[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 374804bd0973e8af05046caecc40e6b906d1a375 (commit)
from bfd752fe83c72f248a6905d971217e8a3e3a287d (commit)
- Log -
commit 374804bd0973e8af05046caecc40e6b906d1a375
Author: Pauli
Date: Wed Sep 5 07:50:17 2018 +1000
Key zeroization fix for EVP_SealInit.
Manual backport from master.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7116)
---
Summary of changes:
crypto/evp/p_seal.c | 21 ++---
test/evp_extra_test.c | 48 +++-
2 files changed, 61 insertions(+), 8 deletions(-)
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index faa2464..6f026e7 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,6 +21,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
{
unsigned char key[EVP_MAX_KEY_LENGTH];
int i;
+int rv = 0;
if (type) {
EVP_CIPHER_CTX_reset(ctx);
@@ -31,21 +32,27 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER
*type,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
+
if (EVP_CIPHER_CTX_iv_length(ctx)
-&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
-return 0;
+&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+goto err;
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
-return 0;
+goto err;
for (i = 0; i < npubk; i++) {
ekl[i] =
EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
pubk[i]);
-if (ekl[i] <= 0)
-return (-1);
+if (ekl[i] <= 0) {
+rv = -1;
+goto err;
+}
}
-return (npubk);
+rv = npubk;
+err:
+OPENSSL_cleanse(key, sizeof(key));
+return rv;
}
/*- MACRO
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 9217f3a..bc02fad 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -9,6 +9,7 @@
#include
#include
+#include
#include
#include
#include
@@ -326,6 +327,46 @@ static int test_d2i_AutoPrivateKey(const unsigned char
*input,
return ret;
}
+static int test_EVP_Enveloped(void)
+{
+int ret = 0;
+EVP_CIPHER_CTX *ctx = NULL;
+EVP_PKEY *keypair = NULL;
+unsigned char *kek = NULL;
+int kek_len;
+unsigned char iv[EVP_MAX_IV_LENGTH];
+static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
+int len, ciphertext_len, plaintext_len;
+unsigned char ciphertext[32], plaintext[16];
+const EVP_CIPHER *type = EVP_aes_256_cbc();
+
+if ((keypair = load_example_rsa_key()) == NULL
+|| (kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) == NULL
+|| (ctx = EVP_CIPHER_CTX_new()) == NULL
+|| !EVP_SealInit(ctx, type, &kek, &kek_len, iv, &keypair, 1)
+|| !EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
+ msg, sizeof(msg))
+|| !EVP_SealFinal(ctx, ciphertext + ciphertext_len, &len))
+goto err;
+
+ciphertext_len += len;
+if (!EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)
+|| !EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
+ ciphertext, ciphertext_len)
+|| !EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)
+|| (plaintext_len += len) != sizeof(msg)
+|| memcmp(msg, plaintext, sizeof(msg)) != 0)
+goto err;
+
+ret = 1;
+
+err:
+OPENSSL_free(kek);
+EVP_PKEY_free(keypair);
+EVP_CIPHER_CTX_free(ctx);
+return ret;
+}
+
#ifndef OPENSSL_NO_EC
/* Tests loading a bad key in PKCS8 format */
static int test_EVP_PKCS82PKEY(void)
@@ -386,6 +427,11 @@ int main(void)
return 1;
}
+if (!test_EVP_Enveloped()) {
+fprintf(stderr, "test_EVP_Enveloped failed\n");
+return 1;
+}
+
#ifndef OPENSSL_NO_EC
if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER),
EVP_PKEY_EC)) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/l
[openssl-commits] [tools] master update
The branch master has been updated
via 1f45f077ae95e501865207cc9aba81a7c3791756 (commit)
from 2a01977682aadf36adcc66dd7ac2bbe0cbc26d24 (commit)
- Log -
commit 1f45f077ae95e501865207cc9aba81a7c3791756
Author: Richard Levitte
Date: Tue Sep 4 21:18:58 2018 +0200
gitaddrev: don't lowercase the reviewers
If we lowercase them, the occasional registered mixed case ID will not
be recognised.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/28)
---
Summary of changes:
review-tools/gitaddrev | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index cf041d4..18930b4 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -31,7 +31,7 @@ my @unknown_reviewers;
my $skip_reviewer;
my $omccount = 0;
sub try_add_reviewer {
-my $id = lc(shift);
+my $id = shift;
my $rc = undef;
my $id2 = $id =~ /^\@(.*)$/ ? { github => $1 } : $id;
my $rev = $query->find_person_tag($id2, 'rev');
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via bfd752fe83c72f248a6905d971217e8a3e3a287d (commit)
from fe4de29d48d6f7125576a6f8ac73c5af5e832083 (commit)
- Log -
commit bfd752fe83c72f248a6905d971217e8a3e3a287d
Author: Eric Curtin
Date: Mon Sep 3 15:23:37 2018 +0100
New openssl subject parser hard to debug
-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise
Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote
Device Access Test Local CA, emailAddress = r...@hpe.com'
was a valid subject in openssl 1.0. Error received in 1.1 is:
problems making Certificate Request
Not very informative, I only figured this out because I compiled the
code and added logging.
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7098)
(cherry picked from commit 2167640b0bf76ec50a397dd90444b97c242e3f04)
---
Summary of changes:
apps/apps.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/apps/apps.c b/apps/apps.c
index d52201f..a162b16 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1707,8 +1707,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int
canmulti)
char *work;
X509_NAME *n;
-if (*cp++ != '/')
+if (*cp++ != '/') {
+BIO_printf(bio_err,
+ "name is expected to be in the format "
+ "/type0=value0/type1=value1/type2=... where characters may "
+ "be escaped by \\. This name is not in that format: '%s'\n",
+ --cp);
return NULL;
+}
n = X509_NAME_new();
if (n == NULL)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 2167640b0bf76ec50a397dd90444b97c242e3f04 (commit)
from 64ed55ab033f1bfa795d46f0ecc61c313204b418 (commit)
- Log -
commit 2167640b0bf76ec50a397dd90444b97c242e3f04
Author: Eric Curtin
Date: Mon Sep 3 15:23:37 2018 +0100
New openssl subject parser hard to debug
-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise
Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote
Device Access Test Local CA, emailAddress = r...@hpe.com'
was a valid subject in openssl 1.0. Error received in 1.1 is:
problems making Certificate Request
Not very informative, I only figured this out because I compiled the
code and added logging.
Reviewed-by: Tim Hudson
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7098)
---
Summary of changes:
apps/apps.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/apps/apps.c b/apps/apps.c
index 4090e60..9be6560 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1768,8 +1768,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int
canmulti)
char *work;
X509_NAME *n;
-if (*cp++ != '/')
+if (*cp++ != '/') {
+BIO_printf(bio_err,
+ "name is expected to be in the format "
+ "/type0=value0/type1=value1/type2=... where characters may "
+ "be escaped by \\. This name is not in that format: '%s'\n",
+ --cp);
return NULL;
+}
n = X509_NAME_new();
if (n == NULL)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via fe4de29d48d6f7125576a6f8ac73c5af5e832083 (commit)
from b5b39779f3dfe811a64899bd8b33397647dda57a (commit)
- Log -
commit fe4de29d48d6f7125576a6f8ac73c5af5e832083
Author: Pauli
Date: Wed Sep 5 05:35:34 2018 +1000
Make OBJ_NAME case insensitive.
Reviewed-by: Richard Levitte
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/7101)
---
Summary of changes:
.../{conf/conf_lcl.h => include/internal/lhash.h} | 6 -
crypto/lhash/lhash.c | 23
crypto/objects/o_names.c | 31 +++---
test/evptests.txt | 30 +
4 files changed, 73 insertions(+), 17 deletions(-)
copy crypto/{conf/conf_lcl.h => include/internal/lhash.h} (74%)
diff --git a/crypto/conf/conf_lcl.h b/crypto/include/internal/lhash.h
similarity index 74%
copy from crypto/conf/conf_lcl.h
copy to crypto/include/internal/lhash.h
index 6e1f7fe..200ba86 100644
--- a/crypto/conf/conf_lcl.h
+++ b/crypto/include/internal/lhash.h
@@ -7,5 +7,9 @@
* https://www.openssl.org/source/license.html
*/
-void conf_add_ssl_module(void);
+#ifndef INTERNAL_LHASH_H
+# define INTERNAL_LHASH_H
+unsigned long openssl_lh_strcasehash(const char *);
+
+#endif
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index f485411..319dd49 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -12,6 +12,8 @@
#include
#include
#include
+#include
+#include "internal/lhash.h"
#include "lhash_lcl.h"
/*
@@ -351,6 +353,27 @@ unsigned long OPENSSL_LH_strhash(const char *c)
return ((ret >> 16) ^ ret);
}
+unsigned long openssl_lh_strcasehash(const char *c)
+{
+unsigned long ret = 0;
+long n;
+unsigned long v;
+int r;
+
+if (c == NULL || *c == '\0')
+return ret;
+
+for (n = 0x100; *c != '\0'; n += 0x100) {
+v = n | tolower(*c);
+r = (int)((v >> 2) ^ v) & 0x0f;
+ret = (ret << r) | (ret >> (32 - r));
+ret &= 0xL;
+ret ^= v * v;
+c++;
+}
+return (ret >> 16) ^ ret;
+}
+
unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh)
{
return lh ? lh->num_items : 0;
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 15fe653..709b9c3 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -16,27 +16,26 @@
#include
#include
#include
-#include
+#include "internal/thread_once.h"
+#include "internal/lhash.h"
#include "obj_lcl.h"
+#include "e_os.h"
/*
* We define this wrapper for two reasons. Firstly, later versions of
* DEC C add linkage information to certain functions, which makes it
* tricky to use them as values to regular function pointers.
- * Secondly, in the EDK2 build environment, the strcmp function is
- * actually an external function (AsciiStrCmp) with the Microsoft ABI,
- * so we can't transparently assign function pointers to it.
- * Arguably the latter is a stupidity of the UEFI environment, but
- * since the wrapper solves the DEC C issue too, let's just use the
- * same solution.
+ * Secondly, in the EDK2 build environment, the strcasecmp function is
+ * actually an external function with the Microsoft ABI, so we can't
+ * transparently assign function pointers to it.
*/
#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
-static int obj_strcmp(const char *a, const char *b)
+static int obj_strcasecmp(const char *a, const char *b)
{
-return strcmp(a, b);
+return strcasecmp(a, b);
}
#else
-#define obj_strcmp strcmp
+#define obj_strcasecmp strcasecmp
#endif
/*
@@ -111,8 +110,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const
char *),
ret = 0;
goto out;
}
-name_funcs->hash_func = OPENSSL_LH_strhash;
-name_funcs->cmp_func = obj_strcmp;
+name_funcs->hash_func = openssl_lh_strcasehash;
+name_funcs->cmp_func = obj_strcasecmp;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
@@ -149,7 +148,7 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME
*b)
ret = sk_NAME_FUNCS_value(name_funcs_stack,
a->type)->cmp_func(a->name, b->name);
} else
-ret = strcmp(a->name, b->name);
+ret = strcasecmp(a->name, b->name);
}
return ret;
}
@@ -164,7 +163,7 @@ static unsigned long obj_name_hash(const OBJ_NAME *a)
sk_NAME_FUNCS_value(name_funcs_stack,
a->type)->hash_func(a->name);
} else {
-ret = OPENSSL_LH_strhash(a->name);
+ret = openssl_lh_strcasehash(a->name);
}
ret ^= a->type;
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via b5b39779f3dfe811a64899bd8b33397647dda57a (commit)
from febb025068f6c74f6776cc7faf1a8bcd55138f87 (commit)
- Log -
commit b5b39779f3dfe811a64899bd8b33397647dda57a
Author: Shane Lontis
Date: Tue Sep 4 14:01:37 2018 +1000
hkdf zeroization fix
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7106)
(cherry picked from commit 64ed55ab033f1bfa795d46f0ecc61c313204b418)
---
Summary of changes:
crypto/kdf/hkdf.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index 00b95b5..6d38a2f 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -234,6 +234,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
unsigned char *okm, size_t okm_len)
{
HMAC_CTX *hmac;
+unsigned char *ret = NULL;
unsigned int i;
@@ -283,11 +284,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
done_len += copy_len;
}
-
-HMAC_CTX_free(hmac);
-return okm;
+ret = okm;
err:
+OPENSSL_cleanse(prev, sizeof(prev));
HMAC_CTX_free(hmac);
-return NULL;
+return ret;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 64ed55ab033f1bfa795d46f0ecc61c313204b418 (commit)
from f5cee414fa8e7e9a088d8d5ebe641f368df20801 (commit)
- Log -
commit 64ed55ab033f1bfa795d46f0ecc61c313204b418
Author: Shane Lontis
Date: Tue Sep 4 14:01:37 2018 +1000
hkdf zeroization fix
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7106)
---
Summary of changes:
crypto/kdf/hkdf.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index baaa16f..ec6090a 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -281,6 +281,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
unsigned char *okm, size_t okm_len)
{
HMAC_CTX *hmac;
+unsigned char *ret = NULL;
unsigned int i;
@@ -330,11 +331,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
done_len += copy_len;
}
-
-HMAC_CTX_free(hmac);
-return okm;
+ret = okm;
err:
+OPENSSL_cleanse(prev, sizeof(prev));
HMAC_CTX_free(hmac);
-return NULL;
+return ret;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via febb025068f6c74f6776cc7faf1a8bcd55138f87 (commit)
from b4b651b09e738e8874c59f9fd24ec52d7258e5b4 (commit)
- Log -
commit febb025068f6c74f6776cc7faf1a8bcd55138f87
Author: Shane Lontis
Date: Tue Sep 4 15:00:21 2018 +1000
key zeroisation fix for p12
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7109)
(cherry picked from commit f5cee414fa8e7e9a088d8d5ebe641f368df20801)
---
Summary of changes:
crypto/pkcs12/p12_mutl.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index a9e2202..02e529c 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -75,6 +75,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int
passlen,
unsigned char *out,
const EVP_MD *md_type))
{
+int ret = 0;
const EVP_MD *md_type;
HMAC_CTX *hmac = NULL;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
@@ -116,24 +117,27 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass,
int passlen,
if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-return 0;
+goto err;
}
} else
if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
iter, md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-return 0;
+goto err;
}
if ((hmac = HMAC_CTX_new()) == NULL
|| !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
|| !HMAC_Update(hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length)
|| !HMAC_Final(hmac, mac, maclen)) {
-HMAC_CTX_free(hmac);
-return 0;
+goto err;
}
+ret = 1;
+
+err:
+OPENSSL_cleanse(key, sizeof(key));
HMAC_CTX_free(hmac);
-return 1;
+return ret;
}
int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via f5cee414fa8e7e9a088d8d5ebe641f368df20801 (commit)
from 0239283d99a37e8527199a62100fec867b9996cb (commit)
- Log -
commit f5cee414fa8e7e9a088d8d5ebe641f368df20801
Author: Shane Lontis
Date: Tue Sep 4 15:00:21 2018 +1000
key zeroisation fix for p12
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7109)
---
Summary of changes:
crypto/pkcs12/p12_mutl.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index a9e2202..02e529c 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -75,6 +75,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int
passlen,
unsigned char *out,
const EVP_MD *md_type))
{
+int ret = 0;
const EVP_MD *md_type;
HMAC_CTX *hmac = NULL;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
@@ -116,24 +117,27 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass,
int passlen,
if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-return 0;
+goto err;
}
} else
if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
iter, md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-return 0;
+goto err;
}
if ((hmac = HMAC_CTX_new()) == NULL
|| !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
|| !HMAC_Update(hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length)
|| !HMAC_Final(hmac, mac, maclen)) {
-HMAC_CTX_free(hmac);
-return 0;
+goto err;
}
+ret = 1;
+
+err:
+OPENSSL_cleanse(key, sizeof(key));
HMAC_CTX_free(hmac);
-return 1;
+return ret;
}
int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via b4b651b09e738e8874c59f9fd24ec52d7258e5b4 (commit)
from 1018ba701368bdcdec7190bfcd2fb4076d0c1244 (commit)
- Log -
commit b4b651b09e738e8874c59f9fd24ec52d7258e5b4
Author: Shane Lontis
Date: Tue Sep 4 14:31:11 2018 +1000
key zeroisation for pvkfmt now done on all branch paths
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7107)
(cherry picked from commit 0239283d99a37e8527199a62100fec867b9996cb)
---
Summary of changes:
crypto/pem/pvkfmt.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 63ce925..96a82eb 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -675,11 +675,11 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
const unsigned char *p = *in;
unsigned int magic;
unsigned char *enctmp = NULL, *q;
+unsigned char keybuf[20];
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
char psbuf[PEM_BUFSIZE];
-unsigned char keybuf[20];
int enctmplen, inlen;
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
@@ -719,7 +719,6 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
memset(keybuf + 5, 0, 11);
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
-OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
@@ -729,15 +728,17 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
goto err;
}
-} else
-OPENSSL_cleanse(keybuf, 20);
+}
p = enctmp;
}
ret = b2i_PrivateKey(&p, keylen);
err:
EVP_CIPHER_CTX_free(cctx);
-OPENSSL_free(enctmp);
+if (enctmp != NULL) {
+OPENSSL_cleanse(keybuf, sizeof(keybuf));
+OPENSSL_free(enctmp);
+}
return ret;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 0239283d99a37e8527199a62100fec867b9996cb (commit)
from 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2 (commit)
- Log -
commit 0239283d99a37e8527199a62100fec867b9996cb
Author: Shane Lontis
Date: Tue Sep 4 14:31:11 2018 +1000
key zeroisation for pvkfmt now done on all branch paths
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7107)
---
Summary of changes:
crypto/pem/pvkfmt.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 281c6cd..e39c243 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -676,11 +676,11 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
const unsigned char *p = *in;
unsigned int magic;
unsigned char *enctmp = NULL, *q;
+unsigned char keybuf[20];
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
char psbuf[PEM_BUFSIZE];
-unsigned char keybuf[20];
int enctmplen, inlen;
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
@@ -720,7 +720,6 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
memset(keybuf + 5, 0, 11);
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
-OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
@@ -730,15 +729,17 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
goto err;
}
-} else
-OPENSSL_cleanse(keybuf, 20);
+}
p = enctmp;
}
ret = b2i_PrivateKey(&p, keylen);
err:
EVP_CIPHER_CTX_free(cctx);
-OPENSSL_free(enctmp);
+if (enctmp != NULL) {
+OPENSSL_cleanse(keybuf, sizeof(keybuf));
+OPENSSL_free(enctmp);
+}
return ret;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2 (commit) from 17147181bd3f97c53592e2a5c9319b854b954039 (commit) - Log - commit 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2 Author: Shane Lontis Date: Tue Sep 4 15:12:13 2018 +1000 key zeroization fix for a branch path of tls13_final_finish_mac Reviewed-by: Paul Yang Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7110) --- Summary of changes: ssl/tls13_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 22db2f8..f7ab0fa 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -271,6 +271,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret, hashlen); +OPENSSL_cleanse(finsecret, sizeof(finsecret)); } if (key == NULL _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 6e873259029939657a297e9fe451196df4e3da48 (commit) from 62025a4590baef6fc44ae36c6f90d233a79d36e9 (commit) - Log - commit 6e873259029939657a297e9fe451196df4e3da48 Author: Richard Levitte Date: Mon Sep 3 13:17:03 2018 +0200 openssl req: don't try to report bits With the introduction of -pkeyopt, the number of bits may change without |newkey| being updated. Unfortunately, there is no API to retrieve the information from a EVP_PKEY_CTX either, so chances are that we report incorrect information. For the moment, it's better not to try to report the number of bits at all. Fixes #7086 Reviewed-by: Paul Yang Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7096) (cherry picked from commit 17147181bd3f97c53592e2a5c9319b854b954039) --- Summary of changes: apps/req.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apps/req.c b/apps/req.c index 7fcab18..5422cac 100644 --- a/apps/req.c +++ b/apps/req.c @@ -659,8 +659,7 @@ int MAIN(int argc, char **argv) } } -BIO_printf(bio_err, "Generating a %ld bit %s private key\n", - newkey, keyalgstr); +BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(genctx, bio_err); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 1018ba701368bdcdec7190bfcd2fb4076d0c1244 (commit)
from 019cb1ec5bb74cd1e6ec11b5ce1f1b50b0c9b2e2 (commit)
- Log -
commit 1018ba701368bdcdec7190bfcd2fb4076d0c1244
Author: Richard Levitte
Date: Mon Sep 3 13:17:03 2018 +0200
openssl req: don't try to report bits
With the introduction of -pkeyopt, the number of bits may change
without |newkey| being updated. Unfortunately, there is no API to
retrieve the information from a EVP_PKEY_CTX either, so chances are
that we report incorrect information. For the moment, it's better not
to try to report the number of bits at all.
Fixes #7086
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7096)
(cherry picked from commit 17147181bd3f97c53592e2a5c9319b854b954039)
---
Summary of changes:
apps/req.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index 2a21569..a691f93 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -509,8 +509,7 @@ int req_main(int argc, char **argv)
if (pkey_type == EVP_PKEY_EC) {
BIO_printf(bio_err, "Generating an EC private key\n");
} else {
-BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
- newkey, keyalgstr);
+BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
}
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 17147181bd3f97c53592e2a5c9319b854b954039 (commit)
from 8ec2bde994c272f7b14b4cc4d9232f38b9211cb1 (commit)
- Log -
commit 17147181bd3f97c53592e2a5c9319b854b954039
Author: Richard Levitte
Date: Mon Sep 3 13:17:03 2018 +0200
openssl req: don't try to report bits
With the introduction of -pkeyopt, the number of bits may change
without |newkey| being updated. Unfortunately, there is no API to
retrieve the information from a EVP_PKEY_CTX either, so chances are
that we report incorrect information. For the moment, it's better not
to try to report the number of bits at all.
Fixes #7086
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7096)
---
Summary of changes:
apps/req.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index 08a1468e..6fd28a2 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -622,8 +622,7 @@ int req_main(int argc, char **argv)
if (pkey_type == EVP_PKEY_EC) {
BIO_printf(bio_err, "Generating an EC private key\n");
} else {
-BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
- newkey, keyalgstr);
+BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
}
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 62025a4590baef6fc44ae36c6f90d233a79d36e9 (commit) from 85d5a4e125bf6597e1663658fac51092b8f40a44 (commit) - Log - commit 62025a4590baef6fc44ae36c6f90d233a79d36e9 Author: Richard Levitte Date: Tue Sep 4 12:05:39 2018 +0200 VMS: add missing x509_time test to test scripts Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7112) --- Summary of changes: test/maketests.com | 2 +- test/tests.com | 8 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/test/maketests.com b/test/maketests.com index f4e418b..c0e1730 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -151,7 +151,7 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "ASN1TEST,V3NAMETEST,HEARTBEAT_TEST,"+ - "CONSTANT_TIME_TEST,VERIFY_EXTRA_TEST,"+ - "CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST,"+ - - "BAD_DTLS_TEST,FATALERRTEST" + "BAD_DTLS_TEST,FATALERRTEST,X509_TIME_TEST" $! $! Additional directory information. $ T_D_BNTEST := [-.crypto.bn] diff --git a/test/tests.com b/test/tests.com index 27b01b6..21867bf 100644 --- a/test/tests.com +++ b/test/tests.com @@ -58,7 +58,7 @@ $ tests := - test_ss,test_ca,test_engine,test_evp,test_evp_extra,test_ssl,test_tsa,test_ige,- test_jpake,test_srp,test_cms,test_ocsp,test_v3name,test_heartbeat,- test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,- - test_dtls,test_bad_dtls,test_fatalerr + test_dtls,test_bad_dtls,test_fatalerr,test_x509_time $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -107,6 +107,7 @@ $ BADDTLSTEST := bad_dtls_test $ SSLV2CONFTEST :=sslv2conftest $ DTLSTEST := dtlstest $ FATALERRTEST := fatalerrtest +$ X509TIMETEST := x509_time_test $! $ tests_i = 0 $ loop_tests: @@ -415,6 +416,11 @@ $ write sys$output "''START' test_fatalerrtest" $ mcr 'texe_dir''fatalerrtest' 'ROOT'.APPS]server.pem 'ROOT'.APPS]server.pem $ return $ +$ test_x509_time: +$ write sys$output "''START' test_x509_time" +$ mcr 'texe_dir''x509timetest' +$ return +$ $ test_sslv2conftest: $ write sys$output "''START' test_sslv2conftest" $ mcr 'texe_dir''sslv2conftest' _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 8ec2bde994c272f7b14b4cc4d9232f38b9211cb1 (commit) from b2c4909c208994a94b4b09e1c34316c889985bb0 (commit) - Log - commit 8ec2bde994c272f7b14b4cc4d9232f38b9211cb1 Author: Matt Caswell Date: Mon Sep 3 11:57:33 2018 +0100 Clarify the return value of SSL_client_version() The SSL_client_version() function returns the value held in the legacy_version field of the ClientHello. This is never greater than TLSv1.2, even if TLSv1.3 later gets negotiated. Fixes #7079 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7095) --- Summary of changes: doc/man3/SSL_get_version.pod | 22 +- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod index 9b49242..b0aaba3 100644 --- a/doc/man3/SSL_get_version.pod +++ b/doc/man3/SSL_get_version.pod @@ -19,17 +19,20 @@ protocol information of a connection =head1 DESCRIPTION -SSL_client_version() returns the protocol version used by the client when -initiating the connection. SSL_get_version() returns the name of the protocol -used for the connection. SSL_version() returns the protocol version used for the -connection. They should only be called after the initial handshake has been -completed. Prior to that the results returned from these functions may be -unreliable. +SSL_client_version() returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for TLS, this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() +returns the name of the protocol used for the connection. SSL_version() returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable. SSL_is_dtls() returns one if the connection is using DTLS, zero if not. =head1 RETURN VALUES + SSL_get_version() returns one of the following strings: =over 4 @@ -60,8 +63,8 @@ This indicates an unknown protocol version. =back -SSL_version() and SSL_client_version() return an integer which could include any of -the following: +SSL_version() and SSL_client_version() return an integer which could include any +of the following: =over 4 @@ -83,7 +86,8 @@ The connection uses the TLSv1.2 protocol. =item TLS1_3_VERSION -The connection uses the TLSv1.3 protocol. +The connection uses the TLSv1.3 protocol (never returned for +SSL_client_version()). =back _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via b2c4909c208994a94b4b09e1c34316c889985bb0 (commit)
via b8fef8ee929a8775262cb4371f62c35f7058dbed (commit)
from 8614a4eb4ae8e38c3f5064113eb571aa8ca6b272 (commit)
- Log -
commit b2c4909c208994a94b4b09e1c34316c889985bb0
Author: Matt Caswell
Date: Mon Sep 3 16:29:35 2018 +0100
Add a test for RSA key exchange with both RSA and RSA-PSS certs
Check that we use an RSA certificate if an RSA key exchange ciphersuite
is being used and we have both RSA and RSA-PSS certificates configured.
Reviewed-by: Paul Dale
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7099)
commit b8fef8ee929a8775262cb4371f62c35f7058dbed
Author: Matt Caswell
Date: Mon Sep 3 16:12:34 2018 +0100
Don't use an RSA-PSS cert for RSA key exchange
If we have selected a ciphersuite using RSA key exchange then we must
not attempt to use an RSA-PSS cert for that.
Fixes #7059
Reviewed-by: Paul Dale
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/7099)
---
Summary of changes:
ssl/t1_lib.c | 10 +-
test/ssl-tests/20-cert-select.conf| 505 +++---
test/ssl-tests/20-cert-select.conf.in | 30 ++
3 files changed, 316 insertions(+), 229 deletions(-)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ca05a3a..1564979 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2473,7 +2473,10 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const
SIGALG_LOOKUP *lu)
const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx);
/* If not recognised or not supported by cipher mask it is not suitable */
-if (clu == NULL || !(clu->amask & s->s3->tmp.new_cipher->algorithm_auth))
+if (clu == NULL
+|| (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0
+|| (clu->nid == EVP_PKEY_RSA_PSS
+&& (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0))
return -1;
return s->s3->tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1;
@@ -2643,8 +2646,9 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
if (i == s->cert->shared_sigalgslen) {
if (!fatalerrs)
return 1;
-SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG,
- ERR_R_INTERNAL_ERROR);
+SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_CHOOSE_SIGALG,
+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
return 0;
}
} else {
diff --git a/test/ssl-tests/20-cert-select.conf
b/test/ssl-tests/20-cert-select.conf
index 0a92bf8..1bf81c1 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 47
+num_tests = 49
test-0 = 0-ECDSA CipherString Selection
test-1 = 1-ECDSA CipherString Selection
@@ -24,31 +24,33 @@ test-18 = 18-RSA-PSS Certificate Legacy Signature Algorithm
Selection
test-19 = 19-RSA-PSS Certificate Unified Signature Algorithm Selection
test-20 = 20-Only RSA-PSS Certificate
test-21 = 21-RSA-PSS Certificate, no PSS signature algorithms
-test-22 = 22-Suite B P-256 Hash Algorithm Selection
-test-23 = 23-Suite B P-384 Hash Algorithm Selection
-test-24 = 24-TLS 1.2 Ed25519 Client Auth
-test-25 = 25-TLS 1.2 Ed448 Client Auth
-test-26 = 26-Only RSA-PSS Certificate, TLS v1.1
-test-27 = 27-TLS 1.3 ECDSA Signature Algorithm Selection
-test-28 = 28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
-test-29 = 29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
-test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
-test-31 = 31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
-test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
-test-33 = 33-TLS 1.3 RSA Signature Algorithm Selection, no PSS
-test-34 = 34-TLS 1.3 RSA-PSS Signature Algorithm Selection
-test-35 = 35-TLS 1.3 Ed25519 Signature Algorithm Selection
-test-36 = 36-TLS 1.3 Ed448 Signature Algorithm Selection
-test-37 = 37-TLS 1.3 Ed25519 CipherString and Groups Selection
-test-38 = 38-TLS 1.3 Ed448 CipherString and Groups Selection
-test-39 = 39-TLS 1.3 RSA Client Auth Signature Algorithm Selection
-test-40 = 40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty
CA Names
-test-41 = 41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
-test-42 = 42-TLS 1.3 Ed25519 Client Auth
-test-43 = 43-TLS 1.3 Ed448 Client Auth
-test-44 = 44-TLS 1.2 DSA Certificate Test
-test-45 = 45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
-test-46 = 46-TLS 1.3 DSA Certificate Test
+test-22 = 22-RSA key excha
[openssl-commits] [openssl] master update
The branch master has been updated
via 8614a4eb4ae8e38c3f5064113eb571aa8ca6b272 (commit)
via 51256b34d82d008cca7be0d1903c357bfa99f753 (commit)
from f097e8759820f6f9b78adb99eb4bfced2945d623 (commit)
- Log -
commit 8614a4eb4ae8e38c3f5064113eb571aa8ca6b272
Author: Matt Caswell
Date: Mon Aug 27 01:39:00 2018 +0100
Test creation of tickets when using a TLSv1.3 PSK
Add a test to check that we create the correct number of tickets after a
TLSv1.3 PSK.
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/7097)
commit 51256b34d82d008cca7be0d1903c357bfa99f753
Author: Matt Caswell
Date: Fri Aug 24 16:16:28 2018 +0100
Send a NewSessionTicket after using an external PSK
Treat a connection using an external PSK like we would a resumption and
send a single NewSessionTicket afterwards.
Fixes #6941
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/7097)
---
Summary of changes:
ssl/statem/extensions_srvr.c | 2 +
test/sslapitest.c| 131 ++-
2 files changed, 106 insertions(+), 27 deletions(-)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 295d3e7..0f2b223 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1160,6 +1160,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int
context, X509 *x,
ext = 1;
if (id == 0)
s->ext.early_data_ok = 1;
+s->ext.ticket_expected = 1;
} else {
uint32_t ticket_age = 0, now, agesec, agems;
int ret;
@@ -1235,6 +1236,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int
context, X509 *x,
SSL_SESSION_free(sess);
sess = NULL;
s->ext.early_data_ok = 0;
+s->ext.ticket_expected = 0;
continue;
}
break;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d21b39d..f9ba60a 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -24,6 +24,24 @@
#include "internal/nelem.h"
#include "../ssl/ssl_locl.h"
+#ifndef OPENSSL_NO_TLS1_3
+
+static SSL_SESSION *clientpsk = NULL;
+static SSL_SESSION *serverpsk = NULL;
+static const char *pskid = "Identity";
+static const char *srvid;
+
+static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
+ size_t *idlen, SSL_SESSION **sess);
+static int find_session_cb(SSL *ssl, const unsigned char *identity,
+ size_t identity_len, SSL_SESSION **sess);
+
+static int use_session_cb_cnt = 0;
+static int find_session_cb_cnt = 0;
+
+static SSL_SESSION *create_a_psk(SSL *ssl);
+#endif
+
static char *cert = NULL;
static char *privkey = NULL;
static char *srpvfile = NULL;
@@ -1430,6 +1448,61 @@ static int test_stateful_tickets(int idx)
{
return test_tickets(1, idx);
}
+
+static int test_psk_tickets(void)
+{
+SSL_CTX *sctx = NULL, *cctx = NULL;
+SSL *serverssl = NULL, *clientssl = NULL;
+int testresult = 0;
+int sess_id_ctx = 1;
+
+if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
+ TLS1_VERSION, TLS_MAX_VERSION, &sctx,
+ &cctx, NULL, NULL))
+|| !TEST_true(SSL_CTX_set_session_id_context(sctx,
+ (void *)&sess_id_ctx,
+ sizeof(sess_id_ctx
+goto end;
+
+SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT
+ | SSL_SESS_CACHE_NO_INTERNAL_STORE);
+SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
+SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
+SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
+use_session_cb_cnt = 0;
+find_session_cb_cnt = 0;
+srvid = pskid;
+new_called = 0;
+
+if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+goto end;
+clientpsk = serverpsk = create_a_psk(clientssl);
+if (!TEST_ptr(clientpsk))
+goto end;
+SSL_SESSION_up_ref(clientpsk);
+
+if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+SSL_ERROR_NONE))
+|| !TEST_int_eq(1, find_session_cb_cnt)
+|| !TEST_int_eq(1, use_session_cb_cnt)
+ /* We should always get 1 ticket when using external PSK */
+|| !TEST_int_eq(1, new_called))
+goto end;
+
+testresult = 1;
+
+ end:
+SSL_free(serverssl);
+SSL_free(clientssl);
+SSL_CTX_free(sctx);
+SSL_CTX_free(cc
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 85d5a4e125bf6597e1663658fac51092b8f40a44 (commit) from 3c55cb200a416fa796f117410c189c577b57a36f (commit) - Log - commit 85d5a4e125bf6597e1663658fac51092b8f40a44 Author: Matt Caswell Date: Thu Aug 23 11:37:22 2018 +0100 Clarify the EVP_DigestSignInit docs They did not make it clear how the memory management works for the |pctx| parameter. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7043) --- Summary of changes: doc/crypto/EVP_DigestSignInit.pod | 7 +-- doc/crypto/EVP_DigestVerifyInit.pod | 7 +-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod index 83e6589..7a3e84d 100644 --- a/doc/crypto/EVP_DigestSignInit.pod +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from ENGINE B and private key B. B must be initialized with -EVP_MD_CTX_init() before calling this function. If B is not NULL the +EVP_MD_CTX_init() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. +be used to set alternative signing options. Note that any existing value in +B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application (it will be freed automatically when the EVP_MD_CTX +is freed). The digest B may be NULL if the signing algorithm supports it. EVP_DigestSignUpdate() hashes B bytes of data at B into the signature context B. This function can be called several times on the diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index 347c511..2e2c0fd 100644 --- a/doc/crypto/EVP_DigestVerifyInit.pod +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be initialized -with EVP_MD_CTX_init() before calling this function. If B is not NULL the +with EVP_MD_CTX_init() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be +freed directly by the application (it will be freed automatically when the +EVP_MD_CTX is freed). EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f097e8759820f6f9b78adb99eb4bfced2945d623 (commit) from f273ff953abfafbb5fc4d68904469f862fbeae8a (commit) - Log - commit f097e8759820f6f9b78adb99eb4bfced2945d623 Author: Matt Caswell Date: Thu Aug 23 11:37:22 2018 +0100 Clarify the EVP_DigestSignInit docs They did not make it clear how the memory management works for the |pctx| parameter. Fixes #7037 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7042) --- Summary of changes: doc/man3/EVP_DigestSignInit.pod | 8 +--- doc/man3/EVP_DigestVerifyInit.pod | 7 +-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 1919801..fe2be7b 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -24,10 +24,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from ENGINE B and private key B. B must be created with -EVP_MD_CTX_new() before calling this function. If B is not NULL the +EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. The digest B may be NULL if -the signing algorithm supports it. +be used to set alternative signing options. Note that any existing value in +B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application (it will be freed automatically when the EVP_MD_CTX +is freed). The digest B may be NULL if the signing algorithm supports it. Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index e24a925..0d25deb 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -23,9 +23,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be created -with EVP_MD_CTX_new() before calling this function. If B is not NULL the +with EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be +freed directly by the application (it will be freed automatically when the +EVP_MD_CTX is freed). EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 019cb1ec5bb74cd1e6ec11b5ce1f1b50b0c9b2e2 (commit) from e25fc6b5b2b99ed02f8966192c94c820b6f69add (commit) - Log - commit 019cb1ec5bb74cd1e6ec11b5ce1f1b50b0c9b2e2 Author: Matt Caswell Date: Thu Aug 23 11:37:22 2018 +0100 Clarify the EVP_DigestSignInit docs They did not make it clear how the memory management works for the |pctx| parameter. Fixes #7037 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7042) (cherry picked from commit f097e8759820f6f9b78adb99eb4bfced2945d623) --- Summary of changes: doc/crypto/EVP_DigestSignInit.pod | 8 +--- doc/crypto/EVP_DigestVerifyInit.pod | 7 +-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod index 5fadc82..bec8e9d 100644 --- a/doc/crypto/EVP_DigestSignInit.pod +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -19,10 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from ENGINE B and private key B. B must be created with -EVP_MD_CTX_new() before calling this function. If B is not NULL the +EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. The digest B may be NULL if -the signing algorithm supports it. +be used to set alternative signing options. Note that any existing value in +B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application (it will be freed automatically when the EVP_MD_CTX +is freed). The digest B may be NULL if the signing algorithm supports it. Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index ce59422..6c3d070 100644 --- a/doc/crypto/EVP_DigestVerifyInit.pod +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be created -with EVP_MD_CTX_new() before calling this function. If B is not NULL the +with EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be +freed directly by the application (it will be freed automatically when the +EVP_MD_CTX is freed). EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via f273ff953abfafbb5fc4d68904469f862fbeae8a (commit)
from 785e614a95a134831f213749332bcf40c4920f69 (commit)
- Log -
commit f273ff953abfafbb5fc4d68904469f862fbeae8a
Author: Matt Caswell
Date: Mon Aug 13 20:18:32 2018 +0100
Ignore EPIPE when sending NewSessionTickets in TLSv1.3
If a client sends data to a server and then immediately closes without
waiting to read the NewSessionTickets then the server can receive EPIPE
when trying to write the tickets and never gets the opportunity to read
the data that was sent. Therefore we ignore EPIPE when writing out the
tickets in TLSv1.3
Fixes #6904
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/6944)
---
Summary of changes:
ssl/statem/statem_srvr.c | 33 -
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index db5aafe..346b1e3 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -764,6 +764,22 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE
wst)
return WORK_FINISHED_CONTINUE;
}
+static ossl_inline int conn_is_closed(void)
+{
+switch (get_last_sys_error()) {
+#if defined(EPIPE)
+case EPIPE:
+return 1;
+#endif
+#if defined(ECONNRESET)
+case ECONNRESET:
+return 1;
+#endif
+default:
+return 0;
+}
+}
+
/*
* Perform any work that needs to be done after sending a message from the
* server to the client.
@@ -939,8 +955,23 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE
wst)
break;
case TLS_ST_SW_SESSION_TICKET:
-if (SSL_IS_TLS13(s) && statem_flush(s) != 1)
+clear_sys_error();
+if (SSL_IS_TLS13(s) && statem_flush(s) != 1) {
+if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL
+&& conn_is_closed()) {
+/*
+ * We ignore connection closed errors in TLSv1.3 when sending a
+ * NewSessionTicket and behave as if we were successful. This
is
+ * so that we are still able to read data sent to us by a
client
+ * that closes soon after the end of the handshake without
+ * waiting to read our post-handshake NewSessionTickets.
+ */
+s->rwstate = SSL_NOTHING;
+break;
+}
+
return WORK_MORE_A;
+}
break;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 3c55cb200a416fa796f117410c189c577b57a36f (commit) from e121d5c7e7d1178d53fea3ffbfa37e2d3b2edc08 (commit) - Log - commit 3c55cb200a416fa796f117410c189c577b57a36f Author: Jakub Wilk Date: Mon Sep 3 11:09:51 2018 +0200 Fix example in crl(1) man page The default input format is PEM, so explicit "-inform DER" is needed to read DER-encoded CRL. CLA: trivial Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7094) (cherry picked from commit 785e614a95a134831f213749332bcf40c4920f69) (cherry picked from commit e25fc6b5b2b99ed02f8966192c94c820b6f69add) --- Summary of changes: doc/apps/crl.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod index cdced1c..92efbf4 100644 --- a/doc/apps/crl.pod +++ b/doc/apps/crl.pod @@ -115,7 +115,7 @@ Convert a CRL file from PEM to DER: Output the text form of a DER encoded certificate: - openssl crl -in crl.der -text -noout + openssl crl -in crl.der -inform DER -text -noout =head1 BUGS _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via e25fc6b5b2b99ed02f8966192c94c820b6f69add (commit) from fab16cd1476e047a2052ca418527b055faa988bd (commit) - Log - commit e25fc6b5b2b99ed02f8966192c94c820b6f69add Author: Jakub Wilk Date: Mon Sep 3 11:09:51 2018 +0200 Fix example in crl(1) man page The default input format is PEM, so explicit "-inform DER" is needed to read DER-encoded CRL. CLA: trivial Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7094) (cherry picked from commit 785e614a95a134831f213749332bcf40c4920f69) --- Summary of changes: doc/apps/crl.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod index fded397..8207ee9 100644 --- a/doc/apps/crl.pod +++ b/doc/apps/crl.pod @@ -120,7 +120,7 @@ Convert a CRL file from PEM to DER: Output the text form of a DER encoded certificate: - openssl crl -in crl.der -text -noout + openssl crl -in crl.der -inform DER -text -noout =head1 BUGS _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 785e614a95a134831f213749332bcf40c4920f69 (commit) from 96e05986f47bd7cd3991b7755c74ca708c8a3bc7 (commit) - Log - commit 785e614a95a134831f213749332bcf40c4920f69 Author: Jakub Wilk Date: Mon Sep 3 11:09:51 2018 +0200 Fix example in crl(1) man page The default input format is PEM, so explicit "-inform DER" is needed to read DER-encoded CRL. CLA: trivial Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7094) --- Summary of changes: doc/man1/crl.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/crl.pod b/doc/man1/crl.pod index 9a00967..29f4600 100644 --- a/doc/man1/crl.pod +++ b/doc/man1/crl.pod @@ -120,7 +120,7 @@ Convert a CRL file from PEM to DER: Output the text form of a DER encoded certificate: - openssl crl -in crl.der -text -noout + openssl crl -in crl.der -inform DER -text -noout =head1 BUGS _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via e121d5c7e7d1178d53fea3ffbfa37e2d3b2edc08 (commit) from 78ca7b7b319c7027310c56eaa05b8c295624a357 (commit) - Log - commit e121d5c7e7d1178d53fea3ffbfa37e2d3b2edc08 Author: Matt Caswell Date: Thu Aug 9 16:25:29 2018 +0100 The req documentation incorrectly states that we default to md5 Just remove that statement. It's not been true since 2005. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/6906) --- Summary of changes: doc/apps/req.pod | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 20b2f39..01c1c2e 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -393,8 +393,7 @@ option. For compatibility B is an equivalent option. =item B This option specifies the digest algorithm to use. Possible values -include B. If not present then MD5 is used. This -option can be overridden on the command line. +include B. This option can be overridden on the command line. =item B _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via fab16cd1476e047a2052ca418527b055faa988bd (commit) from b50c9f3be062f3af1f6261c87ddb0fbbcb682d09 (commit) - Log - commit fab16cd1476e047a2052ca418527b055faa988bd Author: Matt Caswell Date: Thu Aug 9 16:25:29 2018 +0100 The req documentation incorrectly states that we default to md5 Just remove that statement. It's not been true since 2005. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/6905) --- Summary of changes: doc/apps/req.pod | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/apps/req.pod b/doc/apps/req.pod index c5b5260..0a28aea 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -369,7 +369,6 @@ option. For compatibility B is an equivalent option. This option specifies the digest algorithm to use. Any digest supported by the OpenSSL B command can be used. -If not present then MD5 is used. This option can be overridden on the command line. =item B _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
