-warnings no-deprecated && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test - no-deprecated: + no-shared: + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + runs-on: ${{matrix.os}} + steps: + - uses: actions/checkout at v2 + - name: config + run: ./config --strict-warnings no-shared && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test + + address_ub_sanitizer: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: ./config --strict-warnings no-deprecated && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test + - uses: actions/checkout at v2 + - name: config + run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test OPENSSL_TEST_RAND_ORDER=0 - sanitizers: +# The memory sanitizer build is temporarily disabled as in 1.1.1 we do +# not support running tests in parallel and this build configuration +# requires more than 3h to run all tests sequentially. +# memory_sanitizer: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout at v2 +# - name: config +# # --debug -O1 is to produce a debug build that runs in a reasonable amount of time +# run: CC=clang ./config --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump +# - name: make +# run: make -s -j4 +# - name: make test +# run: make test + + threads_sanitizer: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test OPENSSL_TEST_RAND_ORDER=0 + - uses: actions/checkout at v2 + - name: config + run: CC=clang ./config --strict-warnings -fsanitize=thread && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make TESTS=test_threads test enable_non-default_options: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: ./config --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test + - uses: actions/checkout at v2 + - name: config + run: ./config --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test legacy: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test + - uses: actions/checkout at v2 + - name: config + run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test buildtest: runs-on: ubuntu-latest steps: - - uses: actions/checkout at v2 - - name: config - run: ./config no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump - - name: make - run: make -s -j4 - - name: make test - run: make test + - uses: actions/checkout at v2 + - name: config + run: ./config no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test + + out-of-tree_build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + - name: setup build dir + run: | + set -eux + mkdir -p ${myblddir:=../_build/nest/a/little/more} + echo "mysrcdir=$(realpath .)" | tee -a $GITHUB_ENV + echo "myblddir=$(realpath $myblddir)" | tee -a $GITHUB_ENV + - name: config + run: set -eux ; cd ${{ env.myblddir }} && ${{ env.mysrcdir }}/config --strict-warnings && perl configdata.pm --dump + - name: make build_generated + run: set -eux; cd ${{ env.myblddir }} && make -s build_generated + - name: make update + run: set -eux; cd ${{ env.myblddir }} && make update + - name: make + run: set -eux; cd ${{ env.myblddir }} && make -s -j4 + - name: make test (minimal subset) + run: set -eux; cd ${{ env.myblddir }} && make test TESTS='0[0-9]' + + out-of-source-and-install: + strategy: + matrix: + os: [ubuntu-latest, macos-latest ] + runs-on: ${{matrix.os}} + steps: + - uses: actions/checkout at v2 + - name: extra preparations + run: | + mkdir ./build + mkdir ./install_dir + - name: config + run: ../config --strict-warnings --prefix=$(cd ../install_dir; pwd) && perl configdata.pm --dump + working-directory: ./build + - name: make + run: make -s -j4 + working-directory: ./build + - name: make test + run: make test + working-directory: ./build + - name: make install + run: make install + working-directory: ./build + + external-tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + with: + submodules: recursive + - name: package installs + run: | + sudo apt-get update + sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy + - name: install cpanm and Test2::V0 for gost_engine testing + uses: perl-actions/install-with-cpanm at v1 + with: + install: Test2::V0 + - name: setup hostname workaround + run: sudo hostname localhost + - name: config + run: ./config --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: test external gost-engine + run: make test TESTS="test_external_gost_engine" VERBOSE=1 +# krb5 testing temporarily disabled due to failures to be investigated separately +# - name: test external krb5 +# run: make test TESTS="test_external_krb5" VERBOSE=1 + +# pyca testing temporarily disabled due to failures to be investigated separately +# external-test-pyca: +# runs-on: ubuntu-latest +# strategy: +# matrix: +# RUST: +# - 1.51.0 +# PYTHON: +# - 3.9 +# steps: +# - uses: actions/checkout at v2 +# with: +# submodules: recursive +# - name: package installs +# run: | +# sudo apt-get update +# sudo apt-get -yq install python3-virtualenv virtualenv +# - name: Configure OpenSSL +# run: ./config --strict-warnings --debug enable-external-tests && perl configdata.pm --dump +# - name: make +# run: make -s -j4 +# - name: Setup Python +# uses: actions/setup-python at v2.2.2 +# with: +# python-version: ${{ matrix.PYTHON }} +# - uses: actions-rs/toolchain at v1 +# with: +# profile: minimal +# toolchain: ${{ matrix.RUST }} +# override: true +# default: true +# - name: test external pyca +# run: make test TESTS="test_external_pyca" VERBOSE=1 diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml new file mode 100644 index 0000000000..dfc6b15b90 --- /dev/null +++ b/.github/workflows/cross-compiles.yml @@ -0,0 +1,153 @@ +--- +name: Cross Compile for 1.1.1 + +on: [pull_request, push] + +jobs: + cross-compilation: + strategy: + fail-fast: false + matrix: + # The platform matrix specifies: + # arch: the architecture to build for, this defines the tool-chain + # prefix {arch}- and the Debian compiler package gcc-{arch} + # name. + # libs: the Debian package for the necessary link/runtime libraries. + # target: the OpenSSL configuration target to use, this is passed + # directly to the config command line. + # tests: omit this to run all the tests using QEMU, set it to "none" + # to never run the tests, otherwise it's value is passed to + # the "make test" command to allow selectiving disabling of + # tests. + platform: [ + { + arch: aarch64-linux-gnu, + libs: libc6-dev-arm64-cross, + target: linux-aarch64 + }, { + arch: alpha-linux-gnu, + libs: libc6.1-dev-alpha-cross, + target: linux-alpha-gcc + }, { + arch: arm-linux-gnueabi, + libs: libc6-dev-armel-cross, + target: linux-armv4, + tests: -test_includes -test_store -test_x509_store + }, { + arch: arm-linux-gnueabihf, + libs: libc6-dev-armhf-cross, + target: linux-armv4, + tests: -test_includes -test_store -test_x509_store + }, { + arch: hppa-linux-gnu, + libs: libc6-dev-hppa-cross, + target: -static linux-generic32, + tests: -test_includes -test_store -test_x509_store + }, { + arch: m68k-linux-gnu, + libs: libc6-dev-m68k-cross, + target: -static -m68040 linux-generic32, + tests: -test_includes -test_store -test_x509_store + }, { + arch: mips-linux-gnu, + libs: libc6-dev-mips-cross, + target: -static linux-mips32, + tests: -test_includes -test_store -test_x509_store + }, { + arch: mips64-linux-gnuabi64, + libs: libc6-dev-mips64-cross, + target: -static linux64-mips64, + }, { + arch: mipsel-linux-gnu, + libs: libc6-dev-mipsel-cross, + target: linux-mips32, + tests: -test_includes -test_store -test_x509_store + }, { + arch: powerpc64le-linux-gnu, + libs: libc6-dev-ppc64el-cross, + target: linux-ppc64le + }, { + arch: riscv64-linux-gnu, + libs: libc6-dev-riscv64-cross, + target: linux64-riscv64 + }, { + arch: s390x-linux-gnu, + libs: libc6-dev-s390x-cross, + target: linux64-s390x + }, { + arch: sh4-linux-gnu, + libs: libc6-dev-sh4-cross, + target: no-async linux-generic32, + tests: -test_includes -test_store -test_x509_store + }, + + # These build with shared libraries but they crash when run + # They mirror static builds above in order to cover more of the + # code base. + { + arch: hppa-linux-gnu, + libs: libc6-dev-hppa-cross, + target: linux-generic32, + tests: none + }, { + arch: m68k-linux-gnu, + libs: libc6-dev-m68k-cross, + target: -mcfv4e linux-generic32, + tests: none + }, { + arch: mips-linux-gnu, + libs: libc6-dev-mips-cross, + target: linux-mips32, + tests: none + }, { + arch: mips64-linux-gnuabi64, + libs: libc6-dev-mips64-cross, + target: linux64-mips64, + tests: none + }, + + # sparcv9 is temporarily disabled due to failures during compilation + # # This build doesn't execute either with or without shared libraries. + # { + # arch: sparc64-linux-gnu, + # libs: libc6-dev-sparc64-cross, + # target: linux64-sparcv9, + # tests: none + # } + ] + runs-on: ubuntu-latest + steps: + - name: install packages + run: | + sudo apt-get update + sudo apt-get -yq --force-yes install \ + gcc-${{ matrix.platform.arch }} \ + ${{ matrix.platform.libs }} + - uses: actions/checkout at v2 + + - name: config + run: | + ./Configure --strict-warnings \ + --cross-compile-prefix=${{ matrix.platform.arch }}- \ + ${{ matrix.platform.target }} + - name: config dump + run: ./configdata.pm --dump + + - name: make + run: make -s -j4 + + - name: install qemu + if: github.event_name == 'push' && matrix.platform.tests != 'none' + run: sudo apt-get -yq --force-yes install qemu-user + + - name: make all tests + if: github.event_name == 'push' && matrix.platform.tests == '' + run: | + make test \ + QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} + - name: make some tests + if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != '' + run: | + make test \ + TESTS="${{ matrix.platform.tests }}" \ + QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml new file mode 100644 index 0000000000..7a171bff9d --- /dev/null +++ b/.github/workflows/run-checker-ci.yml @@ -0,0 +1,38 @@ +--- +name: Run-checker CI for 1.1.1 +# Jobs run per pull request submission +on: [pull_request, push] +jobs: + run-checker: + strategy: + fail-fast: false + matrix: + opt: [ + no-cms, + no-ct, + no-dtls, + no-ec, + no-ec2m, + no-sock, + no-srp, + no-srtp, + enable-ssl-trace, + no-tests, + no-threads, + no-tls, +# no-tls1_3 temporarily disabled due to failures to be investigated separately +# no-tls1_3, + no-ts, + no-ui, + ] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + - name: config + run: CC=clang ./config --strict-warnings ${{ matrix.opt }} + - name: config dump + run: ./configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml new file mode 100644 index 0000000000..c1b0327ae3 --- /dev/null +++ b/.github/workflows/run-checker-daily.yml @@ -0,0 +1,126 @@ +--- +name: Run-checker daily for 1.1.1 +# Jobs run daily on 1.1.1 + +on: + schedule: + - cron: '42 6 * * *' +jobs: + run-checker: + strategy: + fail-fast: false + matrix: + opt: [ + 386, + no-afalgeng, + no-aria, + no-asan, + no-asm, + no-async, + no-autoalginit, + no-autoerrinit, + no-autoload-config, + no-bf, + no-blake2, + no-buildtest-c++, + no-camellia, + no-capieng, + no-cast, + no-chacha, + no-cmac, + no-comp, + enable-crypto-mdebug, + no-crypto-mdebug, + enable-crypto-mdebug-backtrace, + no-crypto-mdebug-backtrace, + no-deprecated, + no-des, + no-devcryptoeng, + no-dh, + no-dsa, + no-dtls1, + no-dtls1_2, + no-dtls1_2-method, + no-dtls1-method, + no-ecdh, + no-ecdsa, + enable-ec_nistp_64_gcc_128, + no-ec_nistp_64_gcc_128, + enable-egd, + no-egd, + no-engine, + no-external-tests, +# no-tls1_3 temporarily disabled due to failures to be investigated separately +# no-tls1_3, + no-fuzz-afl, + no-fuzz-libfuzzer, + no-gost, + enable-heartbeats, + no-heartbeats, + no-hw, + no-hw-padlock, + no-idea, + no-makedepend, + enable-md2, + no-md2, + no-md4, + no-mdc2, + no-msan, + no-multiblock, + no-nextprotoneg, + no-ocb, + no-ocsp, + no-pic, + no-pinshared, + no-poly1305, + no-posix-io, + no-psk, + no-rc2, + no-rc4, + enable-rc5, + no-rc5, + no-rdrand, + no-rfc3779, + no-ripemd, + no-rmd160, + no-scrypt, + no-sctp, + no-seed, + no-shared, + no-siphash, + no-sm2, + no-sm3, + no-sm4, + no-sse2, + no-ssl, + no-ssl3, + no-ssl3-method, + no-ssl-trace, + no-static-engine no-shared, + no-stdio, + no-tls1, + no-tls1_1, + no-tls1_1-method, + no-tls1_2, + no-tls1_2-method, + no-tls1-method, + no-ubsan, + no-ui-console, + enable-unit-test, + no-weak-ssl-ciphers, + no-whirlpool, + no-zlib, + enable-zlib-dynamic, + no-zlib-dynamic, + ] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + - name: config + run: CC=clang ./config --strict-warnings ${{ matrix.opt }} + - name: config dump + run: ./configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml new file mode 100644 index 0000000000..29419a2396 --- /dev/null +++ b/.github/workflows/run-checker-merge.yml @@ -0,0 +1,35 @@ +--- +name: Run-checker merge for 1.1.1 +# Jobs run per merge to 1.1.1 + +on: [push] +jobs: + run-checker: + strategy: + fail-fast: false + matrix: + opt: [ + enable-asan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT, + no-dgram, + no-dso, + no-dynamic-engine, + no-engine no-shared, + no-err, + no-filenames, +# ubsan build is temporarily disabled, due to failures to be investigated separately +# enable-ubsan no-asm -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, + no-unit-test, + enable-weak-ssl-ciphers, + enable-zlib, + ] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout at v2 + - name: config + run: CC=clang ./config --strict-warnings ${{ matrix.opt }} + - name: config dump + run: ./configdata.pm --dump + - name: make + run: make -s -j4 + - name: make test + run: make test diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml new file mode 100644 index 0000000000..c11242a56f --- /dev/null +++ b/.github/workflows/windows.yml @@ -0,0 +1,93 @@ +--- +name: Windows GitHub CI for 1.1.1 + +on: [pull_request, push] + +jobs: + shared: + # Run a job for each of the specified target architectures: + strategy: + matrix: + os: + - windows-latest + - windows-2016 + platform: + - arch: win64 + config: VC-WIN64A + - arch: win32 + config: VC-WIN32 --strict-warnings + runs-on: ${{matrix.os}} + steps: + - uses: actions/checkout at v2 + - uses: ilammy/msvc-dev-cmd at v1 + with: + arch: ${{ matrix.platform.arch }} + - uses: ilammy/setup-nasm at v1 + with: + platform: ${{ matrix.platform.arch }} + - name: prepare the build directory + run: mkdir _build + - name: config + working-directory: _build + run: | + perl ..\Configure no-makedepend ${{ matrix.platform.config }} + perl configdata.pm --dump + - name: build + working-directory: _build + run: nmake /S + - name: test + working-directory: _build + run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* + - name: install + # Run on 64 bit only as 32 bit is slow enough already + if: $${{ matrix.platform.arch == 'win64' }} + run: | + mkdir _dest + nmake install DESTDIR=_dest + working-directory: _build + plain: + strategy: + matrix: + os: + - windows-latest + - windows-2016 + runs-on: ${{matrix.os}} + steps: + - uses: actions/checkout at v2 + - uses: ilammy/msvc-dev-cmd at v1 + - name: prepare the build directory + run: mkdir _build + - name: config + working-directory: _build + run: | + perl ..\Configure no-makedepend no-shared VC-WIN64A-masm + perl configdata.pm --dump + - name: build + working-directory: _build + run: nmake /S + - name: test + working-directory: _build + run: nmake test VERBOSE_FAILURE=yes + minimal: + strategy: + matrix: + os: + - windows-latest + - windows-2016 + runs-on: ${{matrix.os}} + steps: + - uses: actions/checkout at v2 + - uses: ilammy/msvc-dev-cmd at v1 + - name: prepare the build directory + run: mkdir _build + - name: config + working-directory: _build + run: | + perl ..\Configure no-makedepend no-deprecated no-asm -DOPENSSL_SMALL_FOOTPRINT VC-WIN64A + perl configdata.pm --dump + - name: build + working-directory: _build + run: nmake # verbose, so no /S here + - name: test + working-directory: _build + run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* From nic.tuv at gmail.com Wed Aug 18 22:19:03 2021 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Wed, 18 Aug 2021 22:19:03 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629325143.129739.11720.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 4f850d7221ef6d9010053434d8ae43da13ad8fde (commit) via e22819f1c811b7741b4db408ce18860fa77bc97f (commit) from a7ce0c00a2eb8fe88786c4eb28e9ed385581eab7 (commit) - Log ----------------------------------------------------------------- commit 4f850d7221ef6d9010053434d8ae43da13ad8fde Author: Pauli Date: Mon May 31 15:33:22 2021 +1000 sparc: fix cross compile build (cherry picked from commit 64fac96de81d3dc19cc0c9045c341f0dec818075) Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/16336) commit e22819f1c811b7741b4db408ce18860fa77bc97f Author: Nicola Tuveri Date: Thu Aug 19 01:16:10 2021 +0300 Revert "[github-ci][cross-compiles.yml] Disable sparcv9" This reverts commit aa23aa759cf33b4f481fc719d42cb7bae8b2eaf0. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16336) ----------------------------------------------------------------------- Summary of changes: .github/workflows/cross-compiles.yml | 15 +++++++-------- crypto/evp/e_aes.c | 12 ++++++------ crypto/evp/e_camellia.c | 8 ++++---- crypto/sparcv9cap.c | 1 + 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index dfc6b15b90..e40bcf5852 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -106,14 +106,13 @@ jobs: tests: none }, - # sparcv9 is temporarily disabled due to failures during compilation - # # This build doesn't execute either with or without shared libraries. - # { - # arch: sparc64-linux-gnu, - # libs: libc6-dev-sparc64-cross, - # target: linux64-sparcv9, - # tests: none - # } + # This build doesn't execute either with or without shared libraries. + { + arch: sparc64-linux-gnu, + libs: libc6-dev-sparc64-cross, + target: linux64-sparcv9, + tests: none + } ] runs-on: ubuntu-latest steps: diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 73cadbf593..a7c6b3cca3 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -611,22 +611,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out, */ void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, unsigned char *ivec); diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 502d6936cc..87580cd39b 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -55,16 +55,16 @@ void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const CAMELLIA_KEY *key, unsigned char *ivec); diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index ff1a983ac9..98cacf24d9 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -16,6 +16,7 @@ #include #include #include "internal/cryptlib.h" +#include "bn/bn_local.h" /* for definition of bn_mul_mont */ #include "sparc_arch.h" From pauli at openssl.org Wed Aug 18 22:24:39 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 18 Aug 2021 22:24:39 +0000 Subject: [openssl] master update Message-ID: <1629325479.809108.15380.nullmailer@dev.openssl.org> The branch master has been updated via e0f69c3598b61c47fbfe9d4e7d44ed671c334ef5 (commit) from d68820d95634322108316f3051a1746ead88adaf (commit) - Log ----------------------------------------------------------------- commit e0f69c3598b61c47fbfe9d4e7d44ed671c334ef5 Author: Todd Short Date: Mon Aug 16 16:37:10 2021 -0400 Fix state name abbreviation The TRSCV state abbrev was used for two states: * TLS_ST_CR_CERT_VRFY * TLS_ST_SW_CERT_VRFY The second one is wrong because it's a write operation. The state for TLS_ST_SW_CERT_VRFY should be "TWSCV" Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16327) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_state_string.pod | 8 ++++---- ssl/ssl_stat.c | 8 ++++---- test/sslapitest.c | 40 ++++++++++++++++++++-------------------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/doc/man3/SSL_state_string.pod b/doc/man3/SSL_state_string.pod index f1bd6eba9d..e2bf66b95a 100644 --- a/doc/man3/SSL_state_string.pod +++ b/doc/man3/SSL_state_string.pod @@ -13,10 +13,10 @@ SSL_state_string, SSL_state_string_long - get textual description of state of an =head1 DESCRIPTION -SSL_state_string() returns a 6 letter string indicating the current state -of the SSL object B. +SSL_state_string() returns an abbreviated string indicating the current state +of the SSL object B. The returned NUL-terminated string contains 6 or fewer characters. -SSL_state_string_long() returns a string indicating the current state of +SSL_state_string_long() returns a descriptive string indicating the current state of the SSL object B. =head1 NOTES @@ -44,7 +44,7 @@ L, L =head1 COPYRIGHT -Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index 3ef0e15814..32bc4326b4 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -137,9 +137,9 @@ const char *SSL_state_string(const SSL *s) case TLS_ST_CW_NEXT_PROTO: return "TWNP"; case TLS_ST_BEFORE: - return "PINIT "; + return "PINIT"; case TLS_ST_OK: - return "SSLOK "; + return "SSLOK"; case TLS_ST_CW_CLNT_HELLO: return "TWCH"; case TLS_ST_CR_SRVR_HELLO: @@ -201,7 +201,7 @@ const char *SSL_state_string(const SSL *s) case TLS_ST_CR_CERT_VRFY: return "TRSCV"; case TLS_ST_SW_CERT_VRFY: - return "TRSCV"; + return "TWSCV"; case TLS_ST_CR_HELLO_REQ: return "TRHR"; case TLS_ST_SW_KEY_UPDATE: @@ -221,7 +221,7 @@ const char *SSL_state_string(const SSL *s) case TLS_ST_SR_END_OF_EARLY_DATA: return "TWEOED"; default: - return "UNKWN "; + return "UNKWN"; } } diff --git a/test/sslapitest.c b/test/sslapitest.c index b5212d1ace..e95d2657f4 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -6905,69 +6905,69 @@ static struct info_cb_states_st { } info_cb_states[][60] = { { /* TLSv1.2 server followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.2 client followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"}, {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 server followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"}, - {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, + {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 client followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, - {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, - {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, + {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, + {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 server, early_data */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, @@ -6976,14 +6976,14 @@ static struct info_cb_states_st { {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 client, early_data */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { {0, NULL}, From scan-admin at coverity.com Thu Aug 19 07:49:52 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 19 Aug 2021 07:49:52 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <611e0d205a143_25bbfc2acdc86f59a81871@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DkPmG_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE7TEp6sTgTjc1TQg8Msrzral-2FoFd7J4Idgv11FilL6alIzRQ53vn4voyom-2Fkcg2zTyJsYNo02RYcDDHiHx2j2GRv-2BQ-2FPtmfZhJfYKQgQtqg7EkFZOjILyuH-2BjMkV-2FTt3cZj1PYxB-2BLg0b9vW2ruEImLhEQaiJHmhhMhipXp9PTUlzyAKB0SXLDcvU9OJ-2BXsng-3D Build ID: 403135 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Thu Aug 19 07:54:04 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 19 Aug 2021 07:54:04 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <611e0e1c72eb7_25bd3e2acdc86f59a8187d1@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DCumZ_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEaB-2Fd8uLM6uTMnY43M77taBARHiONHFpmcZQsaw7WLQJzVhkdPBr71-2FAtuQ5NVGBkV7vy7Xa6opf3fRh-2BaHrxgIcDqtJ6-2FAJWBRtPe-2FSEltw1o5t-2B3ia684OSHUG4Rs9OZv7H-2FnLWUoDOlQL5xPBeeLj-2FMxhEf6bwMZMQBj9gLvA7sCBZbFGmECk-2BYOgzsWnA-3D Build ID: 403136 Analysis Summary: New defects found: 0 Defects eliminated: 0 From levitte at openssl.org Thu Aug 19 17:08:14 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 19 Aug 2021 17:08:14 +0000 Subject: [openssl] master update Message-ID: <1629392894.126184.21440.nullmailer@dev.openssl.org> The branch master has been updated via 3bb2046a5959e470c3499de575f4b5f2aa27d5a5 (commit) from e0f69c3598b61c47fbfe9d4e7d44ed671c334ef5 (commit) - Log ----------------------------------------------------------------- commit 3bb2046a5959e470c3499de575f4b5f2aa27d5a5 Author: Richard Levitte Date: Thu Aug 19 13:07:30 2021 +0200 util/add-depends.pl: Only add dependencies on existing or generated headers Headers that fulfill neither of those conditions are skipped. This avoids build breaks when development has removed a previously existing header. Fixes #16360 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16361) ----------------------------------------------------------------------- Summary of changes: util/add-depends.pl | 103 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 67 insertions(+), 36 deletions(-) diff --git a/util/add-depends.pl b/util/add-depends.pl index 5aa03c4740..1e2ade78fe 100644 --- a/util/add-depends.pl +++ b/util/add-depends.pl @@ -69,7 +69,41 @@ my %depconv_cache = keys %{$unified_info{generate}}; my %procedures = ( - 'gcc' => undef, # gcc style dependency files needs no mods + 'gcc' => + sub { + (my $objfile = shift) =~ s|\.d$|.o|i; + my $line = shift; + + # Remove the original object file + $line =~ s|^.*\.o: | |; + # All we got now is a dependency, shave off surrounding spaces + $line =~ s/^\s+//; + $line =~ s/\s+$//; + # Also, shave off any continuation + $line =~ s/\s*\\$//; + + # Split the line into individual header files, and keep those + # that exist in some form + my @headers; + for (split(/\s+/, $line)) { + my $x = rel2abs($_); + + if (!$depconv_cache{$x}) { + if (-f $x) { + $depconv_cache{$x} = $_; + } + } + + if ($depconv_cache{$x}) { + push @headers, $_; + } else { + print STDERR "DEBUG[$producer]: ignoring $objfile <- $line\n" + if $debug; + } + } + return ($objfile, join(' ', @headers)) if @headers; + return undef; + }, 'makedepend' => sub { # makedepend, in its infinite wisdom, wants to have the object file @@ -149,7 +183,10 @@ my %procedures = ( # mappings for generated headers, we only need to deal # with the source tree. if ($dep =~ s|^\Q$abs_srcdir_shaved\E([\.>\]])?|$srcdir_shaved$1|i) { - $depconv_cache{$line} = $dep; + # Also check that the header actually exists + if (-f $line) { + $depconv_cache{$line} = $dep; + } } } return ($objfile, $depconv_cache{$line}) @@ -201,7 +238,10 @@ my %procedures = ( # mappings for generated headers, we only need to deal # with the source tree. if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) { - $depconv_cache{$tail} = $dep; + # Also check that the header actually exists + if (-f $line) { + $depconv_cache{$tail} = $dep; + } } } return ($objfile, '"'.$depconv_cache{$tail}.'"') @@ -247,7 +287,10 @@ my %procedures = ( # mappings for generated headers, we only need to deal # with the source tree. if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) { - $depconv_cache{$tail} = $dep; + # Also check that the header actually exists + if (-f $line) { + $depconv_cache{$tail} = $dep; + } } } return ($objfile, '"'.$depconv_cache{$tail}.'"') @@ -260,7 +303,7 @@ my %procedures = ( }, ); my %continuations = ( - 'gcc' => undef, + 'gcc' => "\\", 'makedepend' => "\\", 'VMS C' => "-", 'VC' => "\\", @@ -276,16 +319,14 @@ my $continuation = $continuations{$producer}; my $buildfile_new = "$buildfile-$$"; my %collect = (); -if (defined $procedure) { - foreach my $depfile (@depfiles) { - open IDEP,$depfile or die "Trying to read $depfile: $!\n"; - while () { - s|\R$||; # The better chomp - my ($target, $deps) = $procedure->($depfile, $_); - $collect{$target}->{$deps} = 1 if defined $target; - } - close IDEP; +foreach my $depfile (@depfiles) { + open IDEP,$depfile or die "Trying to read $depfile: $!\n"; + while () { + s|\R$||; # The better chomp + my ($target, $deps) = $procedure->($depfile, $_); + $collect{$target}->{$deps} = 1 if defined $target; } + close IDEP; } open IBF, $buildfile or die "Trying to read $buildfile: $!\n"; @@ -298,31 +339,21 @@ close IBF; print OBF "# DO NOT DELETE THIS LINE -- make depend depends on it.\n"; -if (defined $procedure) { - foreach my $target (sort keys %collect) { - my $prefix = $target . ' :'; - my @deps = sort keys %{$collect{$target}}; +foreach my $target (sort keys %collect) { + my $prefix = $target . ' :'; + my @deps = sort keys %{$collect{$target}}; - while (@deps) { - my $buf = $prefix; - $prefix = ''; + while (@deps) { + my $buf = $prefix; + $prefix = ''; - while (@deps && ($buf eq '' - || length($buf) + length($deps[0]) <= 77)) { - $buf .= ' ' . shift @deps; - } - $buf .= ' '.$continuation if @deps; - - print OBF $buf,"\n" or die "Trying to print: $!\n" + while (@deps && ($buf eq '' + || length($buf) + length($deps[0]) <= 77)) { + $buf .= ' ' . shift @deps; } - } -} else { - foreach my $depfile (@depfiles) { - open IDEP,$depfile or die "Trying to read $depfile: $!\n"; - while () { - print OBF or die "Trying to print: $!\n"; - } - close IDEP; + $buf .= ' '.$continuation if @deps; + + print OBF $buf,"\n" or die "Trying to print: $!\n" } } From levitte at openssl.org Thu Aug 19 18:49:54 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 19 Aug 2021 18:49:54 +0000 Subject: [openssl] master update Message-ID: <1629398994.420071.26723.nullmailer@dev.openssl.org> The branch master has been updated via 023cb594d951569afc1e32dd8fc18df85a4f8349 (commit) from 3bb2046a5959e470c3499de575f4b5f2aa27d5a5 (commit) - Log ----------------------------------------------------------------- commit 023cb594d951569afc1e32dd8fc18df85a4f8349 Author: Richard Levitte Date: Thu Aug 19 20:45:00 2021 +0200 util/add-depends.pl: Rebuild the build file after reconfiguration Reconfiguration is assumed if any dependency (.d) file is older than configdata.pm. Fixes #16364 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16365) ----------------------------------------------------------------------- Summary of changes: util/add-depends.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/util/add-depends.pl b/util/add-depends.pl index 1e2ade78fe..599a267f6d 100644 --- a/util/add-depends.pl +++ b/util/add-depends.pl @@ -23,6 +23,7 @@ ${^WIN32_SLOPPY_STAT} = 1; my $debug = $ENV{ADD_DEPENDS_DEBUG}; my $buildfile = $config{build_file}; my $build_mtime = (stat($buildfile))[9]; +my $configdata_mtime = (stat('configdata.pm'))[9]; my $rebuild = 0; my $depext = $target{dep_extension} || ".d"; my @depfiles = @@ -30,9 +31,11 @@ my @depfiles = grep { # This grep has side effects. Not only does if check the existence # of the dependency file given in $_, but it also checks if it's - # newer than the build file, and if it is, sets $rebuild. + # newer than the build file or older than configdata.pm, and if it + # is, sets $rebuild. my @st = stat($_); - $rebuild = 1 if @st && $st[9] > $build_mtime; + $rebuild = 1 + if @st && ($st[9] > $build_mtime || $st[9] < $configdata_mtime); scalar @st > 0; # Determines the grep result } map { (my $x = $_) =~ s|\.o$|$depext|; $x; } From pauli at openssl.org Fri Aug 20 00:33:18 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 20 Aug 2021 00:33:18 +0000 Subject: [openssl] master update Message-ID: <1629419598.209272.12474.nullmailer@dev.openssl.org> The branch master has been updated via ecb09bafad43bc8a722c498f859ed6ad3c73b99b (commit) via 214888448df407e2154ca871d6ffec41ab18698e (commit) via 92115096c31bf5d2ddd3263a21d2cb86b3dbfe3f (commit) from 023cb594d951569afc1e32dd8fc18df85a4f8349 (commit) - Log ----------------------------------------------------------------- commit ecb09bafad43bc8a722c498f859ed6ad3c73b99b Author: Rich Salz Date: Tue Aug 17 11:42:21 2021 -0400 Replace CONFIG_NOWAIT env var with -w option And document the -w option Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16325) commit 214888448df407e2154ca871d6ffec41ab18698e Author: Rich Salz Date: Mon Aug 16 16:29:09 2021 -0400 Set KERNEL_BITS, add CONFIG_NOWAIT Avoid perl "undefined variable in regexp" message. Not all uses were changed because I wasn't sure. Add support for CONFIG_NOWAIT environment variable. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16325) commit 92115096c31bf5d2ddd3263a21d2cb86b3dbfe3f Author: Rich Salz Date: Mon Aug 16 16:25:03 2021 -0400 Minor doc enhancements to INSTALL.md Describe current relationship between config and Configure. Put the environment variable list in alphabetical order. Add description of KERNEL_BITS. Add new variable CONFIG_NOWAIT. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16325) ----------------------------------------------------------------------- Summary of changes: Configure | 4 +++- INSTALL.md | 38 ++++++++++++++++++++++++-------------- util/perl/OpenSSL/config.pm | 10 +++++----- 3 files changed, 32 insertions(+), 20 deletions(-) diff --git a/Configure b/Configure index 2264e090c5..b00b91ac63 100755 --- a/Configure +++ b/Configure @@ -63,6 +63,8 @@ EOF # (Default: PREFIX/ssl) # --banner=".." Output specified text instead of default completion banner # +# -w Don't wait after showing a Configure warning +# # --cross-compile-prefix Add specified prefix to binutils components. # # --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0 @@ -898,7 +900,7 @@ while (@argvcopy) { $guess_opts{verbose} = 1; } - elsif (/^-w$/) # From older 'config' + elsif (/^-w$/) { $guess_opts{nowait} = 1; } diff --git a/INSTALL.md b/INSTALL.md index c717dfcdf0..722a88bf04 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -587,6 +587,13 @@ alternative, you can use the language specific variables, `CFLAGS` and `CXXFLAGS Use the specified text instead of the default banner at the end of configuration. +### --w + +On platforms where the choice of 32-bit or 64-bit architecture +is not explicitly specified, `Configure` will print a warning +message and wait for a few seconds to let you interrupt the +configuration. Using this flag skips the wait. + ### no-bulk Build only some minimal set of features. @@ -1142,11 +1149,9 @@ Configure OpenSSL ### Automatic Configuration -On some platform a `config` script is available which attempts to guess -your operating system (and compiler, if necessary) and calls the `Configure` -Perl script with appropriate target based on its guess. Further options can -be supplied to the `config` script, which will be passed on to the `Configure` -script. +In previous version, the `config` script determined the platform type and +compiler and then called `Configure`. Starting with this release, they are +the same. #### Unix / Linux / macOS @@ -1411,6 +1416,18 @@ over the build process. Typically these should be defined prior to running "--cross-compile-prefix" Configure flag described above. If both are set then the Configure flag takes precedence. + HASHBANGPERL + The command string for the Perl executable to insert in the + #! line of perl scripts that will be publicly installed. + Default: /usr/bin/env perl + Note: the value of this variable is added to the same scripts + on all platforms, but it's only relevant on Unix-like platforms. + + KERNEL_BITS + This can be the value `32` or `64` to specify the architecture + when it is not "obvious" to the configuration. It should generally + not be necessary to specify this environment variable. + NM The name of the nm executable to use. @@ -1435,12 +1452,8 @@ over the build process. Typically these should be defined prior to running Only needed if builing should use a different Perl executable than what is used to run the Configure script. - HASHBANGPERL - The command string for the Perl executable to insert in the - #! line of perl scripts that will be publicly installed. - Default: /usr/bin/env perl - Note: the value of this variable is added to the same scripts - on all platforms, but it's only relevant on Unix-like platforms. + RANLIB + The name of the ranlib executable to use. RC The name of the rc executable to use. The default will be as @@ -1449,9 +1462,6 @@ over the build process. Typically these should be defined prior to running variable is synonymous to this. If both are defined then RC takes precedence. - RANLIB - The name of the ranlib executable to use. - WINDRES See RC. diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index 5f549f8024..7250791b5b 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -22,8 +22,8 @@ use Carp; # These control our behavior. my $DRYRUN; my $VERBOSE; -my $WAIT = 1; my $WHERE = dirname($0); +my $WAIT = 1; # Machine type, etc., used to determine the platform my $MACHINE; @@ -452,7 +452,7 @@ EOF [ 'ppc-apple-rhapsody', { target => "rhapsody-ppc" } ], [ 'ppc-apple-darwin.*', sub { - my $KERNEL_BITS = $ENV{KERNEL_BITS}; + my $KERNEL_BITS = $ENV{KERNEL_BITS} // ''; my $ISA64 = `sysctl -n hw.optional.64bitops 2>/dev/null`; if ( $ISA64 == 1 && $KERNEL_BITS eq '' ) { print </dev/null`; if ( $ISA64 == 1 && $KERNEL_BITS eq '' ) { print < "darwin-i386" } if $KERNEL_BITS eq '32'; print < The branch master has been updated via c727cddc9cb4c6c4cfe157727eb5bf7fe9c3fa21 (commit) from ecb09bafad43bc8a722c498f859ed6ad3c73b99b (commit) - Log ----------------------------------------------------------------- commit c727cddc9cb4c6c4cfe157727eb5bf7fe9c3fa21 Author: Beat Bolli Date: Mon Aug 16 22:37:41 2021 +0200 doc: fix a mistyped "=item" perldoc marker Searching didn't reveal any other similar cases. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16354) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-verification-options.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index 70daa986b8..895ee07c60 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -130,7 +130,7 @@ each of its sub-fields equals the corresponding subject key identifier, serial number, and issuer field of the candidate issuer certificate, as far as the respective fields are present in both certificates. -item * +=item * The certificate signature algorithm used to sign the subject certificate is supported and From scan-admin at coverity.com Fri Aug 20 07:50:49 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 20 Aug 2021 07:50:49 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <611f5ed8872d1_277e372ae0be01399c404f1@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D_BFK_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGDp4WIpR7daPr47yKJG2GgfjEN9LpXUIoRRoiZPoRh4ykaPPXfTL0Jg-2B6f-2FKxrkL2G1yUC46or42I-2F8UUnrNF3VwneQuHHoKAMP2qLGs1rjpTTNiUZa1wPl-2BDFTEK0yCDNdfpeVTXJFFjv7bHotV4mtjm5J4pytupds-2BNu5IHhDFj7-2BQDtW5XJs-2FjHT-2FHk4OU-3D Build ID: 403310 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Fri Aug 20 07:52:54 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Fri, 20 Aug 2021 07:52:54 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <611f5f56181d8_277f212ae0be01399c40421@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DCI1W_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHZg5ZqPTK5G5V2VNJMgecYv6wPJp3fdu123DzLhTgkDuZWMRrjvRpWwAoFBfGKZCdcXffcYAtpAEl0BEKq0vnVKIT9gwLtmn43dIw45Fzc-2FbHuxm-2BSwUdsArD27vaEM4Mj22B0SLNEP82TAQXwJvsJBfxRKr9M-2FQjzt-2BAA5sWzlXaTV5Ia247khOyQwr5WsZ4-3D Build ID: 403311 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Fri Aug 20 08:18:22 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Fri, 20 Aug 2021 08:18:22 +0000 Subject: [openssl] master update Message-ID: <1629447502.442621.10671.nullmailer@dev.openssl.org> The branch master has been updated via 43044ede54da4a4d5bd69e34cfb41ea03d7eb847 (commit) from c727cddc9cb4c6c4cfe157727eb5bf7fe9c3fa21 (commit) - Log ----------------------------------------------------------------- commit 43044ede54da4a4d5bd69e34cfb41ea03d7eb847 Author: Omair Majid Date: Wed Aug 18 14:57:57 2021 -0400 Fix documentation referring to 'function code' ERR_GET_FUNC was removed, so remove references to 'function code' as well from docs. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16353) ----------------------------------------------------------------------- Summary of changes: doc/man3/ERR_GET_LIB.pod | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/doc/man3/ERR_GET_LIB.pod b/doc/man3/ERR_GET_LIB.pod index e388d32de2..f0779548e6 100644 --- a/doc/man3/ERR_GET_LIB.pod +++ b/doc/man3/ERR_GET_LIB.pod @@ -18,18 +18,17 @@ ERR_GET_LIB, ERR_GET_REASON, ERR_FATAL_ERROR =head1 DESCRIPTION The error code returned by ERR_get_error() consists of a library -number, function code and reason code. ERR_GET_LIB() +number and reason code. ERR_GET_LIB() and ERR_GET_REASON() can be used to extract these. ERR_FATAL_ERROR() indicates whether a given error code is a fatal error. -The library number and function code describe where the error +The library number describes where the error occurred, the reason code is the information about what went wrong. -Each sub-library of OpenSSL has a unique library number; function and -reason codes are unique within each sub-library. Note that different -libraries may use the same value to signal different functions and -reasons. +Each sub-library of OpenSSL has a unique library number; the +reason code is unique within each sub-library. Note that different +libraries may use the same value to signal different reasons. B reason codes such as B are globally unique. However, when checking for sub-library specific reason codes, @@ -39,7 +38,7 @@ ERR_GET_LIB(), ERR_GET_REASON(), and ERR_FATAL_ERROR() are macros. =head1 RETURN VALUES -The library number, function code, reason code, and whether the error +The library number, reason code, and whether the error is fatal, respectively. Starting with OpenSSL 3.0.0, the function code is always set to zero. From scan-admin at coverity.com Sat Aug 21 07:50:44 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 21 Aug 2021 07:50:44 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6120b05366eb2_293ec02ae1e445599853773@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DDVPL_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH6V-2BLvdDgfRrRgpdqkOLaqRJIfuCrXsOmPre6-2BfOzvrLLBvvOKgqOgQg7r8kg8kbS9-2BoYvGpP35-2BknYWeKYlsXNgSv6e9CWo5dskspBUjwuuAH5BT9l81VzobmzwttMBmp0uBCEeg-2FmCIrFyPoc7kuj37rNPrzajdMOt2ab6p5iVVITjSa-2BNVnMW2wngVktZQ-3D Build ID: 403456 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sat Aug 21 07:52:40 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sat, 21 Aug 2021 07:52:40 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6120b0c8dc11_293f612ae1e44559985379e@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DPJCF_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFTWbKb04kERDXqylwNtazXfnWJJ6sq3QHt4mHkWSme0-2B6zz3F-2FZ1QAtLygGq2lv7jZBGEI7fmBbAeb17rJV5F2oY7h-2FBGngk-2FjN0iyumGeDzNFBawKu0YkM8O5PRzE0Py52k14gkENWVA9BOpSjxoIfErkzzW95silJ9G0luTv2Q2gxD0tGHOVfAAHieUUMIY-3D Build ID: 403457 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Aug 22 07:51:02 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 22 Aug 2021 07:51:02 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <612201e5f159c_2b02012af71aa779ac1093@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Db5B__MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHLU6j6V1MqgiAf2dZLUXzaxmmD1WdjxoLIOj2C4-2BhcPciRtLcruIDuBVAjXAdyUmFQYbpqEMfvfcZeO78QrbO-2BeKffDaCNyIgd5dW1R5vaVER5dOQKKEH981prHZFqr7MRt4EsE-2F0dv5AuNrBPj2ZReIc-2B8HYUeVjD0KLCzyl6pyhEdWNPXBtv30SPiOF69RI-3D Build ID: 403606 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Aug 22 07:53:39 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 22 Aug 2021 07:53:39 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <61220282c41b3_2b02d92af71aa779ac10953@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DITk8_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFj259t-2FrEtEQj6fWtGSQMz5E3uEUcKcE-2BZdV9bgyy5kDRCZad9qrpPrWEZZQEO8o8R2ZM3j58yzu0ovohSRJwo9o6RPlKeCpT2vnTEBIZ5J0aFgE7xN1FOqfTL-2BGb6ykYcBUGYeNYgshVxQRfXSEjBAjhnUSfMp7k9D3F1v3gd1TrbAo0gyomfeLdISNW54X8-3D Build ID: 403607 Analysis Summary: New defects found: 0 Defects eliminated: 0 From beldmit at gmail.com Sun Aug 22 12:23:45 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Sun, 22 Aug 2021 12:23:45 +0000 Subject: [openssl] master update Message-ID: <1629635025.174490.14081.nullmailer@dev.openssl.org> The branch master has been updated via f4d8b29a26cc3ee0ef37e2073c192bdbb2b796c4 (commit) from 43044ede54da4a4d5bd69e34cfb41ea03d7eb847 (commit) - Log ----------------------------------------------------------------- commit f4d8b29a26cc3ee0ef37e2073c192bdbb2b796c4 Author: Dmitry Belyavskiy Date: Fri Aug 20 16:45:15 2021 +0200 Get rid of warn_binary Current implementation of warn_binary introduces a regression when the content is passed in /dev/stdin as an explicit file name and reads the file to be processed twice otherwise. I suggest to reimplement this functionality after 3.0 if necessary. Fixes #16359 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/16367) ----------------------------------------------------------------------- Summary of changes: apps/cms.c | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index c22027e3b1..b30273f171 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -272,31 +272,6 @@ static CMS_ContentInfo *load_content_info(int informat, BIO *in, int flags, return NULL; } -static void warn_binary(const char *file) -{ - BIO *bio; - unsigned char linebuf[1024], *cur, *end; - int len; - - if (file == NULL) - return; /* cannot give a warning for stdin input */ - if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL) - return; /* cannot give a proper warning since there is an error */ - while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) { - end = linebuf + len; - for (cur = linebuf; cur < end; cur++) { - if (*cur == '\0' || *cur >= 0x80) { - BIO_printf(bio_err, "Warning: input file '%s' contains %s" - " character; better use -binary option\n", - file, *cur == '\0' ? "NUL" : "8-bit"); - goto end; - } - } - } - end: - BIO_free(bio); -} - int cms_main(int argc, char **argv) { CONF *conf = NULL; @@ -911,8 +886,6 @@ int cms_main(int argc, char **argv) goto end; } - if ((flags & CMS_BINARY) == 0) - warn_binary(infile); in = bio_open_default(infile, 'r', binary_files ? FORMAT_BINARY : informat); if (in == NULL) @@ -924,8 +897,6 @@ int cms_main(int argc, char **argv) goto end; if (contfile != NULL) { BIO_free(indata); - if ((flags & CMS_BINARY) == 0) - warn_binary(contfile); if ((indata = BIO_new_file(contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; From scan-admin at coverity.com Mon Aug 23 07:50:02 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 23 Aug 2021 07:50:02 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <612353295e40a_2cc7b62ab6bd27399c724bd@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D2WRa_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGzUHkn-2BHQ74sqnBY06OfZjO7nyAIZAdTb9BhENF5Hao0SZRdY8ag80-2FO5g5MAUD4LzBxxJ7axGllOBoFGGkfXofaT653hGMneqPYMnx1ifUJyIH4X-2FJr0-2FCONqBqLa-2BimXr2n33BrdqBBkjNXhJ87Gl-2BEf5RjN5602HHh-2BuMTeKetP-2BHKIDbcRtVef3bTG6XY-3D Build ID: 403767 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Mon Aug 23 07:53:48 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Mon, 23 Aug 2021 07:53:48 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6123540c18ae2_2cc8e12ab6bd27399c724a7@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DyzuR_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGIaBs-2B49bEpAJLCgvBNAEvKu5-2BRgWPvjqiAhnQj6Si2kLryOC7oaVcNgsjay1Wa0kenkWKrVOTLLPbn8DAVkpuy1LBi42ORjnRQxvTdlVYe-2FV8sMPHiew-2B6I6tdC-2FkJ6f25WFJniAoHnmCOkQ1R1TmFwObaVRgLICh5wFdqtZlLZU5-2BnoxXSWvLQZosALMrbs-3D Build ID: 403768 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Mon Aug 23 13:20:38 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 23 Aug 2021 13:20:38 +0000 Subject: [openssl] master update Message-ID: <1629724838.510653.31931.nullmailer@dev.openssl.org> The branch master has been updated via ed3f51ec7d2f8956bff7bedf99b65ff1595e02e8 (commit) from f4d8b29a26cc3ee0ef37e2073c192bdbb2b796c4 (commit) - Log ----------------------------------------------------------------- commit ed3f51ec7d2f8956bff7bedf99b65ff1595e02e8 Author: Zengit Date: Wed Aug 11 17:21:03 2021 +0300 Add a clarification to NOTES-UNIX.md I just wasted almost 2 hours troubleshooting, because lowercase L and 1 look too similar, this should help some people save time. CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16295) ----------------------------------------------------------------------- Summary of changes: NOTES-UNIX.md | 1 + 1 file changed, 1 insertion(+) diff --git a/NOTES-UNIX.md b/NOTES-UNIX.md index 0b0a531db4..293793b605 100644 --- a/NOTES-UNIX.md +++ b/NOTES-UNIX.md @@ -49,6 +49,7 @@ Notes for UNIX-like platforms OpenSSL's configuration scripts recognise all these options and pass them to the Makefile that they build. (In fact, all arguments starting with `-Wl,` are recognised as linker options.) + Please note that 'l' in '-Wl' is lowercase L and not 1. Please do not use verbatim directories in your runtime shared library search path! Some OpenSSL config targets add an extra directory level From scan-admin at coverity.com Tue Aug 24 07:49:39 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 24 Aug 2021 07:49:39 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6124a492c21ff_2e872f2adf4138b9b8365b@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D1t3X_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH1lnoohkQP6ujfHTYUc3szcBmix8EDU9jn1jB48z-2FNZoTm8KtHLD4MrTngv3XmAXiSb4cHlz-2FnUgcCZpMmh-2F-2FbogqhT5SnqvOHOrmMbt0jSzsdOUwkOw1vJNNricYa8OBEfxzPLhlPRXifdEIa6nsY0WA2-2BIJ1xVRh-2FvkE87jBiIKMsZm-2BLi1gATgi9nHRHXs-3D Build ID: 403941 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Tue Aug 24 07:52:01 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Tue, 24 Aug 2021 07:52:01 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6124a5206cfbc_2e880d2adf4138b9b83655e@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D3LTw_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGSQ3fkuVTlkwCoeoKQr4tXj2851hUGWISNerNkA3sUSMADUzOVoUeBch9JqTqQL0t067ipdNrMWALvW0oz7tPDlbSMOfl3etfhkbp-2FwUaYRq6t9xYnmeiXjO9dh4A5PbJSMwdzf4tfcHkRiJIJiXRbDwACE8oT85dZECvfG-2BysZIpx9-2BoYRp4Bf-2ByXwFoFMRA-3D Build ID: 403945 Analysis Summary: New defects found: 0 Defects eliminated: 0 From matt at openssl.org Tue Aug 24 13:48:21 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:48:21 +0000 Subject: [openssl] master update Message-ID: <1629812901.324026.17620.nullmailer@dev.openssl.org> The branch master has been updated via 796f4f7085ac95a1b0ccee8ff3c6c183219cdab2 (commit) via ad1ca777f9702f355a2f74dc5eed713476825f23 (commit) via d07036b98d2ea8b3d9a93181bd8b0cb33a6c8ba1 (commit) via 36cf45ef3ba71e44a8be06ee81cb31aa02cb0010 (commit) via 4b8a8bb75229b64d1c7598d845fdc3c7e7d7eee2 (commit) via e20fc2ee4fc90ac1476b3a9b15b37542bfb1af73 (commit) via 030c5aba94788f152f9ceef3549815df45bef702 (commit) via 7c038a6bcd98d4bbfd2c2892a87a1138d2f7c5f3 (commit) via 98624776c4d501c8badd6f772ab7048ac9191cb9 (commit) via 1f365708a3318a5f1a395f90c38b584a58d37fb9 (commit) via 95f8c1e142df835d03b5b62521383a462fc5470d (commit) via d2015a783e64613d8e4a142fa05048d1863df944 (commit) via 918430ba80d94ec8f05383b43b1872b1ebb13e1a (commit) via b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd (commit) via 1747d4658b3830951068a6a6c1fa2b45c4731fb3 (commit) via ad6ac17489241574136b7d035f01f6175dd9c941 (commit) from ed3f51ec7d2f8956bff7bedf99b65ff1595e02e8 (commit) - Log ----------------------------------------------------------------- commit 796f4f7085ac95a1b0ccee8ff3c6c183219cdab2 Author: Matt Caswell Date: Tue Aug 24 13:37:49 2021 +0100 Updates CHANGES.md and NEWS.md for new 1.1.1 release Reviewed-by: Richard Levitte commit ad1ca777f9702f355a2f74dc5eed713476825f23 Author: Matt Caswell Date: Fri Aug 13 16:58:21 2021 +0100 Check the plaintext buffer is large enough when decrypting SM2 Previously there was no check that the supplied buffer was large enough. It was just assumed to be sufficient. Instead we should check and fail if not. Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri commit d07036b98d2ea8b3d9a93181bd8b0cb33a6c8ba1 Author: Matt Caswell Date: Fri Aug 13 14:49:47 2021 +0100 Extend tests for SM2 decryption Check the case where C1y < 32 bytes in length (i.e. short overhead), and also the case with longer plaintext and C1x and C1y > 32 bytes in length (i.e. long overhead) Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri commit 36cf45ef3ba71e44a8be06ee81cb31aa02cb0010 Author: Matt Caswell Date: Fri Aug 13 14:14:51 2021 +0100 Correctly calculate the length of SM2 plaintext given the ciphertext Previously the length of the SM2 plaintext could be incorrectly calculated. The plaintext length was calculated by taking the ciphertext length and taking off an "overhead" value. The overhead value was assumed to have a "fixed" element of 10 bytes. This is incorrect since in some circumstances it can be more than 10 bytes. Additionally the overhead included the length of two integers C1x and C1y, which were assumed to be the same length as the field size (32 bytes for the SM2 curve). However in some cases these integers can have an additional padding byte when the msb is set, to disambiguate them from negative integers. Additionally the integers can also be less than 32 bytes in length in some cases. If the calculated overhead is incorrect and larger than the actual value this can result in the calculated plaintext length being too small. Applications are likely to allocate buffer sizes based on this and therefore a buffer overrun can occur. CVE-2021-3711 Issue reported by John Ouyang. Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri commit 4b8a8bb75229b64d1c7598d845fdc3c7e7d7eee2 Author: Matt Caswell Date: Fri Aug 20 15:23:32 2021 +0100 Fix the error handling in i2v_AUTHORITY_KEYID Previously if an error path is entered a leak could result. Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit e20fc2ee4fc90ac1476b3a9b15b37542bfb1af73 Author: Matt Caswell Date: Thu Aug 19 15:25:04 2021 +0100 Allow fuzz builds to detect string overruns If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it any for safety in normal builds. Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit 030c5aba94788f152f9ceef3549815df45bef702 Author: Matt Caswell Date: Thu Aug 19 12:24:17 2021 +0100 Fix EC_GROUP_new_from_ecparameters to check the base length Check that there's at least one byte in params->base before trying to read it. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit 7c038a6bcd98d4bbfd2c2892a87a1138d2f7c5f3 Author: Matt Caswell Date: Thu Aug 19 12:23:38 2021 +0100 Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit 98624776c4d501c8badd6f772ab7048ac9191cb9 Author: Matt Caswell Date: Wed Aug 18 17:58:23 2021 +0100 Fix append_ia5 function to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit 1f365708a3318a5f1a395f90c38b584a58d37fb9 Author: Matt Caswell Date: Wed Aug 18 17:37:41 2021 +0100 Fix test code to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit 95f8c1e142df835d03b5b62521383a462fc5470d Author: Matt Caswell Date: Wed Aug 18 17:37:23 2021 +0100 Fix CMP code to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit d2015a783e64613d8e4a142fa05048d1863df944 Author: Matt Caswell Date: Wed Aug 18 17:08:58 2021 +0100 Fix the name constraints code to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit 918430ba80d94ec8f05383b43b1872b1ebb13e1a Author: Matt Caswell Date: Wed Aug 18 14:02:40 2021 +0100 Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit b2b3b9c9936b91315adc0f3254879cb2fd5ca2bd Author: Matt Caswell Date: Wed Aug 18 12:34:55 2021 +0100 Fix GENERAL_NAME_print to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit 1747d4658b3830951068a6a6c1fa2b45c4731fb3 Author: Matt Caswell Date: Wed Aug 18 12:31:38 2021 +0100 Fix POLICYINFO printing to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin commit ad6ac17489241574136b7d035f01f6175dd9c941 Author: Matt Caswell Date: Wed Aug 18 12:24:22 2021 +0100 Fix i2v_GENERAL_NAME to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: David Benjamin ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 69 ++++++++++- NEWS.md | 6 +- crypto/asn1/asn1_lib.c | 12 +- crypto/asn1/t_spki.c | 2 +- crypto/cmp/cmp_hdr.c | 3 +- crypto/cmp/cmp_local.h | 2 +- crypto/cmp/cmp_msg.c | 6 +- crypto/cmp/cmp_status.c | 3 +- crypto/cmp/cmp_util.c | 4 +- crypto/ec/ec_asn1.c | 3 +- crypto/sm2/sm2_crypt.c | 28 ++--- crypto/x509/v3_akid.c | 33 +++-- crypto/x509/v3_cpols.c | 9 +- crypto/x509/v3_ncons.c | 135 ++++++++++++++------- crypto/x509/v3_pci.c | 3 +- crypto/x509/v3_san.c | 46 ++++--- crypto/x509/v3_utl.c | 51 ++++++-- ...67 => 0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c} | Bin 457 -> 457 bytes include/crypto/sm2.h | 4 +- include/crypto/x509.h | 3 + providers/implementations/asymciphers/sm2_enc.c | 2 +- test/cmp_status_test.c | 3 +- test/helpers/pkcs12.c | 7 +- test/recipes/30-test_evp_data/evppkey_sm2.txt | 12 ++ test/sm2_internal_test.c | 2 +- test/x509_time_test.c | 10 +- 26 files changed, 340 insertions(+), 118 deletions(-) copy fuzz/corpora/x509/{a936a50b93a82a7d311aa3cda7f634602b524767 => 0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c} (68%) diff --git a/CHANGES.md b/CHANGES.md index bcb1601d26..5fdec520b7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1358,7 +1358,74 @@ breaking changes, and mappings for the large list of deprecated functions. OpenSSL 1.1.1 ------------- -### Changes between 1.1.1j and 1.1.1k [xx XXX xxxx] +### Changes between 1.1.1k and 1.1.1l [24 Aug 2021] + + * Fixed an SM2 Decryption Buffer Overflow. + + In order to decrypt SM2 encrypted data an application is expected to call the + API function EVP_PKEY_decrypt(). Typically an application will call this + function twice. The first time, on entry, the "out" parameter can be NULL and, + on exit, the "outlen" parameter is populated with the buffer size required to + hold the decrypted plaintext. The application can then allocate a sufficiently + sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL + value for the "out" parameter. + + A bug in the implementation of the SM2 decryption code means that the + calculation of the buffer size required to hold the plaintext returned by the + first call to EVP_PKEY_decrypt() can be smaller than the actual size required by + the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is + called by the application a second time with a buffer that is too small. + + A malicious attacker who is able present SM2 content for decryption to an + application could cause attacker chosen data to overflow the buffer by up to a + maximum of 62 bytes altering the contents of other data held after the + buffer, possibly changing application behaviour or causing the application to + crash. The location of the buffer is application dependent but is typically + heap allocated. + ([CVE-2021-3711]) + + *Matt Caswell* + + * Fixed various read buffer overruns processing ASN.1 strings + + ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING + structure which contains a buffer holding the string data and a field holding + the buffer length. This contrasts with normal C strings which are repesented as + a buffer for the string data which is terminated with a NUL (0) byte. + + Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's + own "d2i" functions (and other similar parsing functions) as well as any string + whose value has been set with the ASN1_STRING_set() function will additionally + NUL terminate the byte array in the ASN1_STRING structure. + + However, it is possible for applications to directly construct valid ASN1_STRING + structures which do not NUL terminate the byte array by directly setting the + "data" and "length" fields in the ASN1_STRING array. This can also happen by + using the ASN1_STRING_set0() function. + + Numerous OpenSSL functions that print ASN.1 data have been found to assume that + the ASN1_STRING byte array will be NUL terminated, even though this is not + guaranteed for strings that have been directly constructed. Where an application + requests an ASN.1 structure to be printed, and where that ASN.1 structure + contains ASN1_STRINGs that have been directly constructed by the application + without NUL terminating the "data" field, then a read buffer overrun can occur. + + The same thing can also occur during name constraints processing of certificates + (for example if a certificate has been directly constructed by the application + instead of loading it via the OpenSSL parsing functions, and the certificate + contains non NUL terminated ASN1_STRING structures). It can also occur in the + X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. + + If a malicious actor can cause an application to directly construct an + ASN1_STRING and then process it through one of the affected OpenSSL functions + then this issue could be hit. This might result in a crash (causing a Denial of + Service attack). It could also result in the disclosure of private memory + contents (such as private keys, or sensitive plaintext). + ([CVE-2021-3712]) + + *Matt Caswell* + +### Changes between 1.1.1j and 1.1.1k [25 Mar 2021] * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of diff --git a/NEWS.md b/NEWS.md index 13a4e1bbf6..02227ef755 100644 --- a/NEWS.md +++ b/NEWS.md @@ -89,7 +89,11 @@ OpenSSL 3.0 OpenSSL 1.1.1 ------------- -### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [under development] +### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] + * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) + * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) + +### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index bdd0ec488d..02c34a4438 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -301,7 +301,12 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) } if ((size_t)str->length <= len || str->data == NULL) { c = str->data; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* No NUL terminator in fuzzing builds */ + str->data = OPENSSL_realloc(c, len); +#else str->data = OPENSSL_realloc(c, len + 1); +#endif if (str->data == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); str->data = c; @@ -311,8 +316,13 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) str->length = len; if (data != NULL) { memcpy(str->data, data, len); - /* an allowance for strings :-) */ +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* + * Add a NUL terminator. This should not be necessary - but we add it as + * a safety precaution + */ str->data[len] = '\0'; +#endif } return 1; } diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index b634808c43..3d85e08686 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) } chal = spki->spkac->challenge; if (chal->length) - BIO_printf(out, " Challenge String: %s\n", chal->data); + BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); i = OBJ_obj2nid(spki->sig_algor.algorithm); BIO_printf(out, " Signature Algorithm: %s", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index 86be2546d5..8c553af61a 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -181,7 +181,8 @@ int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text) return 0; return - ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data); + ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data, + text->length); } int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index f2a0587ca4..3da021043b 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -744,7 +744,7 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, int only_self_issued); STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, - const char *text); + const char *text, int len); int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, const ASN1_OCTET_STRING *src); int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 5fb67ae2cb..10ef4cd922 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -758,13 +758,13 @@ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, goto err; msg->body->value.error->errorDetails = ft; if (lib != NULL && *lib != '\0' - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib)) + && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib, -1)) goto err; if (reason != NULL && *reason != '\0' - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason)) + && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason, -1)) goto err; if (details != NULL - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details)) + && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details, -1)) goto err; } diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c index dc14f754de..f1e7b4bc02 100644 --- a/crypto/cmp/cmp_status.c +++ b/crypto/cmp/cmp_status.c @@ -220,7 +220,8 @@ char *snprint_PKIStatusInfo_parts(int status, int fail_info, ADVANCE_BUFFER; for (i = 0; i < n_status_strings; i++) { text = sk_ASN1_UTF8STRING_value(status_strings, i); - printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%s\"%s", + printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%.*s\"%s", + ASN1_STRING_length(text), ASN1_STRING_get0_data(text), i < n_status_strings - 1 ? ", " : ""); ADVANCE_BUFFER; diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index fbb8d1e249..ed611d64dd 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -221,7 +221,7 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, } int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, - const char *text) + const char *text, int len) { ASN1_UTF8STRING *utf8string; @@ -229,7 +229,7 @@ int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, return 0; if ((utf8string = ASN1_UTF8STRING_new()) == NULL) return 0; - if (!ASN1_STRING_set(utf8string, text, -1)) + if (!ASN1_STRING_set(utf8string, text, len)) goto err; if (!sk_ASN1_UTF8STRING_push(sk, utf8string)) goto err; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 0e37b21ac3..b3a791eb64 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -699,7 +699,8 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) if (params->order == NULL || params->base == NULL - || params->base->data == NULL) { + || params->base->data == NULL + || params->base->length == 0) { ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); goto err; } diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index 105dd4ce70..e26b48390a 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -67,29 +67,21 @@ static size_t ec_field_size(const EC_GROUP *group) return field_size; } -int ossl_sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, - size_t msg_len, size_t *pt_size) +int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, + size_t *pt_size) { - const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); - const int md_size = EVP_MD_get_size(digest); - size_t overhead; + struct SM2_Ciphertext_st *sm2_ctext = NULL; - if (md_size < 0) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_DIGEST); - return 0; - } - if (field_size == 0) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_FIELD); - return 0; - } + sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); - overhead = 10 + 2 * field_size + (size_t)md_size; - if (msg_len <= overhead) { + if (sm2_ctext == NULL) { ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); return 0; } - *pt_size = msg_len - overhead; + *pt_size = sm2_ctext->C2->length; + SM2_Ciphertext_free(sm2_ctext); + return 1; } @@ -320,6 +312,10 @@ int ossl_sm2_decrypt(const EC_KEY *key, C2 = sm2_ctext->C2->data; C3 = sm2_ctext->C3->data; msg_len = sm2_ctext->C2->length; + if (*ptext_len < (size_t)msg_len) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL); + goto done; + } ctx = BN_CTX_new_ex(libctx); if (ctx == NULL) { diff --git a/crypto/x509/v3_akid.c b/crypto/x509/v3_akid.c index c8693a4ef5..5abd35d644 100644 --- a/crypto/x509/v3_akid.c +++ b/crypto/x509/v3_akid.c @@ -40,29 +40,48 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *extlist) { - char *tmp; + char *tmp = NULL; + STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; + if (akeyid->keyid) { tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); if (tmp == NULL) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); return NULL; } - X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, - tmp, &extlist); + if (!X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, + tmp, &extlist)) { + OPENSSL_free(tmp); + ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB); + goto err; + } OPENSSL_free(tmp); } - if (akeyid->issuer) - extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (akeyid->issuer) { + tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (tmpextlist == NULL) { + ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB); + goto err; + } + extlist = tmpextlist; + } if (akeyid->serial) { tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); if (tmp == NULL) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; + } + if (!X509V3_add_value("serial", tmp, &extlist)) { + OPENSSL_free(tmp); + goto err; } - X509V3_add_value("serial", tmp, &extlist); OPENSSL_free(tmp); } return extlist; + err: + if (origextlist == NULL) + sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); + return NULL; } /*- diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c index 3ccf67ef75..5353a69167 100644 --- a/crypto/x509/v3_cpols.c +++ b/crypto/x509/v3_cpols.c @@ -426,7 +426,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, qualinfo = sk_POLICYQUALINFO_value(quals, i); switch (OBJ_obj2nid(qualinfo->pqualid)) { case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %s", indent, "", + BIO_printf(out, "%*sCPS: %.*s", indent, "", + qualinfo->d.cpsuri->length, qualinfo->d.cpsuri->data); break; @@ -450,7 +451,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %s\n", indent, "", + BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", + ref->organization->length, ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); @@ -474,7 +476,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) BIO_puts(out, "\n"); } if (notice->exptext) - BIO_printf(out, "%*sExplicit Text: %s", indent, "", + BIO_printf(out, "%*sExplicit Text: %.*s", indent, "", + notice->exptext->length, notice->exptext->data); } diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index d3b9e8c6f1..dc56fe2c0c 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -66,8 +66,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +#define IA5_OFFSET_LEN(ia5base, offset) \ + ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) + +/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the + * starting point to search from + */ +# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) + +/* Like memrrchr but for ASN1_IA5STRING */ +static char *ia5memrchr(ASN1_IA5STRING *str, int c) +{ + int i; + + for (i = str->length; i > 0 && str->data[i - 1] != c; i--); + + if (i == 0) + return NULL; + + return (char *)&str->data[i - 1]; +} + /* - * We cannot use strncasecmp here because that applies locale specific rules. + * We cannot use strncasecmp here because that applies locale specific rules. It + * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. * For example in Turkish 'I' is not the uppercase character for 'i'. We need to * do a simple ASCII case comparison ignoring the locale (that is why we use * numeric constants below). @@ -92,20 +115,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n) /* c1 > c2 */ return 1; - } else if (*s1 == 0) { - /* If we get here we know that *s2 == 0 too */ - return 0; } } return 0; } -static int ia5casecmp(const char *s1, const char *s2) -{ - return ia5ncasecmp(s1, s2, SIZE_MAX); -} - static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { @@ -334,7 +349,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) --utf8_length; /* Reject *embedded* NULs */ - if ((size_t)utf8_length != strlen((char *)utf8_value)) { + if (memchr(utf8_value, 0, utf8_length) != NULL) { OPENSSL_free(utf8_value); return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; } @@ -571,8 +586,12 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) char *dnsptr = (char *)dns->data; /* Empty matches everything */ - if (*baseptr == '\0') + if (base->length == 0) return X509_V_OK; + + if (dns->length < base->length) + return X509_V_ERR_PERMITTED_VIOLATION; + /* * Otherwise can add zero or more components on the left so compare RHS * and if dns is longer and expect '.' as preceding character. @@ -583,7 +602,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) return X509_V_ERR_PERMITTED_VIOLATION; } - if (ia5casecmp(baseptr, dnsptr)) + if (ia5ncasecmp(baseptr, dnsptr, base->length)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -600,63 +619,90 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) static int nc_email_eai(ASN1_TYPE *emltype, ASN1_IA5STRING *base) { ASN1_UTF8STRING *eml; - const char *baseptr = (char *)base->data; + char *baseptr = NULL; const char *emlptr; const char *emlat; char ulabel[256]; size_t size = sizeof(ulabel) - 1; + int ret = X509_V_OK; + size_t emlhostlen; - if (emltype->type != V_ASN1_UTF8STRING) + /* We do not accept embedded NUL characters */ + if (base->length > 0 && memchr(base->data, 0, base->length) != NULL) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + /* 'base' may not be NUL terminated. Create a copy that is */ + baseptr = OPENSSL_strndup((char *)base->data, base->length); + if (baseptr == NULL) + return X509_V_ERR_OUT_OF_MEM; + + if (emltype->type != V_ASN1_UTF8STRING) { + ret = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + goto end; + } + eml = emltype->value.utf8string; emlptr = (char *)eml->data; - emlat = strrchr(emlptr, '@'); + emlat = ia5memrchr(eml, '@'); - if (emlat == NULL) - return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + if (emlat == NULL) { + ret = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + goto end; + } memset(ulabel, 0, sizeof(ulabel)); /* Special case: initial '.' is RHS match */ if (*baseptr == '.') { ulabel[0] = '.'; size -= 1; - if (ossl_a2ulabel(baseptr, ulabel + 1, &size) <= 0) - return X509_V_ERR_UNSPECIFIED; + if (ossl_a2ulabel(baseptr, ulabel + 1, &size) <= 0) { + ret = X509_V_ERR_UNSPECIFIED; + goto end; + } - if ((size_t)eml->length > size + 1) { - emlptr += eml->length - (size + 1); - if (ia5casecmp(ulabel, emlptr) == 0) - return X509_V_OK; + if ((size_t)eml->length > strlen(ulabel)) { + emlptr += eml->length - (strlen(ulabel)); + /* X509_V_OK */ + if (ia5ncasecmp(ulabel, emlptr, strlen(ulabel)) == 0) + goto end; } - return X509_V_ERR_PERMITTED_VIOLATION; + ret = X509_V_ERR_PERMITTED_VIOLATION; + goto end; } - emlptr = emlat + 1; - if (ossl_a2ulabel(baseptr, ulabel, &size) <= 0) - return X509_V_ERR_UNSPECIFIED; + if (ossl_a2ulabel(baseptr, ulabel, &size) <= 0) { + ret = X509_V_ERR_UNSPECIFIED; + goto end; + } /* Just have hostname left to match: case insensitive */ - if (ia5casecmp(ulabel, emlptr)) - return X509_V_ERR_PERMITTED_VIOLATION; - - return X509_V_OK; + emlptr = emlat + 1; + emlhostlen = IA5_OFFSET_LEN(eml, emlptr); + if (emlhostlen != strlen(ulabel) + || ia5ncasecmp(ulabel, emlptr, emlhostlen) != 0) { + ret = X509_V_ERR_PERMITTED_VIOLATION; + goto end; + } + end: + OPENSSL_free(baseptr); + return ret; } static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *emlptr = (char *)eml->data; + const char *baseat = ia5memrchr(base, '@'); + const char *emlat = ia5memrchr(eml, '@'); + size_t basehostlen, emlhostlen; - const char *baseat = strrchr(baseptr, '@'); - const char *emlat = strrchr(emlptr, '@'); if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (!baseat && (*baseptr == '.')) { + if (!baseat && base->length > 0 && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (ia5casecmp(baseptr, emlptr) == 0) + if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -676,8 +722,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) baseptr = baseat + 1; } emlptr = emlat + 1; + basehostlen = IA5_OFFSET_LEN(base, baseptr); + emlhostlen = IA5_OFFSET_LEN(eml, emlptr); /* Just have hostname left to match: case insensitive */ - if (ia5casecmp(baseptr, emlptr)) + if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -688,11 +736,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *hostptr = (char *)uri->data; - const char *p = strchr(hostptr, ':'); + const char *p = ia5memchr(uri, (char *)uri->data, ':'); int hostlen; /* Check for foo:// and skip past it */ - if (p == NULL || p[1] != '/' || p[2] != '/') + if (p == NULL + || IA5_OFFSET_LEN(uri, p) < 3 + || p[1] != '/' + || p[2] != '/') return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; hostptr = p + 3; @@ -700,13 +751,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) /* Look for a port indicator as end of hostname first */ - p = strchr(hostptr, ':'); + p = ia5memchr(uri, hostptr, ':'); /* Otherwise look for trailing slash */ if (p == NULL) - p = strchr(hostptr, '/'); + p = ia5memchr(uri, hostptr, '/'); if (p == NULL) - hostlen = strlen(hostptr); + hostlen = IA5_OFFSET_LEN(uri, hostptr); else hostlen = p - hostptr; @@ -714,7 +765,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (*baseptr == '.') { + if (base->length > 0 && *baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; if (ia5ncasecmp(p, baseptr, base->length) == 0) diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c index 7a7c91f776..a931e01a9c 100644 --- a/crypto/x509/v3_pci.c +++ b/crypto/x509/v3_pci.c @@ -76,7 +76,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO_printf(out, "%*sPolicy Language: ", indent, ""); i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) - BIO_printf(out, "\n%*sPolicy Text: %s", indent, "", + BIO_printf(out, "\n%*sPolicy Text: %.*s", indent, "", + pci->proxyPolicy->policy->length, pci->proxyPolicy->policy->data); return 1; } diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index ef9200cbaa..26708aefae 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "crypto/x509.h" #include #include #include @@ -87,36 +88,41 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, switch (OBJ_obj2nid(gen->d.otherName->type_id)) { case NID_id_on_SmtpUTF8Mailbox: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !X509V3_add_value_uchar("othername: SmtpUTF8Mailbox:", + || !x509v3_add_len_value_uchar("othername: SmtpUTF8Mailbox:", gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, &ret)) return NULL; break; case NID_XmppAddr: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !X509V3_add_value_uchar("othername: XmppAddr:", + || !x509v3_add_len_value_uchar("othername: XmppAddr:", gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, &ret)) return NULL; break; case NID_SRVName: if (gen->d.otherName->value->type != V_ASN1_IA5STRING - || !X509V3_add_value_uchar("othername: SRVName:", + || !x509v3_add_len_value_uchar("othername: SRVName:", gen->d.otherName->value->value.ia5string->data, + gen->d.otherName->value->value.ia5string->length, &ret)) return NULL; break; case NID_ms_upn: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !X509V3_add_value_uchar("othername: UPN:", + || !x509v3_add_len_value_uchar("othername: UPN:", gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, &ret)) return NULL; break; case NID_NAIRealm: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !X509V3_add_value_uchar("othername: NAIRealm:", + || !x509v3_add_len_value_uchar("othername: NAIRealm:", gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, &ret)) return NULL; break; @@ -129,14 +135,16 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, /* check if the value is something printable */ if (gen->d.otherName->value->type == V_ASN1_IA5STRING) { - if (X509V3_add_value_uchar(othername, + if (x509v3_add_len_value_uchar(othername, gen->d.otherName->value->value.ia5string->data, + gen->d.otherName->value->value.ia5string->length, &ret)) return ret; } if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { - if (X509V3_add_value_uchar(othername, + if (x509v3_add_len_value_uchar(othername, gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, &ret)) return ret; } @@ -157,17 +165,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, break; case GEN_EMAIL: - if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_DNS: - if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_URI: - if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; @@ -212,23 +223,28 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) switch (nid) { case NID_id_on_SmtpUTF8Mailbox: - BIO_printf(out, "othername:SmtpUTF8Mailbox:%s", + BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_XmppAddr: - BIO_printf(out, "othername:XmppAddr:%s", + BIO_printf(out, "othername:XmppAddr:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_SRVName: - BIO_printf(out, "othername:SRVName:%s", + BIO_printf(out, "othername:SRVName:%.*s", + gen->d.otherName->value->value.ia5string->length, gen->d.otherName->value->value.ia5string->data); break; case NID_ms_upn: - BIO_printf(out, "othername:UPN:%s", + BIO_printf(out, "othername:UPN:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; case NID_NAIRealm: - BIO_printf(out, "othername:NAIRealm:%s", + BIO_printf(out, "othername:NAIRealm:%.*s", + gen->d.otherName->value->value.utf8string->length, gen->d.otherName->value->value.utf8string->data); break; default: diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 77d5421349..5c63d2d9d8 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -12,6 +12,7 @@ #include "e_os.h" #include "internal/cryptlib.h" #include +#include #include "crypto/ctype.h" #include #include @@ -36,17 +37,23 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); /* Add a CONF_VALUE name value pair to stack */ -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) +static int x509v3_add_len_value(const char *name, const char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; int sk_allocated = (*extlist == NULL); - if (name && (tname = OPENSSL_strdup(name)) == NULL) - goto err; - if (value && (tvalue = OPENSSL_strdup(value)) == NULL) + if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) goto err; + if (value != NULL) { + /* We don't allow embeded NUL characters */ + if (memchr(value, 0, vallen) != NULL) + goto err; + tvalue = OPENSSL_strndup(value, vallen); + if (tvalue == NULL) + goto err; + } if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) @@ -69,10 +76,26 @@ int X509V3_add_value(const char *name, const char *value, return 0; } +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, value, + value != NULL ? strlen((const char *)value) : 0, + extlist); +} + int X509V3_add_value_uchar(const char *name, const unsigned char *value, STACK_OF(CONF_VALUE) **extlist) { - return X509V3_add_value(name, (const char *)value, extlist); + return x509v3_add_len_value(name, (const char *)value, + value != NULL ? strlen((const char *)value) : 0, + extlist); +} + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, (const char *)value, vallen, extlist); } /* Free function for STACK_OF(CONF_VALUE) */ @@ -506,17 +529,25 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, /* First some sanity checks */ if (email->type != V_ASN1_IA5STRING) return 1; - if (!email->data || !email->length) + if (email->data == NULL || email->length == 0) + return 1; + if (memchr(email->data, 0, email->length) != NULL) return 1; if (*sk == NULL) *sk = sk_OPENSSL_STRING_new(sk_strcmp); if (*sk == NULL) return 0; + + emtmp = OPENSSL_strndup((char *)email->data, email->length); + if (emtmp == NULL) + return 0; + /* Don't add duplicates */ - if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) + if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { + OPENSSL_free(emtmp); return 1; - emtmp = OPENSSL_strdup((char *)email->data); - if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { + } + if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { OPENSSL_free(emtmp); /* free on push failure */ X509_email_free(*sk); *sk = NULL; diff --git a/fuzz/corpora/x509/a936a50b93a82a7d311aa3cda7f634602b524767 b/fuzz/corpora/x509/0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c similarity index 68% copy from fuzz/corpora/x509/a936a50b93a82a7d311aa3cda7f634602b524767 copy to fuzz/corpora/x509/0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c index f06d9cb014..afb6c2d916 100644 Binary files a/fuzz/corpora/x509/a936a50b93a82a7d311aa3cda7f634602b524767 and b/fuzz/corpora/x509/0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c differ diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h index 165c01810f..9ab6c0b722 100644 --- a/include/crypto/sm2.h +++ b/include/crypto/sm2.h @@ -67,8 +67,8 @@ int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen, int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, size_t *ct_size); -int ossl_sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, - size_t msg_len, size_t *pt_size); +int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, + size_t *pt_size); int ossl_sm2_encrypt(const EC_KEY *key, const EVP_MD *digest, diff --git a/include/crypto/x509.h b/include/crypto/x509.h index db83db0c92..599db841a7 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -361,3 +361,6 @@ int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, long length); #endif + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist); diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c index c9dba32ffb..9577d16e83 100644 --- a/providers/implementations/asymciphers/sm2_enc.c +++ b/providers/implementations/asymciphers/sm2_enc.c @@ -110,7 +110,7 @@ static int sm2_asym_decrypt(void *vpsm2ctx, unsigned char *out, size_t *outlen, return 0; if (out == NULL) { - if (!ossl_sm2_plaintext_size(psm2ctx->key, md, inlen, outlen)) + if (!ossl_sm2_plaintext_size(in, inlen, outlen)) return 0; return 1; } diff --git a/test/cmp_status_test.c b/test/cmp_status_test.c index 6248cc9b32..09a8e69181 100644 --- a/test/cmp_status_test.c +++ b/test/cmp_status_test.c @@ -58,7 +58,8 @@ static int execute_PKISI_test(CMP_STATUS_TEST_FIXTURE *fixture) if (!TEST_ptr(statusString = sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusString(si), 0)) - || !TEST_str_eq(fixture->text, (char *)statusString->data)) + || !TEST_mem_eq(fixture->text, strlen(fixture->text), + (char *)statusString->data, statusString->length)) goto end; if (!TEST_int_eq(fixture->pkifailure, diff --git a/test/helpers/pkcs12.c b/test/helpers/pkcs12.c index cb94be7b88..a87683dc95 100644 --- a/test/helpers/pkcs12.c +++ b/test/helpers/pkcs12.c @@ -479,12 +479,15 @@ static int check_asn1_string(const ASN1_TYPE *av, const char *txt) break; case V_ASN1_UTF8STRING: - if (!TEST_str_eq(txt, (char *)av->value.utf8string->data)) + if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data, + av->value.utf8string->length)) goto err; break; case V_ASN1_OCTET_STRING: - if (!TEST_str_eq(txt, (char *)av->value.octet_string->data)) + if (!TEST_mem_eq(txt, strlen(txt), + (char *)av->value.octet_string->data, + av->value.octet_string->length)) goto err; break; diff --git a/test/recipes/30-test_evp_data/evppkey_sm2.txt b/test/recipes/30-test_evp_data/evppkey_sm2.txt index c32142d833..410be7abee 100644 --- a/test/recipes/30-test_evp_data/evppkey_sm2.txt +++ b/test/recipes/30-test_evp_data/evppkey_sm2.txt @@ -53,6 +53,18 @@ Ctrl = digest:SM3 Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 Output = "The floofy bunnies hop at midnight" +# Test with an C1y value < 32 bytes in length (self generated) +Availablein = default +Decrypt = SM2_key1 +Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6 +Output = "Hello World" + +# Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated) +Availablein = default +Decrypt = SM2_key1 +Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533 +Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah." + # This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface # is capable of creating a signature without failing, but it does not say # anything about the generated signature being valid, nor does it test the diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index e91a1a4898..22d23b6c5c 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -183,7 +183,7 @@ static int test_sm2_crypt(const EC_GROUP *group, if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) goto done; - if (!TEST_true(ossl_sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) + if (!TEST_true(ossl_sm2_plaintext_size(ctext, ctext_len, &ptext_len)) || !TEST_int_eq(ptext_len, msg_len)) goto done; diff --git a/test/x509_time_test.c b/test/x509_time_test.c index d6f4330a55..711dfcb5b6 100644 --- a/test/x509_time_test.c +++ b/test/x509_time_test.c @@ -382,10 +382,12 @@ static int test_x509_time(int idx) /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ if (t != NULL && x509_format_tests[idx].expected_string) { - if (!TEST_str_eq((const char *)t->data, - x509_format_tests[idx].expected_string)) { - TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n", - idx, x509_format_tests[idx].expected_string, t->data); + if (!TEST_mem_eq((const char *)t->data, t->length, + x509_format_tests[idx].expected_string, + strlen(x509_format_tests[idx].expected_string))) { + TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n", + idx, x509_format_tests[idx].expected_string, t->length, + t->data); goto out; } } From matt at openssl.org Tue Aug 24 13:48:44 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:48:44 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629812924.062525.19578.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a2056b09fbef58bcb79b0fe8b88b592c560eb32f (commit) via fb047ebc87b18bdc4cf9ddee9ee1f5ed93e56aff (commit) via 4e5d5077096c7bff1bfe2ae835957f827334e9c6 (commit) via 6f2a7abe22de08bdaacf0025349b30d46826108a (commit) via 4f8ce5b7cf4a4342a5f7c028077411fed59189ba (commit) via 515ac8b5e544dd713a2b4cabfc54b722d122c218 (commit) via 733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (commit) via 59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (commit) via 8c74c9d1ade0fbdab5b815ddb747351b8b839641 (commit) via d9bfd68295146b6afad288ef4145aeb5eb0e6c66 (commit) via 94d23fcff9b2a7a8368dfe52214d5c2569882c11 (commit) via 2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (commit) via bb4d2ed4091408404e18b3326e3df67848ef63d0 (commit) via 4de66925203ca99189c842136ec4a623137ea447 (commit) via 8393de42498f8be75cf0353f5c9f906a43a748d2 (commit) via 23446958685a593d4d9434475734b99138902ed2 (commit) via 5f54e57406ca17731b9ade3afd561d3c652e07f2 (commit) via 174ba8048a7f2f5e1fca31cfb93b1730d9db8300 (commit) from 4f850d7221ef6d9010053434d8ae43da13ad8fde (commit) - Log ----------------------------------------------------------------- commit a2056b09fbef58bcb79b0fe8b88b592c560eb32f Author: Matt Caswell Date: Tue Aug 24 14:39:03 2021 +0100 Prepare for 1.1.1m-dev Reviewed-by: Richard Levitte commit fb047ebc87b18bdc4cf9ddee9ee1f5ed93e56aff Author: Matt Caswell Date: Tue Aug 24 14:38:47 2021 +0100 Prepare for 1.1.1l release Reviewed-by: Richard Levitte commit 4e5d5077096c7bff1bfe2ae835957f827334e9c6 Author: Matt Caswell Date: Tue Aug 24 14:32:25 2021 +0100 Run make update Reviewed-by: Richard Levitte commit 6f2a7abe22de08bdaacf0025349b30d46826108a Author: Matt Caswell Date: Tue Aug 24 14:14:34 2021 +0100 Update copyright year Reviewed-by: Richard Levitte commit 4f8ce5b7cf4a4342a5f7c028077411fed59189ba Author: Matt Caswell Date: Tue Aug 24 13:41:40 2021 +0100 Updates to CHANGES and NEWS for the new release Reviewed-by: Richard Levitte commit 515ac8b5e544dd713a2b4cabfc54b722d122c218 Author: Matt Caswell Date: Fri Aug 13 16:58:21 2021 +0100 Check the plaintext buffer is large enough when decrypting SM2 Previously there was no check that the supplied buffer was large enough. It was just assumed to be sufficient. Instead we should check and fail if not. Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri commit 733fa41c3fc4bcac37f94aa917f7242420f8a5a6 Author: Matt Caswell Date: Fri Aug 13 14:49:47 2021 +0100 Extend tests for SM2 decryption Check the case where C1y < 32 bytes in length (i.e. short overhead), and also the case with longer plaintext and C1x and C1y > 32 bytes in length (i.e. long overhead) Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri commit 59f5e75f3bced8fc0e130d72a3f582cf7b480b46 Author: Matt Caswell Date: Fri Aug 13 14:14:51 2021 +0100 Correctly calculate the length of SM2 plaintext given the ciphertext Previously the length of the SM2 plaintext could be incorrectly calculated. The plaintext length was calculated by taking the ciphertext length and taking off an "overhead" value. The overhead value was assumed to have a "fixed" element of 10 bytes. This is incorrect since in some circumstances it can be more than 10 bytes. Additionally the overhead included the length of two integers C1x and C1y, which were assumed to be the same length as the field size (32 bytes for the SM2 curve). However in some cases these integers can have an additional padding byte when the msb is set, to disambiguate them from negative integers. Additionally the integers can also be less than 32 bytes in length in some cases. If the calculated overhead is incorrect and larger than the actual value this can result in the calculated plaintext length being too small. Applications are likely to allocate buffer sizes based on this and therefore a buffer overrun can occur. CVE-2021-3711 Issue reported by John Ouyang. Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri commit 8c74c9d1ade0fbdab5b815ddb747351b8b839641 Author: Matt Caswell Date: Fri Aug 20 15:23:32 2021 +0100 Fix the error handling in i2v_AUTHORITY_KEYID Previously if an error path is entered a leak could result. Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit d9bfd68295146b6afad288ef4145aeb5eb0e6c66 Author: Matt Caswell Date: Thu Aug 19 15:25:04 2021 +0100 Allow fuzz builds to detect string overruns If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it any for safety in normal builds. Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit 94d23fcff9b2a7a8368dfe52214d5c2569882c11 Author: Matt Caswell Date: Thu Aug 19 12:24:17 2021 +0100 Fix EC_GROUP_new_from_ecparameters to check the base length Check that there's at least one byte in params->base before trying to read it. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit 2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 Author: Matt Caswell Date: Thu Aug 19 12:23:38 2021 +0100 Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit bb4d2ed4091408404e18b3326e3df67848ef63d0 Author: Matt Caswell Date: Wed Aug 18 17:58:23 2021 +0100 Fix append_ia5 function to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit 4de66925203ca99189c842136ec4a623137ea447 Author: Matt Caswell Date: Wed Aug 18 17:37:41 2021 +0100 Fix test code to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit 8393de42498f8be75cf0353f5c9f906a43a748d2 Author: Matt Caswell Date: Wed Aug 18 17:08:58 2021 +0100 Fix the name constraints code to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit 23446958685a593d4d9434475734b99138902ed2 Author: Matt Caswell Date: Wed Aug 18 14:02:40 2021 +0100 Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit 5f54e57406ca17731b9ade3afd561d3c652e07f2 Author: Matt Caswell Date: Wed Aug 18 12:31:38 2021 +0100 Fix POLICYINFO printing to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale commit 174ba8048a7f2f5e1fca31cfb93b1730d9db8300 Author: Matt Caswell Date: Wed Aug 18 12:24:22 2021 +0100 Fix i2v_GENERAL_NAME to not assume NUL terminated strings ASN.1 strings may not be NUL terminated. Don't assume they are. CVE-2021-3712 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale ----------------------------------------------------------------------- Summary of changes: CHANGES | 67 ++++++++++++++++- NEWS | 7 +- README | 2 +- apps/crl2p7.c | 2 +- apps/enc.c | 2 +- apps/s_server.c | 2 +- apps/s_socket.c | 2 +- crypto/asn1/a_object.c | 2 +- crypto/asn1/a_strex.c | 2 +- crypto/asn1/asn1_lib.c | 14 +++- crypto/asn1/bio_asn1.c | 2 +- crypto/asn1/d2i_pr.c | 2 +- crypto/asn1/t_spki.c | 4 +- crypto/bio/b_addr.c | 2 +- crypto/bio/b_sock2.c | 2 +- crypto/bn/bn_div.c | 2 +- crypto/chacha/asm/chacha-x86_64.pl | 2 +- crypto/dsa/dsa_prn.c | 2 +- crypto/ec/ec2_oct.c | 2 +- crypto/ec/ec_asn1.c | 7 +- crypto/err/openssl.txt | 2 + crypto/evp/e_aes.c | 2 +- crypto/evp/e_camellia.c | 2 +- crypto/hmac/hm_ameth.c | 2 +- crypto/pkcs12/p12_key.c | 2 +- crypto/poly1305/poly1305_ameth.c | 2 +- crypto/rand/rand_unix.c | 2 +- crypto/rsa/rsa_prn.c | 2 +- crypto/siphash/siphash_ameth.c | 2 +- crypto/sm2/sm2_crypt.c | 29 ++++---- crypto/sm2/sm2_pmeth.c | 4 +- crypto/sparcv9cap.c | 2 +- crypto/srp/srp_vfy.c | 2 +- crypto/store/loader_file.c | 2 +- crypto/ts/ts_rsp_verify.c | 2 +- crypto/ts/ts_verify_ctx.c | 2 +- crypto/uid.c | 2 +- crypto/x509/t_x509.c | 2 +- crypto/x509/x509_vpm.c | 2 +- crypto/x509v3/v3_akey.c | 40 +++++++++-- crypto/x509v3/v3_alt.c | 12 ++-- crypto/x509v3/v3_cpols.c | 11 +-- crypto/x509v3/v3_ncons.c | 79 ++++++++++++++------- crypto/x509v3/v3_pci.c | 5 +- crypto/x509v3/v3_utl.c | 60 ++++++++++++---- crypto/x509v3/v3err.c | 6 +- demos/bio/client-arg.c | 2 +- demos/bio/client-conf.c | 2 +- doc/man3/BIO_f_ssl.pod | 2 +- doc/man3/BIO_push.pod | 2 +- doc/man3/d2i_PrivateKey.pod | 2 +- doc/man7/x509.pod | 2 +- ...67 => 0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c} | Bin 457 -> 457 bytes include/crypto/sm2.h | 5 +- include/crypto/x509.h | 7 +- include/openssl/e_os2.h | 2 +- include/openssl/opensslv.h | 4 +- include/openssl/x509v3err.h | 4 +- ssl/bio_ssl.c | 2 +- ssl/record/rec_layer_s3.c | 2 +- ssl/record/ssl3_buffer.c | 2 +- ssl/record/ssl3_record.c | 2 +- ssl/s3_msg.c | 2 +- ssl/ssl_cert.c | 2 +- ssl/statem/extensions_srvr.c | 2 +- ssl/statem/statem_local.h | 2 +- ssl/t1_lib.c | 2 +- test/asn1_decode_test.c | 2 +- test/bio_memleak_test.c | 2 +- test/bntest.c | 2 +- test/clienthellotest.c | 2 +- test/ectest.c | 2 +- test/evp_extra_test.c | 2 +- test/recipes/25-test_req.t | 2 +- test/recipes/30-test_evp_data/evppkey.txt | 12 +++- test/recipes/70-test_tls13kexmodes.t | 2 +- test/recipes/80-test_ssl_old.t | 2 +- test/sm2_internal_test.c | 4 +- test/sslapitest.c | 2 +- test/x509_time_test.c | 12 ++-- util/mkdir-p.pl | 2 +- 81 files changed, 355 insertions(+), 156 deletions(-) copy fuzz/corpora/x509/{a936a50b93a82a7d311aa3cda7f634602b524767 => 0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c} (68%) diff --git a/CHANGES b/CHANGES index e5666c87f9..75a61905ac 100644 --- a/CHANGES +++ b/CHANGES @@ -7,10 +7,75 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.1k and 1.1.1l [xx XXX xxxx] + Changes between 1.1.1l and 1.1.1m [xx XXX xxxx] *) + Changes between 1.1.1k and 1.1.1l [24 Aug 2021] + + *) Fixed an SM2 Decryption Buffer Overflow. + + In order to decrypt SM2 encrypted data an application is expected to call the + API function EVP_PKEY_decrypt(). Typically an application will call this + function twice. The first time, on entry, the "out" parameter can be NULL and, + on exit, the "outlen" parameter is populated with the buffer size required to + hold the decrypted plaintext. The application can then allocate a sufficiently + sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL + value for the "out" parameter. + + A bug in the implementation of the SM2 decryption code means that the + calculation of the buffer size required to hold the plaintext returned by the + first call to EVP_PKEY_decrypt() can be smaller than the actual size required by + the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is + called by the application a second time with a buffer that is too small. + + A malicious attacker who is able present SM2 content for decryption to an + application could cause attacker chosen data to overflow the buffer by up to a + maximum of 62 bytes altering the contents of other data held after the + buffer, possibly changing application behaviour or causing the application to + crash. The location of the buffer is application dependent but is typically + heap allocated. + (CVE-2021-3711) + [Matt Caswell] + + *) Fixed various read buffer overruns processing ASN.1 strings + + ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING + structure which contains a buffer holding the string data and a field holding + the buffer length. This contrasts with normal C strings which are repesented as + a buffer for the string data which is terminated with a NUL (0) byte. + + Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's + own "d2i" functions (and other similar parsing functions) as well as any string + whose value has been set with the ASN1_STRING_set() function will additionally + NUL terminate the byte array in the ASN1_STRING structure. + + However, it is possible for applications to directly construct valid ASN1_STRING + structures which do not NUL terminate the byte array by directly setting the + "data" and "length" fields in the ASN1_STRING array. This can also happen by + using the ASN1_STRING_set0() function. + + Numerous OpenSSL functions that print ASN.1 data have been found to assume that + the ASN1_STRING byte array will be NUL terminated, even though this is not + guaranteed for strings that have been directly constructed. Where an application + requests an ASN.1 structure to be printed, and where that ASN.1 structure + contains ASN1_STRINGs that have been directly constructed by the application + without NUL terminating the "data" field, then a read buffer overrun can occur. + + The same thing can also occur during name constraints processing of certificates + (for example if a certificate has been directly constructed by the application + instead of loading it via the OpenSSL parsing functions, and the certificate + contains non NUL terminated ASN1_STRING structures). It can also occur in the + X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. + + If a malicious actor can cause an application to directly construct an + ASN1_STRING and then process it through one of the affected OpenSSL functions + then this issue could be hit. This might result in a crash (causing a Denial of + Service attack). It could also result in the disclosure of private memory + contents (such as private keys, or sensitive plaintext). + (CVE-2021-3712) + [Matt Caswell] + Changes between 1.1.1j and 1.1.1k [25 Mar 2021] *) Fixed a problem with verifying a certificate chain when using the diff --git a/NEWS b/NEWS index a8c68a704f..eb0f63c960 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [under development] + Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [under development] o + Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] + + o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711) + o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712) + Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] o Fixed a problem with verifying a certificate chain when using the diff --git a/README b/README index a50bd0f2e7..0ac818f779 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1l-dev + OpenSSL 1.1.1m-dev Copyright (c) 1998-2021 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 9edfabbc15..3f619bf527 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/enc.c b/apps/enc.c index 79a8ef6265..65710771a0 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/s_server.c b/apps/s_server.c index bb81c9b40f..938e244222 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/apps/s_socket.c b/apps/s_socket.c index f16de24145..aee366d5f4 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 8790be340a..8ade9e50a7 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 7cd18b4b85..284dde274c 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 366afc5f6c..3d99d1383d 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -292,7 +292,12 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) } if ((size_t)str->length <= len || str->data == NULL) { c = str->data; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* No NUL terminator in fuzzing builds */ + str->data = OPENSSL_realloc(c, len); +#else str->data = OPENSSL_realloc(c, len + 1); +#endif if (str->data == NULL) { ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); str->data = c; @@ -302,8 +307,13 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) str->length = len; if (data != NULL) { memcpy(str->data, data, len); - /* an allowance for strings :-) */ +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* + * Add a NUL terminator. This should not be necessary - but we add it as + * a safety precaution + */ str->data[len] = '\0'; +#endif } return 1; } diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index 7bb3c1fa16..914d77c866 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 091b6e7216..2094963036 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 51b56d0aa9..3d4aea8ad9 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) } chal = spki->spkac->challenge; if (chal->length) - BIO_printf(out, " Challenge String: %s\n", chal->data); + BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); i = OBJ_obj2nid(spki->sig_algor.algorithm); BIO_printf(out, " Signature Algorithm: %s", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index ea15601f3d..8ea32bce40 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c index f54b550ecf..104ff31b0d 100644 --- a/crypto/bio/b_sock2.c +++ b/crypto/bio/b_sock2.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 4a6889900e..0da9f39b31 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl index 2ad3c1a38f..c0e5d863dc 100755 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ b/crypto/chacha/asm/chacha-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c index 6bc336c50e..070b881e1f 100644 --- a/crypto/dsa/dsa_prn.c +++ b/crypto/dsa/dsa_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index a0ff0496b3..788e6501fb 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 7b7c75ce84..c8ee1e6f17 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) ret->seed_len = params->curve->seed->length; } - if (!params->order || !params->base || !params->base->data) { + if (params->order == NULL + || params->base == NULL + || params->base->data == NULL + || params->base->length == 0) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); goto err; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 017a9a6652..902e97b843 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1653,6 +1653,7 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS +X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID X509V3_F_LEVEL_ADD_NODE:168:level_add_node X509V3_F_NOTICE_SECTION:132:notice_section X509V3_F_NREF_NOS:133:nref_nos @@ -1693,6 +1694,7 @@ X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d +X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index a7c6b3cca3..a1d3ab90fa 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 87580cd39b..f8c0198012 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index 2477bd2e6a..f871e4fe71 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index b814f79216..03eda26642 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c index 3736959355..0dddf79626 100644 --- a/crypto/poly1305/poly1305_ameth.c +++ b/crypto/poly1305/poly1305_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index eda0d5ae20..43f1069d15 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c index 0d97e57eb1..23df448a52 100644 --- a/crypto/rsa/rsa_prn.c +++ b/crypto/rsa/rsa_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/siphash/siphash_ameth.c b/crypto/siphash/siphash_ameth.c index 68331ab4c4..7fce76390e 100644 --- a/crypto/siphash/siphash_ameth.c +++ b/crypto/siphash/siphash_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index ef505f6441..83b97f4edc 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group) return field_size; } -int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, - size_t *pt_size) +int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) { - const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); - const int md_size = EVP_MD_size(digest); - size_t overhead; + struct SM2_Ciphertext_st *sm2_ctext = NULL; - if (md_size < 0) { - SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST); - return 0; - } - if (field_size == 0) { - SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD); - return 0; - } + sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); - overhead = 10 + 2 * field_size + (size_t)md_size; - if (msg_len <= overhead) { + if (sm2_ctext == NULL) { SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); return 0; } - *pt_size = msg_len - overhead; + *pt_size = sm2_ctext->C2->length; + SM2_Ciphertext_free(sm2_ctext); + return 1; } @@ -303,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key, C2 = sm2_ctext->C2->data; C3 = sm2_ctext->C3->data; msg_len = sm2_ctext->C2->length; + if (*ptext_len < (size_t)msg_len) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL); + goto done; + } ctx = BN_CTX_new(); if (ctx == NULL) { diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c index b42a14c32f..0e722b910b 100644 --- a/crypto/sm2/sm2_pmeth.c +++ b/crypto/sm2/sm2_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; if (out == NULL) { - if (!sm2_plaintext_size(ec, md, inlen, outlen)) + if (!sm2_plaintext_size(in, inlen, outlen)) return -1; else return 1; diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index 98cacf24d9..b3cb3d4be9 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index a846b37672..394e1180df 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 258f71afec..32e7b9f65a 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 7302e0f8d1..7fe3d27e74 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 803fbe44a7..32cd2f542b 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/uid.c b/crypto/uid.c index aa076c263d..5e3315eeb2 100644 --- a/crypto/uid.c +++ b/crypto/uid.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 3ba0b3a045..ece987a6bd 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 0645df4a31..535f169a29 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index d9f770433c..33b1933d72 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,20 +39,48 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *extlist) { - char *tmp; + char *tmp = NULL; + STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; + if (akeyid->keyid) { tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); - X509V3_add_value("keyid", tmp, &extlist); + if (tmp == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!X509V3_add_value("keyid", tmp, &extlist)) { + OPENSSL_free(tmp); + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } OPENSSL_free(tmp); } - if (akeyid->issuer) - extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (akeyid->issuer) { + tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (tmpextlist == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } + extlist = tmpextlist; + } if (akeyid->serial) { tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); - X509V3_add_value("serial", tmp, &extlist); + if (tmp == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!X509V3_add_value("serial", tmp, &extlist)) { + OPENSSL_free(tmp); + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } OPENSSL_free(tmp); } return extlist; + err: + if (origextlist == NULL) + sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); + return NULL; } /*- diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 4dce004101..7c32d4031d 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "crypto/x509.h" #include #include #include "ext_dat.h" @@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, break; case GEN_EMAIL: - if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_DNS: - if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_URI: - if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 1d12c89912..09804b5848 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, qualinfo = sk_POLICYQUALINFO_value(quals, i); switch (OBJ_obj2nid(qualinfo->pqualid)) { case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %s\n", indent, "", + BIO_printf(out, "%*sCPS: %.*s\n", indent, "", + qualinfo->d.cpsuri->length, qualinfo->d.cpsuri->data); break; @@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %s\n", indent, "", + BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", + ref->organization->length, ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); @@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) BIO_puts(out, "\n"); } if (notice->exptext) - BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", + BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", + notice->exptext->length, notice->exptext->data); } diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 2a7b4f0992..d985aa91da 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +#define IA5_OFFSET_LEN(ia5base, offset) \ + ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) + +/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the + * starting point to search from + */ +# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) + +/* Like memrrchr but for ASN1_IA5STRING */ +static char *ia5memrchr(ASN1_IA5STRING *str, int c) +{ + int i; + + for (i = str->length; i > 0 && str->data[i - 1] != c; i--); + + if (i == 0) + return NULL; + + return (char *)&str->data[i - 1]; +} + /* - * We cannot use strncasecmp here because that applies locale specific rules. + * We cannot use strncasecmp here because that applies locale specific rules. It + * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. * For example in Turkish 'I' is not the uppercase character for 'i'. We need to * do a simple ASCII case comparison ignoring the locale (that is why we use * numeric constants below). @@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n) /* c1 > c2 */ return 1; - } else if (*s1 == 0) { - /* If we get here we know that *s2 == 0 too */ - return 0; } } return 0; } -static int ia5casecmp(const char *s1, const char *s2) -{ - return ia5ncasecmp(s1, s2, SIZE_MAX); -} - static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { @@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) --utf8_length; /* Reject *embedded* NULs */ - if ((size_t)utf8_length != strlen((char *)utf8_value)) { + if (memchr(utf8_value, 0, utf8_length) != NULL) { OPENSSL_free(utf8_value); return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; } @@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) { char *baseptr = (char *)base->data; char *dnsptr = (char *)dns->data; + /* Empty matches everything */ - if (!*baseptr) + if (base->length == 0) return X509_V_OK; + + if (dns->length < base->length) + return X509_V_ERR_PERMITTED_VIOLATION; + /* * Otherwise can add zero or more components on the left so compare RHS * and if dns is longer and expect '.' as preceding character. @@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) return X509_V_ERR_PERMITTED_VIOLATION; } - if (ia5casecmp(baseptr, dnsptr)) + if (ia5ncasecmp(baseptr, dnsptr, base->length)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *emlptr = (char *)eml->data; + const char *baseat = ia5memrchr(base, '@'); + const char *emlat = ia5memrchr(eml, '@'); + size_t basehostlen, emlhostlen; - const char *baseat = strchr(baseptr, '@'); - const char *emlat = strchr(emlptr, '@'); if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (!baseat && (*baseptr == '.')) { + if (!baseat && base->length > 0 && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (ia5casecmp(baseptr, emlptr) == 0) + if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) baseptr = baseat + 1; } emlptr = emlat + 1; + basehostlen = IA5_OFFSET_LEN(base, baseptr); + emlhostlen = IA5_OFFSET_LEN(eml, emlptr); /* Just have hostname left to match: case insensitive */ - if (ia5casecmp(baseptr, emlptr)) + if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *hostptr = (char *)uri->data; - const char *p = strchr(hostptr, ':'); + const char *p = ia5memchr(uri, (char *)uri->data, ':'); int hostlen; + /* Check for foo:// and skip past it */ - if (!p || (p[1] != '/') || (p[2] != '/')) + if (p == NULL + || IA5_OFFSET_LEN(uri, p) < 3 + || p[1] != '/' + || p[2] != '/') return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; hostptr = p + 3; @@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) /* Look for a port indicator as end of hostname first */ - p = strchr(hostptr, ':'); + p = ia5memchr(uri, hostptr, ':'); /* Otherwise look for trailing slash */ - if (!p) - p = strchr(hostptr, '/'); + if (p == NULL) + p = ia5memchr(uri, hostptr, '/'); - if (!p) - hostlen = strlen(hostptr); + if (p == NULL) + hostlen = IA5_OFFSET_LEN(uri, hostptr); else hostlen = p - hostptr; @@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (*baseptr == '.') { + if (base->length > 0 && *baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; if (ia5ncasecmp(p, baseptr, base->length) == 0) diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 3d124fa6d9..532d4e192f 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); BIO_puts(out, "\n"); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) - BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", + pci->proxyPolicy->policy->length, pci->proxyPolicy->policy->data); return 1; } diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 7281a7b917..f41c699b5a 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include "e_os.h" #include "internal/cryptlib.h" #include +#include #include "crypto/ctype.h" #include #include @@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); /* Add a CONF_VALUE name value pair to stack */ -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) +static int x509v3_add_len_value(const char *name, const char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; int sk_allocated = (*extlist == NULL); - if (name && (tname = OPENSSL_strdup(name)) == NULL) - goto err; - if (value && (tvalue = OPENSSL_strdup(value)) == NULL) + if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) goto err; + if (value != NULL && vallen > 0) { + /* + * We tolerate a single trailing NUL character, but otherwise no + * embedded NULs + */ + if (memchr(value, 0, vallen - 1) != NULL) + goto err; + tvalue = OPENSSL_strndup(value, vallen); + if (tvalue == NULL) + goto err; + } if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) @@ -56,7 +66,7 @@ int X509V3_add_value(const char *name, const char *value, goto err; return 1; err: - X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE); if (sk_allocated) { sk_CONF_VALUE_free(*extlist); *extlist = NULL; @@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value, return 0; } +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, value, + value != NULL ? strlen((const char *)value) : 0, + extlist); +} + int X509V3_add_value_uchar(const char *name, const unsigned char *value, STACK_OF(CONF_VALUE) **extlist) { - return X509V3_add_value(name, (const char *)value, extlist); + return x509v3_add_len_value(name, (const char *)value, + value != NULL ? strlen((const char *)value) : 0, + extlist); +} + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, (const char *)value, vallen, extlist); } /* Free function for STACK_OF(CONF_VALUE) */ @@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email /* First some sanity checks */ if (email->type != V_ASN1_IA5STRING) return 1; - if (!email->data || !email->length) + if (email->data == NULL || email->length == 0) + return 1; + if (memchr(email->data, 0, email->length) != NULL) return 1; if (*sk == NULL) *sk = sk_OPENSSL_STRING_new(sk_strcmp); if (*sk == NULL) return 0; + + emtmp = OPENSSL_strndup((char *)email->data, email->length); + if (emtmp == NULL) + return 0; + /* Don't add duplicates */ - if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) + if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { + OPENSSL_free(emtmp); return 1; - emtmp = OPENSSL_strdup((char *)email->data); - if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - OPENSSL_free(emtmp); /* free on push failure */ + } + if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { + OPENSSL_free(emtmp); /* free on push failure */ X509_email_free(*sk); *sk = NULL; return 0; diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 4f2ea52a4a..8b2918a64f 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = { "i2s_ASN1_INTEGER"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0), "i2v_AUTHORITY_INFO_ACCESS"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0), + "i2v_AUTHORITY_KEYID"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"}, @@ -104,6 +106,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = { {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0), "v3_generic_extension"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0), + "x509v3_add_len_value"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0), "X509V3_add_value"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"}, diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c index 6b35a45ff4..d51c43c457 100644 --- a/demos/bio/client-arg.c +++ b/demos/bio/client-arg.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c index 930cd372f8..cb5c729ee6 100644 --- a/demos/bio/client-conf.c +++ b/demos/bio/client-conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 6e37aa27f2..641ee2329e 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -293,7 +293,7 @@ be modified to handle this fix or they may free up an already freed BIO. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod index c53314df9d..8b98bee498 100644 --- a/doc/man3/BIO_push.pod +++ b/doc/man3/BIO_push.pod @@ -79,7 +79,7 @@ The BIO_set_next() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod index 31732e89c8..e7272595bc 100644 --- a/doc/man3/d2i_PrivateKey.pod +++ b/doc/man3/d2i_PrivateKey.pod @@ -75,7 +75,7 @@ L =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/x509.pod b/doc/man7/x509.pod index ef94a0278a..7274e5ce95 100644 --- a/doc/man7/x509.pod +++ b/doc/man7/x509.pod @@ -63,7 +63,7 @@ L =head1 COPYRIGHT -Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/fuzz/corpora/x509/a936a50b93a82a7d311aa3cda7f634602b524767 b/fuzz/corpora/x509/0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c similarity index 68% copy from fuzz/corpora/x509/a936a50b93a82a7d311aa3cda7f634602b524767 copy to fuzz/corpora/x509/0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c index f06d9cb014..afb6c2d916 100644 Binary files a/fuzz/corpora/x509/a936a50b93a82a7d311aa3cda7f634602b524767 and b/fuzz/corpora/x509/0bf7ea6564ba1096f9760bbd6ed02f25aa0d583c differ diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h index 76ee80baff..a7f5548c08 100644 --- a/include/crypto/sm2.h +++ b/include/crypto/sm2.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen, int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, size_t *ct_size); -int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, - size_t *pt_size); +int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size); int sm2_encrypt(const EC_KEY *key, const EVP_MD *digest, diff --git a/include/crypto/x509.h b/include/crypto/x509.h index b53c2b03c3..243ea74f6f 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,6 +8,8 @@ */ #include "internal/refcount.h" +#include +#include /* Internal X509 structures and functions: not for application use */ @@ -284,3 +286,6 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); void x509_init_sig_info(X509 *x); + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist); diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 4c4975dbfd..5c88e51949 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index a236ebbf0d..2a5fb9f46f 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101010c0L -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l-dev xx XXX xxxx" +# define OPENSSL_VERSION_NUMBER 0x101010d0L +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1m-dev xx XXX xxxx" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/include/openssl/x509v3err.h b/include/openssl/x509v3err.h index 5f25442f12..3b9f7139d8 100644 --- a/include/openssl/x509v3err.h +++ b/include/openssl/x509v3err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,6 +38,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_F_I2S_ASN1_IA5STRING 149 # define X509V3_F_I2S_ASN1_INTEGER 120 # define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_I2V_AUTHORITY_KEYID 173 # define X509V3_F_LEVEL_ADD_NODE 168 # define X509V3_F_NOTICE_SECTION 132 # define X509V3_F_NREF_NOS 133 @@ -78,6 +79,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_F_V2I_TLS_FEATURE 165 # define X509V3_F_V3_GENERIC_EXTENSION 116 # define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_LEN_VALUE 174 # define X509V3_F_X509V3_ADD_VALUE 105 # define X509V3_F_X509V3_EXT_ADD 104 # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 75c78b9a68..c4239345b6 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 393088f50f..8249b4ace9 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index c99f5bd249..b9ba25e0c3 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index a5ef3b9e1c..e6a8bbd710 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 721bbb7320..707e962d73 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index c102473864..e7feda81d0 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 90e8bce19b..04f64f8106 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index 3efa1c5a1c..eae88053dc 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 93228ec183..b1d3add187 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c index de818ab12e..de4dff6363 100644 --- a/test/asn1_decode_test.c +++ b/test/asn1_decode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c index 23a6e7e5ce..610f8febc7 100644 --- a/test/bio_memleak_test.c +++ b/test/bio_memleak_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bntest.c b/test/bntest.c index 8bccfc4171..236501e679 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/clienthellotest.c b/test/clienthellotest.c index 8106591213..ee32b5e2c5 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/ectest.c b/test/ectest.c index bb2ff699c6..bd3c4d8cad 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 16b3542efa..3eea4b0fba 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index be4cdb1626..383120c234 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index 736e0ce4d3..05baeae72a 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18444,6 +18444,16 @@ Decrypt = SM2_key1 Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 Output = "The floofy bunnies hop at midnight" +# Test with an C1y value < 32 bytes in length (self generated) +Decrypt = SM2_key1 +Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6 +Output = "Hello World" + +# Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated) +Decrypt = SM2_key1 +Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533 +Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah." + # This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface # is capable of creating a signature without failing, but it does not say # anything about the generated signature being valid, nor does it test the diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index e8ab25f190..1f76bcb8c7 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 35cf0a7af8..6f5fdb7669 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index 2bb73947ff..18b1407c97 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -185,7 +185,7 @@ static int test_sm2_crypt(const EC_GROUP *group, if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) goto done; - if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) + if (!TEST_true(sm2_plaintext_size(ctext, ctext_len, &ptext_len)) || !TEST_int_eq(ptext_len, msg_len)) goto done; diff --git a/test/sslapitest.c b/test/sslapitest.c index 7ae8b0638a..d311bb2ad3 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/x509_time_test.c b/test/x509_time_test.c index b6fd38a5c5..93a5b07565 100644 --- a/test/x509_time_test.c +++ b/test/x509_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -330,10 +330,12 @@ static int test_x509_time(int idx) /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ if (t != NULL && x509_format_tests[idx].expected_string) { - if (!TEST_str_eq((const char *)t->data, - x509_format_tests[idx].expected_string)) { - TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n", - idx, x509_format_tests[idx].expected_string, t->data); + if (!TEST_mem_eq((const char *)t->data, t->length, + x509_format_tests[idx].expected_string, + strlen(x509_format_tests[idx].expected_string))) { + TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n", + idx, x509_format_tests[idx].expected_string, t->length, + t->data); goto out; } } diff --git a/util/mkdir-p.pl b/util/mkdir-p.pl index 88d8b0151f..b02db98f03 100755 --- a/util/mkdir-p.pl +++ b/util/mkdir-p.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From matt at openssl.org Tue Aug 24 13:50:06 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:50:06 +0000 Subject: [openssl] OpenSSL_1_0_2v create Message-ID: <1629813006.708384.22077.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2v has been created at 571d13e591360b770cc93e0085e9eb522758e96f (tag) tagging 3f9c9c6ee9c792fa2819007777149f889090e540 (commit) replaces OpenSSL_1_0_2u tagged by Matt Caswell on Tue May 5 15:06:00 2020 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.0.2v release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6xcsgRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJErFQgAv5e5S1afyZzZrRU+eyS3942W2KHUYXut 0v+upXQQn0RdTNrTsWkTdWPdp/09T67AgmcpWwTTlmQ4LIkdIFA29WZub8cMwe1M qTthcCQhuifDH9wh0MPJBRxUEoWvcn2+ltP9HmhC2fopQ3PW7oprzpHxMSP0a/5R wcNHwaVy/EqC7BEpMbKIwtX6MYq6hNosopP08yg0jTbdG1V/UdgZMPwQwZojo39k UcEDNBJjMEgSqnSZ1LZU8G13ymYd6IzLpPkvC03y3lwm5U82rEUfSoY4r0UA6ewr 6+i1S/JMeU6Kkg60flMgDIrHXC5jlQUcfRUoGDWMgrbz2SVXNfrWBg== =GuM2 -----END PGP SIGNATURE----- Diego F. Aranha (1): Implement blinding for EC scalar multiplication Matt Caswell (4): Prepare for 1.0.2v-dev Update CHANGES and NEWS for the 1.02v release Update copyright year Prepare for 1.0.2v release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 13:50:06 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:50:06 +0000 Subject: [openssl] OpenSSL_1_0_2w create Message-ID: <1629813006.760597.22094.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2w has been created at 61694f4327ea70db170cf987174da51672604bf4 (tag) tagging 51fe13e340561da2a51870785c8f0818872fc1bc (commit) replaces OpenSSL_1_0_2v tagged by Richard Levitte on Wed Sep 9 14:03:51 2020 +0200 - Log ----------------------------------------------------------------- OpenSSL 1.0.2w release tag -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCX1jEqAAKCRCnr5549wlF O7o9AJ46dqxzPm/pKd+3ybbAtsSJ24rA3QCgnm1A3roMuUfMHFeON5Y60kSK8Ic= =aNB9 -----END PGP SIGNATURE----- Matt Caswell (3): Prepare for 1.0.2w-dev Move the static "DH" ciphersuites into the "weak-ssl-ciphers" list Make SSL_OP_SINGLE_ECDH_USE the default and mandatory Richard Levitte (2): Update copyright year Prepare for 1.0.2w release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 13:50:06 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:50:06 +0000 Subject: [openssl] OpenSSL_1_0_2za create Message-ID: <1629813006.880711.22144.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2za has been created at e197135eee4164c33146dad7b96f0d71b8844deb (tag) tagging 11e489b8da357feab83bb6f819eaf7f1d909a617 (commit) replaces OpenSSL_1_0_2y tagged by Matt Caswell on Tue Aug 24 14:40:06 2021 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.0.2za release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmEk9rYRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHU9wf+MwP1hJ5svbtfx0fVcqqWp+HzO4U7Tpu7 bp5TWK5bNUVsYJ/uyPoLZIBDk363DdMrQ4zXRRyKXFG4FpdwfAfsbGdITOiFSQ31 HadaLvhpIQjOdJhOeMSbhgBe4I9GfdSfYuMhiTjBFtQkiGRY6yRCUsq/SkTF8Txm BlJrNghggcEw308O9sKsSOd0FD2vCdzxNhLeWyM5ju4wru5UcPxYKCu/dWkgy0yI d8QTG5qTG/uGfiCqA+y5trk2Jp22eHpcu16qeLVD+pO0MY2iwJa/Oit9Pcn16sia GVdiSaB0Ss8zZ94S6+u2H4hGVWPPkHMpqMdoTpUnDbaBSvCgjk5UgA== =t7CP -----END PGP SIGNATURE----- Matt Caswell (12): Prepare for 1.0.2za-dev Fix i2v_GENERAL_NAME to not assume NUL terminated strings Fix POLICYINFO printing to not assume NUL terminated strings Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings Fix the name constraints code to not assume NUL terminated strings Fix append_ia5 function to not assume NUL terminated strings Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings Fix a read buffer overrun in X509_CERT_AUX_print() Update CHANGES and NEWS for new release Update copyright year Run make update Prepare for 1.0.2za release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 13:50:06 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:50:06 +0000 Subject: [openssl] OpenSSL_1_0_2x create Message-ID: <1629813006.795355.22112.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2x has been created at f278d144994a4b0cb31c239755a026916603b9f6 (tag) tagging fa174e280f15db2093c026a7e15433b5e5c65a76 (commit) replaces OpenSSL_1_0_2w tagged by Matt Caswell on Tue Dec 8 13:25:31 2020 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.2x release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl/PfssRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHQFQgAuU2j7NclJXEph5yfE5QuUZImFS2LcXlX NS4kvXeN9f+GEWwkaVKv3JhqEAd4ku7OjwtANhTl/3ixXtgVOMrg3jt/xXmANlud 1fPyaLaXwTUmaz1N/jBZ5C2YXsyHeXG7aD+A3Q+zJBuoApsxKv5M3GT9N0gzwPsC NeMWxIbry0MQHA5PEKch1XOc+FxJdUodRyhThcIpcNlMSaRttxaJ+J3pfIU80se1 Pf3Nzw5Dedi8EIA4dAz49QWHPMUh8SLaUPbPYN6oEc2OJGDvNQDAEzG23I5v04vd SKXdJh4e45BE/Zy7gBTOwJ7DogFySL/sPl2h+8V6Cr7uOnI820asSw== =ij/d -----END PGP SIGNATURE----- Matt Caswell (10): DirectoryString is a CHOICE type and therefore uses explicit tagging Correctly compare EdiPartyName in GENERAL_NAME_cmp() Check that multi-strings/CHOICE types don't use implicit tagging Complain if we are attempting to encode with an invalid ASN.1 template Add a test for GENERAL_NAME_cmp Add a test for encoding/decoding using an invalid ASN.1 Template Update CHANGES and NEWS for new release Update copyright year make update Prepare for 1.0.2x release Richard Levitte (1): Prepare for 1.0.2x-dev ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 13:50:06 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:50:06 +0000 Subject: [openssl] OpenSSL_1_0_2y create Message-ID: <1629813006.840571.22127.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2y has been created at 31db38aa664c43895469ac079b8c64ed52aac8df (tag) tagging 924fdf1fbec0f305dbf77c9d9250fdf9080aef88 (commit) replaces OpenSSL_1_0_2x tagged by Matt Caswell on Tue Feb 16 15:28:05 2021 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.2y release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAr5IURHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJGK+wf/esIfv7uEM+wBS6OnHrc71c11xxi/TvXS End8VwtO/KDTPpItZ0+1ZOPotfEDKH+Podj2+B02fJNC183t2UeI1JygMKLxyolj vgaylHH3OVC9vaHp6bfsgC5w5EvV7x3YTy5Z7iHrwsTl3nKY8cH9XZSI4IPfsD3O GNeQLnshWKhJTmiBgV46l0ldGGsK4+zGKQY2cIfncaN91fTWXBHhkzUmrzf3+PuN V3e5DlFQ85Agn8IDS7eP9MEOdv56X/uu3OisG+TgOwiJ9/8Lg1lUB3yfB2eE4SeE B2uTu9UXjZhuAf5HkgohdHq3cyv/XtBIE2QE7+e0bGr59Bj52iQLbg== =Pnc5 -----END PGP SIGNATURE----- Matt Caswell (8): Prepare for 1.0.2y-dev Ensure SRP BN_mod_exp follows the constant time path Fix Null pointer deref in X509_issuer_and_serial_hash() Fix the RSA_SSLV23_PADDING padding type Don't overflow the output length in EVP_CipherUpdate calls Updates CHANGES and NEWS for new release Update copyright year Prepare for 1.0.2y release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 13:50:06 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:50:06 +0000 Subject: [openssl] OpenSSL_1_1_1l create Message-ID: <1629813006.931212.22161.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_1_1l has been created at 6e9c3540b2dc39e6bdda9444c79ecaa4d6baa312 (tag) tagging fb047ebc87b18bdc4cf9ddee9ee1f5ed93e56aff (commit) replaces OpenSSL_1_1_1k tagged by Matt Caswell on Tue Aug 24 14:38:47 2021 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.1.1l release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmEk9mcRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJGEvgf+OV98uls31C2slBrooNPmlpYtiUS663wo KcJ5jifnYDoBudYicsFPT1CjuRuX4tSk4A685+inbq+1DFdTmHcFLw2Dd6ki4el8 Z/dQCp9eDX3Z+gdb5hs4j/FMfwEqnjuj8dCk8/ib1XVqb9f2gA5XJE49NoZtSksk VZkSKC9MKnA7IGbd3ov6LaPZuygk6T5R+wvWeiz+USd9UzUPG874QvHpyH4R2Hl2 4TTwNH1QQuc5kuam8yTFMAWMs4ZhTUm1GpEMzZ3T/yB7iLuD5LUoEQJSRhklFvgh IGfs9dOhXbNmYj2duKmJ4JOvRI/slQeP96+sRgrTgOH6e9Md1BbIEA== =HL6/ -----END PGP SIGNATURE----- Alex Yursha (1): Print correct error message in utils/mkdir-p.pl Benjamin Kaduk (4): Improve RFC 8446 PSK key exchange mode compliance make update Don't send key_share for PSK-only key exchange Update expected results for tls13kexmodes tests Billy Brumley (1): [doc/man3] documentation: BN_cmp manpage updates Christian Heimes (1): Inherit hostflags verify params even without hosts Daiki Ueno (2): BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given apps: Use the first detected address family if IPv6 is not available Dave Coombs (1): crl2pkcs7 shouldn't include empty optional sets David Benjamin (1): Fix use of uninitialized memory in test_rsa_oaep David CARLIER (1): apple getentropy removal David Carlier (1): BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true Dmitry Belyavskiy (5): Use OCSP-specific error code for clarity Avoid sending alerts after shutdown Try to parse private key as PKCS#8 first, fallback afterwards Testing private keys with extra attributes Cleanup the peer point formats on regotiation Dr. David von Oheimb (1): ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t Fred Hornsey (1): Support for Android NDK r22 Hubert Kario (1): man: s_server: fix typo in -alpn option description Ingo Franzki (2): s390x: AES OFB/CFB: Maintain running IV from cipher context Test EVP Cipher updating the context's IV Ingo Schwarze (1): Fix a read buffer overrun in X509_aux_print(). Jean-Philippe Boivin (1): Properly restore XMM registers in ChaCha20's AVX-512(VL) assembly Lars Immisch (1): Use getauxval on Android with API level > 18 Matt Caswell (24): Prepare for 1.1.1l-dev Only call dtls1_start_timer() once Fix s_server PSK handling Avoid "excessive message size" for session tickets Don't reset the packet pointer in ssl3_setup_read_buffer Disallow SSL_key_update() if there are writes pending Fix some minor record layer issues Fix i2v_GENERAL_NAME to not assume NUL terminated strings Fix POLICYINFO printing to not assume NUL terminated strings Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings Fix the name constraints code to not assume NUL terminated strings Fix test code to not assume NUL terminated strings Fix append_ia5 function to not assume NUL terminated strings Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings Fix EC_GROUP_new_from_ecparameters to check the base length Allow fuzz builds to detect string overruns Fix the error handling in i2v_AUTHORITY_KEYID Correctly calculate the length of SM2 plaintext given the ciphertext Extend tests for SM2 decryption Check the plaintext buffer is large enough when decrypting SM2 Updates to CHANGES and NEWS for the new release Update copyright year Run make update Prepare for 1.1.1l release Mohamed Akram (1): doc: fix enc -z option documentation Nan Xiao (5): Fix BIO_new_ssl_connect() to not leak memory Fix typo in BIO_push.pod Remove unnecessary BIO_do_handshake()s Fix potential double free in sslapitest.c Fix typos in x509.pod Niclas Rosenvik (1): Some compilers define __STDC_VERSION__ in c++ Nicola Tuveri (12): [github-ci] Sync ci.yml workflow with master [github-ci] Import windows.yml workflow from master [github-ci] Import cross-compiles.yml workflow from master [github-ci] Import run-checker workflows from master [github-ci] Import run-checker daily workflow from master [github-ci][cross-compiles.yml] Disable sparcv9 [github-ci][ci.yml] Disable krb5 external tests [github-ci][ci.yml] Disable pyca external tests [github-ci][run-checker-ci.yml] Disable no-tls1_3 tests [github-ci][ci.yml] Disable memory sanitizer build [github-ci][run-checker-merge.yml] Disable ubsan build Revert "[github-ci][cross-compiles.yml] Disable sparcv9" Oliver Mihatsch (1): Fix memory leak in i2d_ASN1_bio_stream Patrick Steuer (2): s390x: cipher must set EVP_CIPH_ALWAYS_CALL_INIT flag Test EVP_CipherInit sequences and resets Pauli (9): srp: fix double free, ts: fix double free on error path. engine: fix double free on error path. bn: procduce correct sign for result of BN_mod() ssl: do not choose auto DH groups that are weaker than the security level test: add test for auto DH security level meets the minimum pkcs12: check for zero length digest to avoid division by zero [github-ci] Add comment about our approach to GitHub Actions CI sparc: fix cross compile build Richard Levitte (9): Don't remove $(TARFILE) when cleaning ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse Clean away remaining Travis related files TEST: Check that i2d refuses to encode non-optional items with no content ASN.1: Refuse to encode to DER if non-optional items are missing Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN Fix test/asn1_encode_test.c to handle encoding/decoding failure make update (adds a new function code) Avoid empty lines in nmake rule bodies Shane Lontis (2): Test that we don't have a memory leak in d2i_ASN1_OBJECT. s_client.pod: Fix grammar in NOTES section. Theo Buehler (2): Avoid division by zero in hybrid point encoding Test oct2point for hybrid point encoding of (0, y) Todd Short (3): Handle set_alpn_protos inputs better. Call SSLfatal when the generate_ticket_cb returns 0 Fix potential double-free Tomas Mraz (10): Test that EVP_PKEY_cmp() returns 1 when comparing a key to itself Correct the return value on match and mismatch for MAC pkeys Put init_ec_point_formats() inside #ifndef OPENSSL_NO_EC doc: Mention the update of der data pointers in d2i/i2d DSA/RSA_print(): Fix potential memory leak Revert "make update (adds a new function code)" Revert "Fix test/asn1_encode_test.c to handle encoding/decoding failure" Revert "Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN" Revert "ASN.1: Refuse to encode to DER if non-optional items are missing" Revert "TEST: Check that i2d refuses to encode non-optional items with no content" Trev Larock (1): Modify ssl_handshake_hash to call SSLfatal bonniegong (2): check i2d_ASN1_TYPE return value Check the return value of ASN1_STRING_length luyahan (1): Add riscv64 target yunh (1): enable getauxval on android 10 ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 13:50:48 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 13:50:48 +0000 Subject: [web] master update Message-ID: <1629813048.641926.24034.nullmailer@dev.openssl.org> The branch master has been updated via 06ad477ee26f9e15dd8bc87d6bce6017ceec2342 (commit) from e2ba17260f0cc0a1fd1b0c20bf5238a4795076df (commit) - Log ----------------------------------------------------------------- commit 06ad477ee26f9e15dd8bc87d6bce6017ceec2342 Author: Matt Caswell Date: Tue Aug 24 13:54:40 2021 +0100 Updates for the new release Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + news/secadv/20210824.txt | 118 +++++++++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 134 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 252 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20210824.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index a756e6e..f1feacc 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes 29-Jul-2021: Beta 2 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it 17-Jun-2021: New Blog post: OpenSSL 3.0 Release Candidate 17-Jun-2021: Beta 1 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it diff --git a/news/secadv/20210824.txt b/news/secadv/20210824.txt new file mode 100644 index 0000000..f15ecd6 --- /dev/null +++ b/news/secadv/20210824.txt @@ -0,0 +1,118 @@ +OpenSSL Security Advisory [24 August 2021] +========================================== + +SM2 Decryption Buffer Overflow (CVE-2021-3711) +============================================== + +Severity: High + +In order to decrypt SM2 encrypted data an application is expected to call the +API function EVP_PKEY_decrypt(). Typically an application will call this +function twice. The first time, on entry, the "out" parameter can be NULL and, +on exit, the "outlen" parameter is populated with the buffer size required to +hold the decrypted plaintext. The application can then allocate a sufficiently +sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL +value for the "out" parameter. + +A bug in the implementation of the SM2 decryption code means that the +calculation of the buffer size required to hold the plaintext returned by the +first call to EVP_PKEY_decrypt() can be smaller than the actual size required by +the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is +called by the application a second time with a buffer that is too small. + +A malicious attacker who is able present SM2 content for decryption to an +application could cause attacker chosen data to overflow the buffer by up to a +maximum of 62 bytes altering the contents of other data held after the +buffer, possibly changing application behaviour or causing the application to +crash. The location of the buffer is application dependent but is typically +heap allocated. + +OpenSSL versions 1.1.1k and below are affected by this issue. Users of these +versions should upgrade to OpenSSL 1.1.1l. + +OpenSSL 1.0.2 is not impacted by this issue. + +OpenSSL 3.0 alpha/beta releases are also affected but this issue will be +addressed before the final release. + +This issue was reported to OpenSSL on 12th August 2021 by John Ouyang. The fix +was developed by Matt Caswell. + +Read buffer overruns processing ASN.1 strings (CVE-2021-3712) +============================================================= + +Severity: Moderate + +ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING +structure which contains a buffer holding the string data and a field holding +the buffer length. This contrasts with normal C strings which are repesented as +a buffer for the string data which is terminated with a NUL (0) byte. + +Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's +own "d2i" functions (and other similar parsing functions) as well as any string +whose value has been set with the ASN1_STRING_set() function will additionally +NUL terminate the byte array in the ASN1_STRING structure. + +However, it is possible for applications to directly construct valid ASN1_STRING +structures which do not NUL terminate the byte array by directly setting the +"data" and "length" fields in the ASN1_STRING array. This can also happen by +using the ASN1_STRING_set0() function. + +Numerous OpenSSL functions that print ASN.1 data have been found to assume that +the ASN1_STRING byte array will be NUL terminated, even though this is not +guaranteed for strings that have been directly constructed. Where an application +requests an ASN.1 structure to be printed, and where that ASN.1 structure +contains ASN1_STRINGs that have been directly constructed by the application +without NUL terminating the "data" field, then a read buffer overrun can occur. + +The same thing can also occur during name constraints processing of certificates +(for example if a certificate has been directly constructed by the application +instead of loading it via the OpenSSL parsing functions, and the certificate +contains non NUL terminated ASN1_STRING structures). It can also occur in the +X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. + +If a malicious actor can cause an application to directly construct an +ASN1_STRING and then process it through one of the affected OpenSSL functions +then this issue could be hit. This might result in a crash (causing a Denial of +Service attack). It could also result in the disclosure of private memory +contents (such as private keys, or sensitive plaintext). + +OpenSSL versions 1.1.1k and below are affected by this issue. Users of these +versions should upgrade to OpenSSL 1.1.1l. + +OpenSSL versions 1.0.2y and below are affected by this issue. However OpenSSL +1.0.2 is out of support and no longer receiving public updates. Premium support +customers of OpenSSL 1.0.2 should upgrade to 1.0.2za. Other users should upgrade +to 1.1.1l. + +An initial instance of this issue in the X509_aux_print() function was reported +to OpenSSL on 18th July 2021 by Ingo Schwarze. The bugfix was developed by Ingo +Schwarze and first publicly released in OpenBSD-current on 10th July 2021 and +subsequently in OpenSSL on 20th July 2021 (commit d9d838ddc). Subsequent +analysis by David Benjamin on 17th August 2021 identified more instances of the +same bug. Additional analysis was performed by Matt Caswell. Fixes for the +additional instances of this issue were developed by Matt Caswell. + +Note +==== + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended +support is available for premium support customers: +https://www.openssl.org/support/contracts.html + +OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. +The impact of these issues on OpenSSL 1.1.0 has not been analysed. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20210824.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index ba187fd..bc380b1 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,139 @@ - + + + + + + + + + + + + + + + + + + + + Buffer overflow + SM2 Decryption Buffer Overflow + +In order to decrypt SM2 encrypted data an application is expected to call the +API function EVP_PKEY_decrypt(). Typically an application will call this +function twice. The first time, on entry, the "out" parameter can be NULL and, +on exit, the "outlen" parameter is populated with the buffer size required to +hold the decrypted plaintext. The application can then allocate a sufficiently +sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL +value for the "out" parameter. + +A bug in the implementation of the SM2 decryption code means that the +calculation of the buffer size required to hold the plaintext returned by the +first call to EVP_PKEY_decrypt() can be smaller than the actual size required by +the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is +called by the application a second time with a buffer that is too small. + +A malicious attacker who is able present SM2 content for decryption to an +application could cause attacker chosen data to overflow the buffer by up to a +maximum of 62 bytes altering the contents of other data held after the +buffer, possibly changing application behaviour or causing the application to +crash. The location of the buffer is application dependent but is typically +heap allocated. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Buffer overflow + Read buffer overruns processing ASN.1 strings + +ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING +structure which contains a buffer holding the string data and a field holding +the buffer length. This contrasts with normal C strings which are repesented as +a buffer for the string data which is terminated with a NUL (0) byte. + +Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's +own "d2i" functions (and other similar parsing functions) as well as any string +whose value has been set with the ASN1_STRING_set() function will additionally +NUL terminate the byte array in the ASN1_STRING structure. + +However, it is possible for applications to directly construct valid ASN1_STRING +structures which do not NUL terminate the byte array by directly setting the +"data" and "length" fields in the ASN1_STRING array. This can also happen by +using the ASN1_STRING_set0() function. + +Numerous OpenSSL functions that print ASN.1 data have been found to assume that +the ASN1_STRING byte array will be NUL terminated, even though this is not +guaranteed for strings that have been directly constructed. Where an application +requests an ASN.1 structure to be printed, and where that ASN.1 structure +contains ASN1_STRINGs that have been directly constructed by the application +without NUL terminating the "data" field, then a read buffer overrun can occur. + +The same thing can also occur during name constraints processing of certificates +(for example if a certificate has been directly constructed by the application +instead of loading it via the OpenSSL parsing functions, and the certificate +contains non NUL terminated ASN1_STRING structures). It can also occur in the +X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. + +If a malicious actor can cause an application to directly construct an +ASN1_STRING and then process it through one of the affected OpenSSL functions +then this issue could be hit. This might result in a crash (causing a Denial of +Service attack). It could also result in the disclosure of private memory +contents (such as private keys, or sensitive plaintext). + + + + From matt at openssl.org Tue Aug 24 14:07:40 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 14:07:40 +0000 Subject: [web] master update Message-ID: <1629814060.765653.23616.nullmailer@dev.openssl.org> The branch master has been updated via bac471c10fd4ed7b906de2a525ccd14e88bb15fb (commit) from 06ad477ee26f9e15dd8bc87d6bce6017ceec2342 (commit) - Log ----------------------------------------------------------------- commit bac471c10fd4ed7b906de2a525ccd14e88bb15fb Author: Matt Caswell Date: Tue Aug 24 14:59:46 2021 +0100 Add link to security advisory from newsflash Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index f1feacc..e8718a1 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +24-Aug-2021: Security Advisory: two security fixes 24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes 29-Jul-2021: Beta 2 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it 17-Jun-2021: New Blog post: OpenSSL 3.0 Release Candidate From tomas at openssl.org Tue Aug 24 15:57:02 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 24 Aug 2021 15:57:02 +0000 Subject: [openssl] master update Message-ID: <1629820622.744832.25235.nullmailer@dev.openssl.org> The branch master has been updated via 94736c3a10ae7d109243abffb0200931fb3db5a8 (commit) from 796f4f7085ac95a1b0ccee8ff3c6c183219cdab2 (commit) - Log ----------------------------------------------------------------- commit 94736c3a10ae7d109243abffb0200931fb3db5a8 Author: Tomas Mraz Date: Wed Aug 11 13:09:09 2021 +0200 rsa: Try legacy encoding functions for pubkey If there are no suitable encoders it might mean the key is in an engine and thus it is a legacy key. Try legacy encoding routines to encode the public key. We do not attempt encoding a private key as it would be in most cases impossible anyway. Fixes #16256 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16289) ----------------------------------------------------------------------- Summary of changes: apps/rsa.c | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/apps/rsa.c b/apps/rsa.c index 3e9d320ea3..05a091ce4b 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* Necessary for legacy RSA public key export */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include @@ -86,6 +89,36 @@ const OPTIONS rsa_options[] = { {NULL} }; +static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout, + BIO *out) +{ + int ret = 0; +#ifndef OPENSSL_NO_DEPRECATED_3_0 + const RSA *rsa = EVP_PKEY_get0_RSA(pkey); + + if (rsa == NULL) + return 0; + + if (outformat == FORMAT_ASN1) { + if (pubout == 2) + ret = i2d_RSAPublicKey_bio(out, rsa) > 0; + else + ret = i2d_RSA_PUBKEY_bio(out, rsa) > 0; + } else if (outformat == FORMAT_PEM) { + if (pubout == 2) + ret = PEM_write_bio_RSAPublicKey(out, rsa) > 0; + else + ret = PEM_write_bio_RSA_PUBKEY(out, rsa) > 0; +# ifndef OPENSSL_NO_DSA + } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { + ret = i2b_PublicKey_bio(out, pkey) > 0; +# endif + } +#endif + + return ret; +} + int rsa_main(int argc, char **argv) { ENGINE *e = NULL; @@ -331,7 +364,11 @@ int rsa_main(int argc, char **argv) output_type, output_structure, NULL); if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { - BIO_printf(bio_err, "%s format not supported\n", output_type); + if ((!pubout && !pubin) + || !try_legacy_encoding(pkey, outformat, pubout, out)) + BIO_printf(bio_err, "%s format not supported\n", output_type); + else + ret = 0; goto end; } From openssl at openssl.org Tue Aug 24 22:59:59 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 24 Aug 2021 22:59:59 +0000 Subject: FAILED build of OpenSSL branch master with options enable-fuzz-afl no-shared no-module Message-ID: <1629845999.343219.4133565.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config enable-fuzz-afl no-shared no-module Commit log since last time: 94736c3a10 rsa: Try legacy encoding functions for pubkey 796f4f7085 Updates CHANGES.md and NEWS.md for new 1.1.1 release ad1ca777f9 Check the plaintext buffer is large enough when decrypting SM2 d07036b98d Extend tests for SM2 decryption 36cf45ef3b Correctly calculate the length of SM2 plaintext given the ciphertext 4b8a8bb752 Fix the error handling in i2v_AUTHORITY_KEYID e20fc2ee4f Allow fuzz builds to detect string overruns 030c5aba94 Fix EC_GROUP_new_from_ecparameters to check the base length 7c038a6bcd Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings 98624776c4 Fix append_ia5 function to not assume NUL terminated strings 1f365708a3 Fix test code to not assume NUL terminated strings 95f8c1e142 Fix CMP code to not assume NUL terminated strings d2015a783e Fix the name constraints code to not assume NUL terminated strings 918430ba80 Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings b2b3b9c993 Fix GENERAL_NAME_print to not assume NUL terminated strings 1747d4658b Fix POLICYINFO printing to not assume NUL terminated strings ad6ac17489 Fix i2v_GENERAL_NAME to not assume NUL terminated strings Build log ended with (last 100 lines): # SSL_accept() failed -1, 1 # 40970CDB177F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40970CDB177F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40970CDB177F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685:Field=session_id, Type=SSL_SESSION_ASN1 # 40970CDB177F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 40970CDB177F0000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1584:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9260 # false # OPENSSL_TEST_RAND_ORDER=1629843676 not ok 372 - iteration 7 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1629843676 not ok 74 - test_dh_auto # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 40970CDB177F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40970CDB177F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40970CDB177F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685: # 40970CDB177F0000:error:0688010A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:537:Field=session_id_context, Type=SSL_SESSION_ASN1 # 40970CDB177F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:1004 # No progress made # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9315 # false # OPENSSL_TEST_RAND_ORDER=1629843676 not ok 75 - test_sni_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/bkTcXITTlB default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 32. # Looks like you failed 1 test of 1.90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 7168 Tests: 30 Failed: 28) Failed tests: 1-21, 23-28, 30 Non-zero exit status: 28 20-test_spkac.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 2, 4 Non-zero exit status: 2 25-test_crl.t (Wstat: 256 Tests: 10 Failed: 1) Failed test: 3 Non-zero exit status: 1 25-test_sid.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 2 Non-zero exit status: 1 65-test_cmp_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_asyncio.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_clienthello.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_recordlen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_servername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ca.t (Wstat: 256 Tests: 15 Failed: 1) Failed test: 5 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_pkcs12.t (Wstat: 768 Tests: 13 Failed: 3) Failed tests: 1-3 Non-zero exit status: 3 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_v3name.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_old.t (Wstat: 1024 Tests: 6 Failed: 4) Failed tests: 3-6 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=240, Tests=2835, 273 wallclock secs (15.31 usr 1.87 sys + 943.09 cusr 72.74 csys = 1033.01 CPU) Result: FAIL make[1]: *** [Makefile:2570: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2566: tests] Error 2 From matt at openssl.org Tue Aug 24 23:14:37 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 23:14:37 +0000 Subject: [openssl] OpenSSL_1_0_2za delete Message-ID: <1629846877.258992.28409.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2za has been deleted was e197135eee4164c33146dad7b96f0d71b8844deb - Log ----------------------------------------------------------------- 11e489b8da357feab83bb6f819eaf7f1d909a617 Prepare for 1.0.2za release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 23:15:26 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 23:15:26 +0000 Subject: [openssl] OpenSSL_1_0_2y delete Message-ID: <1629846926.111508.29515.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2y has been deleted was 31db38aa664c43895469ac079b8c64ed52aac8df - Log ----------------------------------------------------------------- 924fdf1fbec0f305dbf77c9d9250fdf9080aef88 Prepare for 1.0.2y release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 23:15:34 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 23:15:34 +0000 Subject: [openssl] OpenSSL_1_0_2x delete Message-ID: <1629846934.693684.30551.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2x has been deleted was f278d144994a4b0cb31c239755a026916603b9f6 - Log ----------------------------------------------------------------- fa174e280f15db2093c026a7e15433b5e5c65a76 Prepare for 1.0.2x release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 23:15:46 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 23:15:46 +0000 Subject: [openssl] OpenSSL_1_0_2w delete Message-ID: <1629846946.650412.31445.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2w has been deleted was 61694f4327ea70db170cf987174da51672604bf4 - Log ----------------------------------------------------------------- 51fe13e340561da2a51870785c8f0818872fc1bc Prepare for 1.0.2w release ----------------------------------------------------------------------- From matt at openssl.org Tue Aug 24 23:15:56 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 24 Aug 2021 23:15:56 +0000 Subject: [openssl] OpenSSL_1_0_2v delete Message-ID: <1629846956.730368.32397.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2v has been deleted was 571d13e591360b770cc93e0085e9eb522758e96f - Log ----------------------------------------------------------------- 3f9c9c6ee9c792fa2819007777149f889090e540 Prepare for 1.0.2v release ----------------------------------------------------------------------- From pauli at openssl.org Wed Aug 25 00:47:04 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 25 Aug 2021 00:47:04 +0000 Subject: [openssl] master update Message-ID: <1629852424.903088.31762.nullmailer@dev.openssl.org> The branch master has been updated via 2576b70d43e1fcc8073df60ccccf3e22a13b67d3 (commit) from 94736c3a10ae7d109243abffb0200931fb3db5a8 (commit) - Log ----------------------------------------------------------------- commit 2576b70d43e1fcc8073df60ccccf3e22a13b67d3 Author: Pauli Date: Wed Aug 25 10:12:17 2021 +1000 sm2: fix error raise to not fail make update Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16411) ----------------------------------------------------------------------- Summary of changes: crypto/sm2/sm2_crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index e26b48390a..5318c6199f 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -313,7 +313,7 @@ int ossl_sm2_decrypt(const EC_KEY *key, C3 = sm2_ctext->C3->data; msg_len = sm2_ctext->C2->length; if (*ptext_len < (size_t)msg_len) { - SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL); + ERR_raise(ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL); goto done; } From pauli at openssl.org Wed Aug 25 00:47:44 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 25 Aug 2021 00:47:44 +0000 Subject: [openssl] master update Message-ID: <1629852464.284088.444.nullmailer@dev.openssl.org> The branch master has been updated via e1c2913833f84ccd23aa6f2001f1ecaccadf3e56 (commit) from 2576b70d43e1fcc8073df60ccccf3e22a13b67d3 (commit) - Log ----------------------------------------------------------------- commit e1c2913833f84ccd23aa6f2001f1ecaccadf3e56 Author: Pauli Date: Wed Aug 25 10:32:12 2021 +1000 cpp: fix included files to avoid failure in no-deprecated builds A header file was missing but only in no-deprecated builds. Also add some ending comments for #if preprocessor statements. Move function declaration inside #ifdef guard for header. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16412) ----------------------------------------------------------------------- Summary of changes: include/crypto/x509.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 599db841a7..1f00178e89 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -14,6 +14,7 @@ # include "internal/refcount.h" # include # include +# include # include "crypto/types.h" /* Internal X509 structures and functions: not for application use */ @@ -343,7 +344,7 @@ DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length); int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp); DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length); int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp); -# endif +# endif /* OPENSSL_NO_DH */ # ifndef OPENSSL_NO_EC ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, const unsigned char **pp, long length); @@ -357,10 +358,10 @@ int ossl_i2d_X25519_PUBKEY(const ECX_KEY *a, unsigned char **pp); ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, const unsigned char **pp, long length); int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); -# endif +# endif /* OPENSSL_NO_EC */ EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, long length); -#endif int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, size_t vallen, STACK_OF(CONF_VALUE) **extlist); +#endif /* OSSL_CRYPTO_X509_H */ From pauli at openssl.org Wed Aug 25 01:24:15 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 25 Aug 2021 01:24:15 +0000 Subject: [openssl] master update Message-ID: <1629854655.876956.5864.nullmailer@dev.openssl.org> The branch master has been updated via fdd436436d337f54e1e9d57b46b9489f7a3d042d (commit) from e1c2913833f84ccd23aa6f2001f1ecaccadf3e56 (commit) - Log ----------------------------------------------------------------- commit fdd436436d337f54e1e9d57b46b9489f7a3d042d Author: Pauli Date: Wed Aug 25 10:44:01 2021 +1000 news/changes: fix formatting nits The news/changes files are being nitted causing CI failure. This addresses the issues. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/16413) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 114 ++++++++++++++++++++++++++++++++----------------------------- NEWS.md | 1 + 2 files changed, 61 insertions(+), 54 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5fdec520b7..905ad50a50 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1362,66 +1362,72 @@ OpenSSL 1.1.1 * Fixed an SM2 Decryption Buffer Overflow. - In order to decrypt SM2 encrypted data an application is expected to call the - API function EVP_PKEY_decrypt(). Typically an application will call this - function twice. The first time, on entry, the "out" parameter can be NULL and, - on exit, the "outlen" parameter is populated with the buffer size required to - hold the decrypted plaintext. The application can then allocate a sufficiently - sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL - value for the "out" parameter. + In order to decrypt SM2 encrypted data an application is expected to + call the API function EVP_PKEY_decrypt(). Typically an application will + call this function twice. The first time, on entry, the "out" parameter + can be NULL and, on exit, the "outlen" parameter is populated with the + buffer size required to hold the decrypted plaintext. The application + can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() + again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the - calculation of the buffer size required to hold the plaintext returned by the - first call to EVP_PKEY_decrypt() can be smaller than the actual size required by - the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is - called by the application a second time with a buffer that is too small. - - A malicious attacker who is able present SM2 content for decryption to an - application could cause attacker chosen data to overflow the buffer by up to a - maximum of 62 bytes altering the contents of other data held after the - buffer, possibly changing application behaviour or causing the application to - crash. The location of the buffer is application dependent but is typically - heap allocated. + calculation of the buffer size required to hold the plaintext returned + by the first call to EVP_PKEY_decrypt() can be smaller than the actual + size required by the second call. This can lead to a buffer overflow + when EVP_PKEY_decrypt() is called by the application a second time with + a buffer that is too small. + + A malicious attacker who is able present SM2 content for decryption to + an application could cause attacker chosen data to overflow the buffer + by up to a maximum of 62 bytes altering the contents of other data held + after the buffer, possibly changing application behaviour or causing + the application to crash. The location of the buffer is application + dependent but is typically heap allocated. ([CVE-2021-3711]) *Matt Caswell* - * Fixed various read buffer overruns processing ASN.1 strings - - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING - structure which contains a buffer holding the string data and a field holding - the buffer length. This contrasts with normal C strings which are repesented as - a buffer for the string data which is terminated with a NUL (0) byte. - - Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's - own "d2i" functions (and other similar parsing functions) as well as any string - whose value has been set with the ASN1_STRING_set() function will additionally - NUL terminate the byte array in the ASN1_STRING structure. - - However, it is possible for applications to directly construct valid ASN1_STRING - structures which do not NUL terminate the byte array by directly setting the - "data" and "length" fields in the ASN1_STRING array. This can also happen by - using the ASN1_STRING_set0() function. - - Numerous OpenSSL functions that print ASN.1 data have been found to assume that - the ASN1_STRING byte array will be NUL terminated, even though this is not - guaranteed for strings that have been directly constructed. Where an application - requests an ASN.1 structure to be printed, and where that ASN.1 structure - contains ASN1_STRINGs that have been directly constructed by the application - without NUL terminating the "data" field, then a read buffer overrun can occur. - - The same thing can also occur during name constraints processing of certificates - (for example if a certificate has been directly constructed by the application - instead of loading it via the OpenSSL parsing functions, and the certificate - contains non NUL terminated ASN1_STRING structures). It can also occur in the - X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. - - If a malicious actor can cause an application to directly construct an - ASN1_STRING and then process it through one of the affected OpenSSL functions - then this issue could be hit. This might result in a crash (causing a Denial of - Service attack). It could also result in the disclosure of private memory - contents (such as private keys, or sensitive plaintext). - ([CVE-2021-3712]) + * Fixed various read buffer overruns processing ASN.1 strings + + ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING + structure which contains a buffer holding the string data and a field + holding the buffer length. This contrasts with normal C strings which + are repesented as a buffer for the string data which is terminated + with a NUL (0) byte. + + Although not a strict requirement, ASN.1 strings that are parsed using + OpenSSL's own "d2i" functions (and other similar parsing functions) as + well as any string whose value has been set with the ASN1_STRING_set() + function will additionally NUL terminate the byte array in the + ASN1_STRING structure. + + However, it is possible for applications to directly construct valid + ASN1_STRING structures which do not NUL terminate the byte array by + directly setting the "data" and "length" fields in the ASN1_STRING + array. This can also happen by using the ASN1_STRING_set0() function. + + Numerous OpenSSL functions that print ASN.1 data have been found to + assume that the ASN1_STRING byte array will be NUL terminated, even + though this is not guaranteed for strings that have been directly + constructed. Where an application requests an ASN.1 structure to be + printed, and where that ASN.1 structure contains ASN1_STRINGs that have + been directly constructed by the application without NUL terminating + the "data" field, then a read buffer overrun can occur. + + The same thing can also occur during name constraints processing + of certificates (for example if a certificate has been directly + constructed by the application instead of loading it via the OpenSSL + parsing functions, and the certificate contains non NUL terminated + ASN1_STRING structures). It can also occur in the X509_get1_email(), + X509_REQ_get1_email() and X509_get1_ocsp() functions. + + If a malicious actor can cause an application to directly construct an + ASN1_STRING and then process it through one of the affected OpenSSL + functions then this issue could be hit. This might result in a crash + (causing a Denial of Service attack). It could also result in the + disclosure of private memory contents (such as private keys, or + sensitive plaintext). + ([CVE-2021-3712]) *Matt Caswell* diff --git a/NEWS.md b/NEWS.md index 02227ef755..c269e370e0 100644 --- a/NEWS.md +++ b/NEWS.md @@ -90,6 +90,7 @@ OpenSSL 1.1.1 ------------- ### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] + * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) From dev at ddvo.net Wed Aug 25 05:21:22 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 25 Aug 2021 05:21:22 +0000 Subject: [openssl] master update Message-ID: <1629868882.184375.1429.nullmailer@dev.openssl.org> The branch master has been updated via 32f7be2ab72ee22e98a2254709cb6128492b207a (commit) from fdd436436d337f54e1e9d57b46b9489f7a3d042d (commit) - Log ----------------------------------------------------------------- commit 32f7be2ab72ee22e98a2254709cb6128492b207a Author: Dr. David von Oheimb Date: Tue Aug 17 19:57:08 2021 +0200 APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16344) ----------------------------------------------------------------------- Summary of changes: apps/include/apps.h | 2 +- apps/lib/apps.c | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/apps/include/apps.h b/apps/include/apps.h index bc8c6359f3..9d5db16600 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -94,7 +94,7 @@ typedef struct args_st { int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); int chopup_args(ARGS *arg, char *buf); -int dump_cert_text(BIO *out, X509 *x); +void dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, const X509_NAME *nm); void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 9762001b6a..43c01401e8 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -200,14 +200,10 @@ unsigned long get_nameopt(void) return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; } -int dump_cert_text(BIO *out, X509 *x) +void dump_cert_text(BIO *out, X509 *x) { print_name(out, "subject=", X509_get_subject_name(x)); - BIO_puts(out, "\n"); print_name(out, "issuer=", X509_get_issuer_name(x)); - BIO_puts(out, "\n"); - - return 0; } int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata) @@ -1289,6 +1285,8 @@ void print_name(BIO *out, const char *title, const X509_NAME *nm) int indent = 0; unsigned long lflags = get_nameopt(); + if (out == NULL) + return; if (title != NULL) BIO_puts(out, title); if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { From tomas at openssl.org Wed Aug 25 07:23:20 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 07:23:20 +0000 Subject: [openssl] master update Message-ID: <1629876200.524684.5643.nullmailer@dev.openssl.org> The branch master has been updated via 8b4e9c5265ffd3457ad37133502a9d8a4e8daccd (commit) from 32f7be2ab72ee22e98a2254709cb6128492b207a (commit) - Log ----------------------------------------------------------------- commit 8b4e9c5265ffd3457ad37133502a9d8a4e8daccd Author: Tianjia Zhang Date: Mon Aug 23 17:40:22 2021 +0800 apps/ciphers: Fix wrong return value when using -convert parameter Command 'openssl ciphers -convert ' always returns failure, this patch set the correct return value. Signed-off-by: Tianjia Zhang Reviewed-by: Paul Yang Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16383) ----------------------------------------------------------------------- Summary of changes: apps/ciphers.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/ciphers.c b/apps/ciphers.c index 6e4fedd9a7..9c494224a1 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -183,6 +183,7 @@ int ciphers_main(int argc, char **argv) if (convert != NULL) { BIO_printf(bio_out, "OpenSSL cipher name: %s\n", OPENSSL_cipher_name(convert)); + ret = 0; goto end; } From scan-admin at coverity.com Wed Aug 25 07:50:12 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 25 Aug 2021 07:50:12 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <6125f6334b1d8_30481c2aede2ec79a829771@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DZmCo_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEk3RP2dXOG5V8dSqFdMV9MK-2FU-2FONFBFN3EjzOfX4yS9c-2Fr3hF-2Bz7aGjaUEcrnSuwF4hD94ewC6HliVXtM46d-2BD7aIoY6QmfV5rv3uY1AVIrsM-2BIWCMGGwXg0HhSeTlgfCbpoEVECcB4kx0l5HQ6oC60rUQ0qh5cK6NV2IuMEVzDW5HfPCclIaXcqOsQugXjgw-3D Build ID: 404120 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Wed Aug 25 07:53:18 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Wed, 25 Aug 2021 07:53:18 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6125f6ee2cf1b_30490e2aede2ec79a829725@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D5cFn_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEKPQ-2BY5FHOkqNcOH6tkf1rSEzJJiHd0Wnf1xXbLpCUbBohANS96f12Hfbcgz-2ByeXB0KxbHfwHFgXJ0cNdqFCCsJg6XFjGb4f4anzkkPw2WZSqZ1frK0J89VIVoX3ROTS4Yhq78aE0DjM3-2F6J06SeqjEy8Si2VXHFy2V5tGe8rh9ucGtWuOThwmh-2F9i70CJZYM-3D Build ID: 404121 Analysis Summary: New defects found: 0 Defects eliminated: 0 From levitte at openssl.org Wed Aug 25 12:43:34 2021 From: levitte at openssl.org (Richard Levitte) Date: Wed, 25 Aug 2021 12:43:34 +0000 Subject: [openssl] master update Message-ID: <1629895414.911426.6162.nullmailer@dev.openssl.org> The branch master has been updated via 33a62d448c95c01a5bff7be8a00bf95b6a6a6f37 (commit) from 8b4e9c5265ffd3457ad37133502a9d8a4e8daccd (commit) - Log ----------------------------------------------------------------- commit 33a62d448c95c01a5bff7be8a00bf95b6a6a6f37 Author: Richard Levitte Date: Mon Aug 23 14:12:28 2021 +0200 VMS: Correct faulty source directory specification $(SRCDIR)/doc doesn't work right on VMS. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16395) ----------------------------------------------------------------------- Summary of changes: Configurations/descrip.mms.tmpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 3ffd387903..2d17ddebfd 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -886,9 +886,10 @@ EOF my $title = basename($args{src}, ".html"); my $pod = $gen0; my $mkpod2html = sourcefile('util', 'mkpod2html.pl'); + my $srcdoc = sourcedir('doc'); return <<"EOF"; $args{src} : $pod - \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" + \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "$srcdoc" EOF } elsif ($args{src} =~ /\.(\d)$/) { # From tomas at openssl.org Wed Aug 25 14:52:09 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 14:52:09 +0000 Subject: [openssl] master update Message-ID: <1629903129.528051.3698.nullmailer@dev.openssl.org> The branch master has been updated via 1501de3380aa1907a6b27c734a3c30f0962048ed (commit) from 33a62d448c95c01a5bff7be8a00bf95b6a6a6f37 (commit) - Log ----------------------------------------------------------------- commit 1501de3380aa1907a6b27c734a3c30f0962048ed Author: Richard Levitte Date: Tue Aug 24 13:45:27 2021 +0200 Add multilib to the NonStop configuration definitions. Fixes: #16373 Co-authored-by: Randall S. Becker Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16398) ----------------------------------------------------------------------- Summary of changes: Configurations/50-nonstop.conf | 12 +++++++++++- NOTES-NONSTOP.md | 8 +++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/Configurations/50-nonstop.conf b/Configurations/50-nonstop.conf index 7524c50016..ed3fe828b3 100644 --- a/Configurations/50-nonstop.conf +++ b/Configurations/50-nonstop.conf @@ -203,12 +203,14 @@ 'nonstop-ilp32', 'nonstop-efloat-x86_64', 'nonstop-model-put' ], + multilib => '-put', }, 'nonstop-nsx_64' => { inherit_from => [ 'nonstop-common', 'nonstop-archenv-x86_64-oss', 'nonstop-lp64-x86_64', 'nonstop-efloat-x86_64' ], + multilib => '64', disable => ['threads'], }, 'nonstop-nsx_64_put' => { @@ -217,13 +219,15 @@ 'nonstop-lp64-x86_64', 'nonstop-efloat-x86_64', 'nonstop-model-put' ], + multilib => '64-put', }, 'nonstop-nsx_spt' => { inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', + 'nonstop-archenv-x86_64-oss', 'nonstop-ilp32', 'nonstop-efloat-x86_64', 'nonstop-model-spt' ], + multilib => '-spt', }, 'nonstop-nsx_spt_floss' => { inherit_from => [ 'nonstop-common', @@ -232,6 +236,7 @@ 'nonstop-efloat-x86_64', 'nonstop-model-floss', 'nonstop-model-spt'], + multilib => '-spt', }, 'nonstop-nsx_g' => { inherit_from => [ 'nonstop-common', @@ -261,12 +266,14 @@ 'nonstop-ilp32', 'nonstop-efloat-itanium', 'nonstop-model-put' ], + multilib => '-put', }, 'nonstop-nse_64' => { inherit_from => [ 'nonstop-common', 'nonstop-archenv-itanium-oss', 'nonstop-lp64-itanium', 'nonstop-efloat-itanium' ], + multilib => '64', disable => ['threads'], }, 'nonstop-nse_64_put' => { @@ -275,6 +282,7 @@ 'nonstop-lp64-itanium', 'nonstop-efloat-itanium', 'nonstop-model-put' ], + multilib => '64-put', }, 'nonstop-nse_spt' => { inherit_from => [ 'nonstop-common', @@ -282,6 +290,7 @@ 'nonstop-ilp32', 'nonstop-efloat-itanium', 'nonstop-model-spt' ], + multilib => '-spt', }, 'nonstop-nse_spt_floss' => { inherit_from => [ 'nonstop-common', @@ -289,6 +298,7 @@ 'nonstop-ilp32', 'nonstop-efloat-itanium', 'nonstop-model-floss', 'nonstop-model-spt' ], + multilib => '-spt', }, 'nonstop-nse_g' => { inherit_from => [ 'nonstop-common', diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md index 171f394a9d..586fbabef0 100644 --- a/NOTES-NONSTOP.md +++ b/NOTES-NONSTOP.md @@ -56,8 +56,14 @@ options, and keeping your memory and float options consistent, for example: * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl` * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl` + +As of 3.0, the NonStop configurations use the multilib attribute to distinguish +between different models: + * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl` - * For 3.0 PUT `--prefix=/usr/local-ssl3.0_put --openssldir=/usr/local-ssl3.0_put/ssl` + +The PUT model is placed in `${prefix}/lib-put` for 32-bit models and +`${prefix}/lib64-put` for 64-bit models. Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the From tomas at openssl.org Wed Aug 25 14:53:40 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 14:53:40 +0000 Subject: [openssl] master update Message-ID: <1629903220.547288.5758.nullmailer@dev.openssl.org> The branch master has been updated via 562d4cd3c35b32f2bc6ac0770b80ce394f8d76a4 (commit) from 1501de3380aa1907a6b27c734a3c30f0962048ed (commit) - Log ----------------------------------------------------------------- commit 562d4cd3c35b32f2bc6ac0770b80ce394f8d76a4 Author: Bernd Edlinger Date: Mon Aug 23 14:03:20 2021 +0200 Fix the array size of dtlsseq in tls1_enc Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16385) ----------------------------------------------------------------------- Summary of changes: ssl/record/ssl3_record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 30af6508a7..b6ac61e0e8 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1047,7 +1047,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (SSL_IS_DTLS(s)) { /* DTLS does not support pipelining */ - unsigned char dtlsseq[9], *p = dtlsseq; + unsigned char dtlsseq[8], *p = dtlsseq; s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); From tomas at openssl.org Wed Aug 25 14:55:34 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 14:55:34 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629903334.482390.8041.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 801abbe01ebd380a9b66f08d59fcc5e8738134a5 (commit) from a2056b09fbef58bcb79b0fe8b88b592c560eb32f (commit) - Log ----------------------------------------------------------------- commit 801abbe01ebd380a9b66f08d59fcc5e8738134a5 Author: Bernd Edlinger Date: Mon Aug 23 14:03:20 2021 +0200 Fix the array size of dtlsseq in tls1_enc Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16385) (cherry picked from commit 562d4cd3c35b32f2bc6ac0770b80ce394f8d76a4) ----------------------------------------------------------------------- Summary of changes: ssl/record/ssl3_record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index e6a8bbd710..f158544789 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1039,7 +1039,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (SSL_IS_DTLS(s)) { /* DTLS does not support pipelining */ - unsigned char dtlsseq[9], *p = dtlsseq; + unsigned char dtlsseq[8], *p = dtlsseq; s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); From tomas at openssl.org Wed Aug 25 15:02:57 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 15:02:57 +0000 Subject: [openssl] master update Message-ID: <1629903777.043083.12780.nullmailer@dev.openssl.org> The branch master has been updated via 0760d132da046063f6ac3c28bd2ee1d8505e6fcd (commit) from 562d4cd3c35b32f2bc6ac0770b80ce394f8d76a4 (commit) - Log ----------------------------------------------------------------- commit 0760d132da046063f6ac3c28bd2ee1d8505e6fcd Author: Paul Dreik Date: Fri Nov 29 19:23:35 2019 +0100 Avoid invoking memcpy if size is zero or the supplied buffer is NULL This allows for passing a NULL pointer with zero max_len. Invoking memcpy on NULL is undefined behaviour, even if the size is zero. https://en.cppreference.com/w/c/string/byte/memcpy The function can now be queried for the necessary buffer length. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10541) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/evp_asn1.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index 3122c4724f..13d8ed3893 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -27,7 +27,10 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) return 1; } -/* int max_len: for returned value */ +/* int max_len: for returned value + * if passing NULL in data, nothing is copied but the necessary length + * for it is returned. + */ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) { int ret, num; @@ -43,7 +46,8 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l num = ret; else num = max_len; - memcpy(data, p, num); + if (num > 0 && data != NULL) + memcpy(data, p, num); return ret; } From tomas at openssl.org Wed Aug 25 15:22:31 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 15:22:31 +0000 Subject: [openssl] master update Message-ID: <1629904951.991473.21520.nullmailer@dev.openssl.org> The branch master has been updated via 06447b58b234be050d405c6c75bfc987c6dcfdf9 (commit) from 0760d132da046063f6ac3c28bd2ee1d8505e6fcd (commit) - Log ----------------------------------------------------------------- commit 06447b58b234be050d405c6c75bfc987c6dcfdf9 Author: Bernd Edlinger Date: Mon Aug 23 11:11:29 2021 +0200 Avoid using undefined value in generate_stateless_cookie_callback Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16384) ----------------------------------------------------------------------- Summary of changes: apps/lib/s_cb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 245bae6249..c9a611aa3a 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -823,7 +823,8 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, size_t temp = 0; int res = generate_stateless_cookie_callback(ssl, cookie, &temp); - *cookie_len = (unsigned int)temp; + if (res != 0) + *cookie_len = (unsigned int)temp; return res; } From tomas at openssl.org Wed Aug 25 15:24:39 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 15:24:39 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629905079.039160.22917.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via cf2b1d6f11aa7ec4aa909ff1ecb9bee6892285d9 (commit) from 801abbe01ebd380a9b66f08d59fcc5e8738134a5 (commit) - Log ----------------------------------------------------------------- commit cf2b1d6f11aa7ec4aa909ff1ecb9bee6892285d9 Author: Bernd Edlinger Date: Mon Aug 23 11:11:29 2021 +0200 Avoid using undefined value in generate_stateless_cookie_callback Reviewed-by: Paul Yang Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16381) ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index dee1b2e5b4..d066a423de 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -819,7 +819,9 @@ int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, { unsigned int temp; int res = generate_cookie_callback(ssl, cookie, &temp); - *cookie_len = temp; + + if (res != 0) + *cookie_len = temp; return res; } From tomas at openssl.org Wed Aug 25 15:27:19 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 15:27:19 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629905239.990666.24371.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 18622c7625436d7f99c0f51895c4d3cea233c62e (commit) from cf2b1d6f11aa7ec4aa909ff1ecb9bee6892285d9 (commit) - Log ----------------------------------------------------------------- commit 18622c7625436d7f99c0f51895c4d3cea233c62e Author: Bernd Edlinger Date: Sun Aug 22 21:28:51 2021 +0200 Fix some strict gcc-12 warnings Reviewed-by: Paul Dale Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16375) ----------------------------------------------------------------------- Summary of changes: crypto/ec/curve448/field.h | 2 +- ssl/s3_cbc.c | 2 +- ssl/ssl_local.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h index ccd04482d2..4ce263d436 100644 --- a/crypto/ec/curve448/field.h +++ b/crypto/ec/curve448/field.h @@ -62,7 +62,7 @@ mask_t gf_eq(const gf x, const gf y); mask_t gf_lobit(const gf x); mask_t gf_hibit(const gf x); -void gf_serialize(uint8_t *serial, const gf x, int with_highbit); +void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_highbit); mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, uint8_t hi_nmask); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index aa7d63f84a..ae2a330ba5 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -128,7 +128,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, - const unsigned char header[13], + const unsigned char *header, const unsigned char *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index f92472117a..9f346e30e8 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2622,7 +2622,7 @@ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, - const unsigned char header[13], + const unsigned char *header, const unsigned char *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, From tomas at openssl.org Wed Aug 25 15:31:56 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 25 Aug 2021 15:31:56 +0000 Subject: [openssl] master update Message-ID: <1629905516.356823.28027.nullmailer@dev.openssl.org> The branch master has been updated via e5f8935c5bdf4677618017f7d907ce1d9e3df6a6 (commit) via 3d491c054ea8f662dc9dc499d3029d126a8726d3 (commit) from 06447b58b234be050d405c6c75bfc987c6dcfdf9 (commit) - Log ----------------------------------------------------------------- commit e5f8935c5bdf4677618017f7d907ce1d9e3df6a6 Author: Pauli Date: Tue Aug 24 19:07:18 2021 +1000 changes: add note about 3DES key wrap matching the standard Also note that it is no longer interoperable with 1.1.1. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16343) commit 3d491c054ea8f662dc9dc499d3029d126a8726d3 Author: Pauli Date: Wed Aug 18 11:58:11 2021 +1000 test: add unit tests for TDES key wrap This functionality was completely untested. Doesn't fix #16002 since that's a bug against 1.1.1. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16343) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 ++++ test/destest.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 905ad50a50..ac10632734 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -40,6 +40,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Jan L?na* + * The triple DES key wrap functionality now conforms to RFC 3217 but is + no longer interoperable with OpenSSL 1.1.1. + + *Paul Dale* + * The ERR_GET_FUNC() function was removed. With the loss of meaningful function codes, this function can only cause problems for calling applications. diff --git a/test/destest.c b/test/destest.c index b61c9eecc8..d2f3cfe6a7 100644 --- a/test/destest.c +++ b/test/destest.c @@ -17,6 +17,7 @@ #include #include "testutil.h" +#include "internal/nelem.h" #ifndef OPENSSL_NO_DES # include @@ -697,6 +698,79 @@ static int test_des_quad_cksum(void) return 0; return 1; } + +/* + * Test TDES based key wrapping. + * The wrapping process uses a randomly generated IV so it is difficult to + * undertake KATs. End to end testing is performed instead. + */ +static const int test_des_key_wrap_sizes[] = { + 8, 16, 24, 32, 64, 80 +}; + +static int test_des_key_wrap(int idx) +{ + int in_bytes = test_des_key_wrap_sizes[idx]; + unsigned char in[100], c_txt[200], p_txt[200], key[24]; + int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i; + EVP_CIPHER *cipher = NULL; + EVP_CIPHER_CTX *ctx = NULL; + int res = 0; + + /* Some sanity checks and cipher loading */ + if (!TEST_size_t_le(in_bytes, sizeof(in)) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL)) + || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8) + || !TEST_size_t_eq(bs * 3u, sizeof(key)) + || !TEST_true(in_bytes % bs == 0) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto err; + + /* Create random data to end to end test */ + for (i = 0; i < in_bytes; i++) + in[i] = test_random(); + + /* Build the key */ + memcpy(key, cbc_key, sizeof(cbc_key)); + memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key)); + memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key)); + + /* Wrap / encrypt the key */ + clen_upd = sizeof(c_txt); + if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL)) + || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd, + in, in_bytes))) + goto err; + + expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs; + if (!TEST_int_eq(clen_upd, expect)) + goto err; + + clen_fin = sizeof(c_txt) - clen_upd; + if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin)) + || !TEST_int_eq(clen_fin, 0)) + goto err; + clen = clen_upd + clen_fin; + + /* Decrypt the wrapped key */ + plen_upd = sizeof(p_txt); + if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL)) + || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd, + c_txt, clen))) + goto err; + plen_fin = sizeof(p_txt) - plen_upd; + if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin))) + goto err; + plen = plen_upd + plen_fin; + + if (!TEST_mem_eq(in, in_bytes, p_txt, plen)) + goto err; + res = 1; + err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return res; +} #endif int setup_tests(void) @@ -722,6 +796,7 @@ int setup_tests(void) ADD_TEST(test_des_crypt); ADD_ALL_TESTS(test_input_align, 4); ADD_ALL_TESTS(test_output_align, 4); + ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes)); #endif return 1; } From beldmit at gmail.com Wed Aug 25 18:01:55 2021 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 25 Aug 2021 18:01:55 +0000 Subject: [openssl] master update Message-ID: <1629914515.932558.15872.nullmailer@dev.openssl.org> The branch master has been updated via 69b920bb134417213adce260e15da3f751922cf4 (commit) from e5f8935c5bdf4677618017f7d907ce1d9e3df6a6 (commit) - Log ----------------------------------------------------------------- commit 69b920bb134417213adce260e15da3f751922cf4 Author: Dr. David von Oheimb Date: Tue Aug 24 12:15:41 2021 +0200 CMS app: Fix new -wrap option Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16396) ----------------------------------------------------------------------- Summary of changes: apps/cms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cms.c b/apps/cms.c index b30273f171..76c7896719 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -680,7 +680,7 @@ int cms_main(int argc, char **argv) goto end; break; case OPT_WRAP: - wrapname = opt_unknown(); + wrapname = opt_arg(); break; case OPT_AES128_WRAP: case OPT_AES192_WRAP: From openssl at openssl.org Wed Aug 25 22:59:04 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 25 Aug 2021 22:59:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options enable-fuzz-afl no-shared no-module Message-ID: <1629932344.296306.134737.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config enable-fuzz-afl no-shared no-module Commit log since last time: 69b920bb13 CMS app: Fix new -wrap option e5f8935c5b changes: add note about 3DES key wrap matching the standard 3d491c054e test: add unit tests for TDES key wrap 06447b58b2 Avoid using undefined value in generate_stateless_cookie_callback 0760d132da Avoid invoking memcpy if size is zero or the supplied buffer is NULL 562d4cd3c3 Fix the array size of dtlsseq in tls1_enc 1501de3380 Add multilib to the NonStop configuration definitions. 33a62d448c VMS: Correct faulty source directory specification 8b4e9c5265 apps/ciphers: Fix wrong return value when using -convert parameter 32f7be2ab7 APPS: Fix result type of dump_cert_text() and behavior of print_name() on out==NULL fdd436436d news/changes: fix formatting nits e1c2913833 cpp: fix included files to avoid failure in no-deprecated builds 2576b70d43 sm2: fix error raise to not fail make update Build log ended with (last 100 lines): # SSL_accept() failed -1, 1 # 40E777A5A27F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40E777A5A27F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40E777A5A27F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685:Field=session_id, Type=SSL_SESSION_ASN1 # 40E777A5A27F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:957 # SSL_connect() failed -1, 1 # 40E777A5A27F0000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_s3.c:1584:SSL alert number 80 # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9260 # false # OPENSSL_TEST_RAND_ORDER=1629930058 not ok 372 - iteration 7 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1629930058 not ok 74 - test_dh_auto # ------------------------------------------------------------------------------ # INFO: @ ../openssl/test/helpers/ssltestlib.c:975 # SSL_accept() failed -1, 1 # 40E777A5A27F0000:error:068C0100:asn1 encoding routines:ASN1_STRING_set:malloc failure:../openssl/crypto/asn1/asn1_lib.c:311: # 40E777A5A27F0000:error:068C0100:asn1 encoding routines:asn1_ex_c2i:malloc failure:../openssl/crypto/asn1/tasn_dec.c:944: # 40E777A5A27F0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:685: # 40E777A5A27F0000:error:0688010A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../openssl/crypto/asn1/tasn_dec.c:537:Field=session_id_context, Type=SSL_SESSION_ASN1 # 40E777A5A27F0000:error:0A0C0103:SSL routines:construct_stateless_ticket:internal error:../openssl/ssl/statem/statem_srvr.c:3706: # INFO: @ ../openssl/test/helpers/ssltestlib.c:1004 # No progress made # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:9315 # false # OPENSSL_TEST_RAND_ORDER=1629930058 not ok 75 - test_sni_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/cpVNSglCXd default ../../../openssl/test/default.cnf => 1 not ok 1 - running sslapitest # ------------------------------------------------------------------------------ # Failed test 'running sslapitest' # at ../openssl/test/recipes/90-test_sslapi.t line 32. # Looks like you failed 1 test of 1.90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 7168 Tests: 30 Failed: 28) Failed tests: 1-21, 23-28, 30 Non-zero exit status: 28 20-test_spkac.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 2, 4 Non-zero exit status: 2 25-test_crl.t (Wstat: 256 Tests: 10 Failed: 1) Failed test: 3 Non-zero exit status: 1 25-test_sid.t (Wstat: 256 Tests: 2 Failed: 1) Failed test: 2 Non-zero exit status: 1 65-test_cmp_ctx.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_asyncio.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_clienthello.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_recordlen.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_servername.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ca.t (Wstat: 256 Tests: 15 Failed: 1) Failed test: 5 Non-zero exit status: 1 80-test_dtls_mtu.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_pkcs12.t (Wstat: 768 Tests: 13 Failed: 3) Failed tests: 1-3 Non-zero exit status: 3 80-test_sslcorrupt.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_sslbuffers.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 90-test_v3name.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 80-test_ssl_old.t (Wstat: 1024 Tests: 6 Failed: 4) Failed tests: 3-6 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=240, Tests=2835, 262 wallclock secs (14.21 usr 1.71 sys + 905.87 cusr 67.99 csys = 989.78 CPU) Result: FAIL make[1]: *** [Makefile:2572: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' make: *** [Makefile:2568: tests] Error 2 From pauli at openssl.org Wed Aug 25 23:34:21 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 25 Aug 2021 23:34:21 +0000 Subject: [openssl] master update Message-ID: <1629934461.183299.29678.nullmailer@dev.openssl.org> The branch master has been updated via 9698a56e82da0262146c0f74b40d132f99099850 (commit) via 31656f27855ddd477349f5960b29d605d32fe38d (commit) from 69b920bb134417213adce260e15da3f751922cf4 (commit) - Log ----------------------------------------------------------------- commit 9698a56e82da0262146c0f74b40d132f99099850 Author: Pauli Date: Tue Aug 24 09:40:52 2021 +1000 aes-wrap: improve error handling The AES wrap cipher was return -1 on error from the provider rather than 0. This is fixed. There was a problem with the error handling in AES wrap which fell back to a default "final error". This adds a fix for the error and more specific errors for the different failure possibilities. Fixes #16387 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16391) commit 31656f27855ddd477349f5960b29d605d32fe38d Author: Pauli Date: Tue Aug 24 09:40:28 2021 +1000 Add invalid input length error Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16391) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + include/openssl/proverr.h | 1 + providers/common/provider_err.c | 2 ++ providers/implementations/ciphers/cipher_aes_wrp.c | 28 ++++++++++++++++------ 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index da3fee84d1..b47293a27a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -992,6 +992,7 @@ PROV_R_INVALID_DATA:115:invalid data PROV_R_INVALID_DIGEST:122:invalid digest PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size +PROV_R_INVALID_INPUT_LENGTH:230:invalid input length PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count PROV_R_INVALID_IV_LENGTH:109:invalid iv length PROV_R_INVALID_KEY:158:invalid key diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h index bdfdda2c93..ad67a8f897 100644 --- a/include/openssl/proverr.h +++ b/include/openssl/proverr.h @@ -59,6 +59,7 @@ # define PROV_R_INVALID_DIGEST 122 # define PROV_R_INVALID_DIGEST_LENGTH 166 # define PROV_R_INVALID_DIGEST_SIZE 218 +# define PROV_R_INVALID_INPUT_LENGTH 230 # define PROV_R_INVALID_ITERATION_COUNT 123 # define PROV_R_INVALID_IV_LENGTH 109 # define PROV_R_INVALID_KEY 158 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index d08192e64b..344c122112 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -80,6 +80,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "invalid digest length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE), "invalid digest size"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH), + "invalid input length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT), "invalid iteration count"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"}, diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index f797db4596..8bddf475e2 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -152,16 +152,22 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, return 0; /* Input length must always be non-zero */ - if (inlen == 0) + if (inlen == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); return -1; + } /* If decrypting need at least 16 bytes and multiple of 8 */ - if (!ctx->enc && (inlen < 16 || inlen & 0x7)) + if (!ctx->enc && (inlen < 16 || inlen & 0x7)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); return -1; + } /* If not padding input must be multiple of 8 */ - if (!pad && inlen & 0x7) + if (!pad && inlen & 0x7) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); return -1; + } if (out == NULL) { if (ctx->enc) { @@ -182,7 +188,15 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in, inlen, ctx->block); - return rv ? (int)rv : -1; + if (!rv) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return -1; + } + if (rv > INT_MAX) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); + return -1; + } + return (int)rv; } static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl, @@ -212,12 +226,12 @@ static int aes_wrap_cipher(void *vctx, if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return -1; + return 0; } len = aes_wrap_cipher_internal(ctx, out, in, inl); - if (len == 0) - return -1; + if (len <= 0) + return 0; *outl = len; return 1; From pauli at openssl.org Wed Aug 25 23:59:28 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 25 Aug 2021 23:59:28 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629935968.521951.7012.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7a1a91556cc271d38944410b133a2ab5e2cf8ca8 (commit) from 18622c7625436d7f99c0f51895c4d3cea233c62e (commit) - Log ----------------------------------------------------------------- commit 7a1a91556cc271d38944410b133a2ab5e2cf8ca8 Author: Tianjia Zhang Date: Mon Aug 23 17:40:22 2021 +0800 apps/ciphers: Fix wrong return value when using -convert parameter Command 'openssl ciphers -convert ' always returns failure, this patch set the correct return value. Signed-off-by: Tianjia Zhang Reviewed-by: Paul Yang Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16383) (cherry picked from commit 8b4e9c5265ffd3457ad37133502a9d8a4e8daccd) ----------------------------------------------------------------------- Summary of changes: apps/ciphers.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/ciphers.c b/apps/ciphers.c index 0bb33a4aca..e403130eeb 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -172,6 +172,7 @@ int ciphers_main(int argc, char **argv) if (convert != NULL) { BIO_printf(bio_out, "OpenSSL cipher name: %s\n", OPENSSL_cipher_name(convert)); + ret = 0; goto end; } From pauli at openssl.org Thu Aug 26 00:34:45 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 26 Aug 2021 00:34:45 +0000 Subject: [openssl] master update Message-ID: <1629938085.658986.19949.nullmailer@dev.openssl.org> The branch master has been updated via a291cfdfdee0cb40a684e1c379eff88ba43f784b (commit) from 9698a56e82da0262146c0f74b40d132f99099850 (commit) - Log ----------------------------------------------------------------- commit a291cfdfdee0cb40a684e1c379eff88ba43f784b Author: Pauli Date: Wed Aug 25 10:06:11 2021 +1000 doc: document the rsa_oaep_md: pkeyopt This was missing but essential for using non-SHA1 digests with OAEP. Fixes #15998 Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16410) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-pkeyutl.pod.in | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 06365ef76d..b0054ead66 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -262,6 +262,11 @@ B block structure. For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not explicitly set in PSS mode then the signing digest is used. +=item BI + +Sets the digest used for the OAEP hash function. If not explicitly set then +SHA1 is used. + =back =head1 RSA-PSS ALGORITHM @@ -391,6 +396,11 @@ Verify some data using an L certificate and a specific ID: openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \ -rawin -digest sm3 -pkeyopt distid:someid +Decrypt some data using a private key with OAEP padding using SHA256: + + openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \ + -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 + =head1 SEE ALSO L, From bernd.edlinger at hotmail.de Thu Aug 26 07:01:22 2021 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 26 Aug 2021 07:01:22 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629961282.615994.16644.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5d91c74fa3fcd8c17184ab8f51745de8354f7362 (commit) from 7a1a91556cc271d38944410b133a2ab5e2cf8ca8 (commit) - Log ----------------------------------------------------------------- commit 5d91c74fa3fcd8c17184ab8f51745de8354f7362 Author: Bernd Edlinger Date: Mon Aug 23 11:13:26 2021 +0200 Check for null-pointer dereference in dh_cms_set_peerkey Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16382) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_ameth.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index d53004080d..0d4026c206 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -629,16 +629,18 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, goto err; pk = EVP_PKEY_CTX_get0_pkey(pctx); - if (!pk) - goto err; - if (pk->type != EVP_PKEY_DHX) + if (pk == NULL || pk->type != EVP_PKEY_DHX) goto err; + /* Get parameters from parent key */ dhpeer = DHparams_dup(pk->pkey.dh); + if (dhpeer == NULL) + goto err; + /* We have parameters now set public key */ plen = ASN1_STRING_length(pubkey); p = ASN1_STRING_get0_data(pubkey); - if (!p || !plen) + if (p == NULL || plen == 0) goto err; if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) { @@ -655,6 +657,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, pkpeer = EVP_PKEY_new(); if (pkpeer == NULL) goto err; + EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); dhpeer = NULL; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) From scan-admin at coverity.com Thu Aug 26 07:49:05 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 26 Aug 2021 07:49:05 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <612747711d930_3205f22b02d18cb99c47229@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DKZhB_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHz-2BRvhph67BMbTB2VJDw1d6oMWarlBZhSyBGczfeB0Bw1Q-2FUg5LA4lwNHxzi381kUx9FhR5bSLUrzjB4Yt-2F7oT6qyZFaczapn-2BDO3EtjxT0ezoKx5vu34l1Gqw-2Bs5PVmKS8ANHVNyay2Mu64NDM-2Ft0xRm7Z96yHT3hm0h3re3dHrRBapl-2F-2B8wQXV5fBkph0tY-3D Build ID: 404266 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Thu Aug 26 07:52:12 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Thu, 26 Aug 2021 07:52:12 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <6127482bdd34a_3206fc2b02d18cb99c4724b@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DoWwL_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHJItRiRHYv-2B93ABJlHNx62UhmuqdYjwy2YQCIEnANpK2q6Bfxsj9WNHafQbp-2B1xJpHPCR-2FjKnxEKqdsyoVhWBYwYzG63Zy6LvOQ2jJ-2FQM8Ia-2BNDxRmxlVKyuRZ9Zx1EmlTqvgweucJsT2YleF92A-2B7xPHExpcUXcgbj2NgWjC0TCbvNz-2Bg6q-2BwhU36JFSv6bo-3D Build ID: 404267 Analysis Summary: New defects found: 0 Defects eliminated: 0 From tomas at openssl.org Thu Aug 26 09:06:24 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 26 Aug 2021 09:06:24 +0000 Subject: [openssl] master update Message-ID: <1629968784.270543.5572.nullmailer@dev.openssl.org> The branch master has been updated via 62bae84d4587ec9a56d0ce830e36e4a5b2fa8a33 (commit) from a291cfdfdee0cb40a684e1c379eff88ba43f784b (commit) - Log ----------------------------------------------------------------- commit 62bae84d4587ec9a56d0ce830e36e4a5b2fa8a33 Author: zhaozg Date: Wed Aug 18 15:40:22 2021 +0800 ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16347) ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_verify_ctx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 7478421689..2f6f00c0cc 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -70,6 +70,7 @@ STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len) { + OPENSSL_free(ctx->imprint); ctx->imprint = hexstr; ctx->imprint_len = len; return ctx->imprint; From tomas at openssl.org Thu Aug 26 09:06:48 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 26 Aug 2021 09:06:48 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1629968808.007919.6657.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 15d1ddde5de9d28b671d3f6fe8757f4b87e67821 (commit) from 5d91c74fa3fcd8c17184ab8f51745de8354f7362 (commit) - Log ----------------------------------------------------------------- commit 15d1ddde5de9d28b671d3f6fe8757f4b87e67821 Author: zhaozg Date: Wed Aug 18 15:40:22 2021 +0800 ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16347) (cherry picked from commit 62bae84d4587ec9a56d0ce830e36e4a5b2fa8a33) ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_verify_ctx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 32cd2f542b..b504649a41 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -70,6 +70,7 @@ STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len) { + OPENSSL_free(ctx->imprint); ctx->imprint = hexstr; ctx->imprint_len = len; return ctx->imprint; From tomas at openssl.org Thu Aug 26 14:07:18 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 26 Aug 2021 14:07:18 +0000 Subject: [openssl] master update Message-ID: <1629986838.367601.18844.nullmailer@dev.openssl.org> The branch master has been updated via 78539b250b05d0721da775bf4eddc096bde5ecaa (commit) from 62bae84d4587ec9a56d0ce830e36e4a5b2fa8a33 (commit) - Log ----------------------------------------------------------------- commit 78539b250b05d0721da775bf4eddc096bde5ecaa Author: Tomas Mraz Date: Wed Aug 25 13:50:40 2021 +0200 EVP_DigestSign/VerifyFinal: Duplicate the pctx to allow multiple calls The legacy implementation duplicates the pctx before creating/verifying the signature unless EVP_MD_CTX_FLAG_FINALISE is set. We have to do the same with provided implementations. Fixes #16321 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16422) ----------------------------------------------------------------------- Summary of changes: crypto/evp/m_sigver.c | 35 +++++++++++++++++++++++++++-------- test/evp_extra_test.c | 33 +++++++++++++++++++++++++-------- 2 files changed, 52 insertions(+), 16 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index f21865a8c3..806ef3224c 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -400,7 +400,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { int sctx = 0, r = 0; - EVP_PKEY_CTX *pctx = ctx->pctx; + EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; if (pctx == NULL || pctx->operation != EVP_PKEY_OP_SIGNCTX @@ -408,8 +408,19 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, || pctx->op.sig.signature == NULL) goto legacy; - return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, SIZE_MAX); + if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, + sigret, siglen, + SIZE_MAX); + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; + + r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, + sigret, siglen, + SIZE_MAX); + EVP_PKEY_CTX_free(dctx); + return r; legacy: if (pctx == NULL || pctx->pmeth == NULL) { @@ -429,8 +440,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); else { - EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(pctx); - + dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); @@ -516,7 +526,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, int r = 0; unsigned int mdlen = 0; int vctx = 0; - EVP_PKEY_CTX *pctx = ctx->pctx; + EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; if (pctx == NULL || pctx->operation != EVP_PKEY_OP_VERIFYCTX @@ -524,8 +534,17 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, || pctx->op.sig.signature == NULL) goto legacy; - return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, + sig, siglen); + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; + + r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, + sig, siglen); + EVP_PKEY_CTX_free(dctx); + return r; legacy: if (pctx == NULL || pctx->pmeth == NULL) { diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index bc02cea95d..83f8902d24 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1051,8 +1051,8 @@ static int test_EVP_DigestSignInit(int tst) { int ret = 0; EVP_PKEY *pkey = NULL; - unsigned char *sig = NULL; - size_t sig_len = 0; + unsigned char *sig = NULL, *sig2 = NULL; + size_t sig_len = 0, sig2_len = 0; EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; BIO *mdbio = NULL, *membio = NULL; @@ -1115,17 +1115,17 @@ static int test_EVP_DigestSignInit(int tst) || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) goto out; - if (tst >= 6) { - if (!TEST_int_gt(BIO_reset(mdbio), 0) - || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) - goto out; - } - /* * Ensure that the signature round-trips (Verification isn't supported for * HMAC via EVP_DigestVerify*) */ if (tst != 2 && tst != 5 && tst != 8) { + if (tst >= 6) { + if (!TEST_int_gt(BIO_reset(mdbio), 0) + || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) + goto out; + } + if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, NULL, pkey))) goto out; @@ -1140,6 +1140,22 @@ static int test_EVP_DigestSignInit(int tst) } if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) goto out; + + /* Multiple calls to EVP_DigestVerifyFinal should work */ + if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) + goto out; + } else { + /* + * For HMAC a doubled call to DigestSignFinal should produce the same + * value as finalization should not happen. + */ + if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) + || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) + || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) + goto out; + + if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) + goto out; } ret = 1; @@ -1151,6 +1167,7 @@ static int test_EVP_DigestSignInit(int tst) EVP_MD_CTX_free(a_md_ctx_verify); EVP_PKEY_free(pkey); OPENSSL_free(sig); + OPENSSL_free(sig2); EVP_MD_free(mdexp); return ret; From dev at ddvo.net Thu Aug 26 15:44:18 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 26 Aug 2021 15:44:18 +0000 Subject: [openssl] master update Message-ID: <1629992658.761338.7337.nullmailer@dev.openssl.org> The branch master has been updated via b4fec69b2a8b5b93ec0e2603e4d27e5d722b87fc (commit) from 78539b250b05d0721da775bf4eddc096bde5ecaa (commit) - Log ----------------------------------------------------------------- commit b4fec69b2a8b5b93ec0e2603e4d27e5d722b87fc Author: Dr. David von Oheimb Date: Wed Aug 25 08:35:40 2021 +0200 APPS/x509: fix -extfile option, which was ignored with -x509toreq Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16417) ----------------------------------------------------------------------- Summary of changes: apps/x509.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index e9a45e4d8f..7236972c5b 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -190,9 +190,7 @@ static void warn_copying(ASN1_OBJECT *excluded, const char *names) sn); } -static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest, - STACK_OF(OPENSSL_STRING) *sigopts, - int ext_copy, const char *names) +static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names) { const STACK_OF(X509_EXTENSION) *cert_exts = X509_get0_extensions(cert); int i, n = sk_X509_EXTENSION_num(cert_exts /* may be NULL */); @@ -228,8 +226,6 @@ static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest, goto err; } } - if (!do_X509_REQ_sign(req, pkey, digest, sigopts)) - goto err; sk_X509_EXTENSION_free(exts); return req; @@ -804,7 +800,7 @@ int x509_main(int argc, char **argv) } X509V3_set_ctx(&ext_ctx, issuer_cert, x, req, NULL, X509V3_CTX_REPLACE); - if (extconf != NULL) { + if (extconf != NULL && !x509toreq) { X509V3_set_nconf(&ext_ctx, extconf); if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) { BIO_printf(bio_err, @@ -830,8 +826,17 @@ int x509_main(int argc, char **argv) BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n"); goto end; } - if ((rq = x509_to_req(x, privkey, digest, sigopts, - ext_copy, ext_names)) == NULL) + if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL) + goto end; + if (extconf != NULL) { + X509V3_set_nconf(&ext_ctx, extconf); + if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) { + BIO_printf(bio_err, + "Error adding request extensions from section %s\n", extsect); + goto end; + } + } + if (!do_X509_REQ_sign(rq, privkey, digest, sigopts)) goto end; if (!noout) { if (outformat == FORMAT_ASN1) { From dev at ddvo.net Thu Aug 26 15:46:15 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 26 Aug 2021 15:46:15 +0000 Subject: [openssl] master update Message-ID: <1629992775.574479.8715.nullmailer@dev.openssl.org> The branch master has been updated via 4fdb0d2535323373650bd68e7a659f9320828857 (commit) via f2b6edcfdd9ba0b17c8d6d6d76aa892fe76315fc (commit) from b4fec69b2a8b5b93ec0e2603e4d27e5d722b87fc (commit) - Log ----------------------------------------------------------------- commit 4fdb0d2535323373650bd68e7a659f9320828857 Author: Dr. David von Oheimb Date: Wed Aug 25 12:21:06 2021 +0200 APPS/req: Fix AKID generation in case -CA option is used Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16420) commit f2b6edcfdd9ba0b17c8d6d6d76aa892fe76315fc Author: Dr. David von Oheimb Date: Wed Aug 25 12:11:38 2021 +0200 APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16420) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 51 ++++++++++++++++++++------------------------- doc/man1/openssl-req.pod.in | 31 ++++++++++++++------------- 2 files changed, 40 insertions(+), 42 deletions(-) diff --git a/apps/req.c b/apps/req.c index a0ecda8225..6aa364fec5 100644 --- a/apps/req.c +++ b/apps/req.c @@ -116,10 +116,10 @@ const OPTIONS req_options[] = { {"reqopt", OPT_REQOPT, 's', "Various request text options"}, {"text", OPT_TEXT, '-', "Text form of request"}, {"x509", OPT_X509, '-', - "Output an x509 structure instead of a cert request"}, - {"CA", OPT_CA, '<', "Issuer certificate to use with -x509"}, + "Output an X.509 certificate structure instead of a cert request"}, + {"CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509"}, {"CAkey", OPT_CAKEY, 's', - "Issuer private key to use with -x509; default is -CA arg"}, + "Issuer private key to use with -CA; default is -CA arg"}, {OPT_MORE_STR, 1, 1, "(Required by some CA's)"}, {"subj", OPT_SUBJ, 's', "Set or modify subject of request or cert"}, {"subject", OPT_SUBJECT, '-', @@ -139,7 +139,7 @@ const OPTIONS req_options[] = { {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"}, OPT_SECTION("Keys and Signing"), - {"key", OPT_KEY, 's', "Private key to use"}, + {"key", OPT_KEY, 's', "Key to include and to use for self-signature"}, {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, {"keyout", OPT_KEYOUT, '>', "File to write private key to"}, @@ -406,6 +406,7 @@ int req_main(int argc, char **argv) break; case OPT_CA: CAfile = opt_arg(); + gen_x509 = 1; break; case OPT_CAKEY: CAkeyfile = opt_arg(); @@ -630,7 +631,6 @@ int req_main(int argc, char **argv) goto end; app_RAND_load_conf(req_conf, section); } - if (newreq && pkey == NULL) { app_RAND_load_conf(req_conf, section); @@ -755,28 +755,21 @@ int req_main(int argc, char **argv) "Ignoring -CAkey option since no -CA option is given\n"); } else { if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF, - 0, passin, e, "issuer private key")) == NULL) + 0, passin, e, + CAkeyfile != CAfile + ? "issuer private key from -CAkey arg" + : "issuer private key from -CA arg")) == NULL) goto end; } } if (CAfile != NULL) { - if (!gen_x509) { + if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin, + "issuer cert from -CA arg")) == NULL) + goto end; + if (!X509_check_private_key(CAcert, CAkey)) { BIO_printf(bio_err, - "Warning: Ignoring -CA option without -x509\n"); - } else { - if (CAkeyfile == NULL) { - BIO_printf(bio_err, - "Need to give the -CAkey option if using -CA\n"); - goto end; - } - if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin, - "issuer certificate")) == NULL) - goto end; - if (!X509_check_private_key(CAcert, CAkey)) { - BIO_printf(bio_err, - "Issuer certificate and key do not match\n"); - goto end; - } + "Issuer CA certificate and key do not match\n"); + goto end; } } if (newreq || gen_x509) { @@ -798,6 +791,7 @@ int req_main(int argc, char **argv) } if (gen_x509) { EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req); + EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey; X509V3_CTX ext_ctx; X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) : X509_REQ_get_subject_name(req); @@ -828,7 +822,8 @@ int req_main(int argc, char **argv) if (!pub_key || !X509_set_pubkey(new_x509, pub_key)) goto end; if (ext_copy == EXT_COPY_UNSET) { - BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n"); + if (infile != NULL) + BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n"); } else if (!copy_extensions(new_x509, req, ext_copy)) { BIO_printf(bio_err, "Error copying extensions from request\n"); goto end; @@ -837,11 +832,12 @@ int req_main(int argc, char **argv) /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509, new_x509, NULL, NULL, X509V3_CTX_REPLACE); - if (CAcert == NULL) { /* self-issued, possibly self-signed */ - if (!X509V3_set_issuer_pkey(&ext_ctx, pkey)) /* prepare right AKID */ + /* prepare fallback for AKID, but only if issuer cert == new_x509 */ + if (CAcert == NULL) { + if (!X509V3_set_issuer_pkey(&ext_ctx, issuer_key)) goto end; ERR_set_mark(); - if (!X509_check_private_key(new_x509, pkey)) + if (!X509_check_private_key(new_x509, issuer_key)) BIO_printf(bio_err, "Warning: Signature key and public key of cert do not match\n"); ERR_pop_to_mark(); @@ -872,8 +868,7 @@ int req_main(int argc, char **argv) } } - i = do_X509_sign(new_x509, CAcert != NULL ? CAkey : pkey, - digest, sigopts, &ext_ctx); + i = do_X509_sign(new_x509, issuer_key, digest, sigopts, &ext_ctx); if (!i) goto end; } else { diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 75d0da1743..9926901571 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -103,7 +103,7 @@ which supports both options for good reasons. =item B<-passin> I -The password source for the request input file and the certificate input. +The password source for private key and certificate input. For more information about the format of B see L. @@ -124,7 +124,7 @@ Prints out the certificate request in text form. =item B<-subject> Prints out the certificate request subject -(or certificate subject if B<-x509> is specified). +(or certificate subject if B<-x509> is in use). =item B<-pubkey> @@ -193,8 +193,8 @@ See L for more details. =item B<-key> I|I -This specifies the private key to use for request self-signature -and signing certificates produced using the B<-x509> option. +This specifies the key to include and to use for request self-signature +and for self-signing certificates produced with the B<-x509> option. It also accepts PKCS#8 format private keys for PEM format files. =item B<-keyform> B|B|B|B @@ -266,6 +266,7 @@ This option has been deprecated and has no effect. This option outputs a certificate instead of a certificate request. This is typically used to generate test certificates. +It is implied by the B<-CA> option. If an existing request is specified with the B<-in> option, it is converted to the a certificate; otherwise a request is created from scratch. @@ -281,7 +282,8 @@ or using the B<-addext> option. =item B<-CA> I|I -Specifies the "CA" certificate to be used for signing with the B<-x509> option. +Specifies the "CA" certificate to be used for signing a new certificate +and implies use of B<-x509>. When present, this behaves like a "micro CA" as follows: The subject name of the "CA" certificate is placed as issuer name in the new certificate, which is then signed using the "CA" key given as specified below. @@ -294,7 +296,7 @@ If this option is not provided then the key must be present in the B<-CA> input. =item B<-days> I -When the B<-x509> option is being used this specifies the number of +When B<-x509> is in use this specifies the number of days to certify the certificate for, otherwise it is ignored. I should be a positive integer. The default is 30 days. @@ -307,7 +309,7 @@ If not given, a large random number will be used. =item B<-copy_extensions> I Determines how X.509 extensions in certificate requests should be handled -when B<-x509> is given. +when B<-x509> is in use. If I is B or this option is not present then extensions are ignored. If I is B or B then all extensions in the request are copied to the certificate. @@ -317,8 +319,8 @@ values for certain extensions such as subjectAltName. =item B<-addext> I -Add a specific extension to the certificate (if the B<-x509> option is -present) or certificate request. The argument must have the form of +Add a specific extension to the certificate (if B<-x509> is in use) +or certificate request. The argument must have the form of a key=value pair as it would appear in a config file. This option can be given multiple times. @@ -328,8 +330,8 @@ This option can be given multiple times. =item B<-reqexts> I