[openssl] master update
The branch master has been updated
via 982efd7765f42ba0329e5db6e3434b072d90842c (commit)
from 19f909856d5cd955493978f1bfaf79c107c20201 (commit)
- Log -
commit 982efd7765f42ba0329e5db6e3434b072d90842c
Author: Richard Levitte
Date: Mon Dec 2 12:00:58 2019 +0100
EVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY
The case when EVP_PKEY_CTX_new() is called with a provided EVP_PKEY
(no legacy data) wasn't handled properly.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/10618)
---
Summary of changes:
crypto/evp/pmeth_lib.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 7563c800f7..b1bbb9c57e 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -127,11 +127,28 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
if (pkey == NULL && e == NULL && id == -1)
goto common;
+/*
+ * If the key doesn't contain anything legacy, then it must be provided,
+ * so we extract the necessary information and use that.
+ */
+if (pkey != NULL && pkey->pkey.ptr == NULL) {
+/* If we have an engine, something went wrong somewhere... */
+if (!ossl_assert(e == NULL))
+return NULL;
+name = evp_first_name(pkey->pkeys[0].keymgmt->prov,
+ pkey->pkeys[0].keymgmt->name_id);
+/*
+ * TODO: I wonder if the EVP_PKEY should have the name and propquery
+ * that were used when building it /RL
+ */
+goto common;
+}
+
/* TODO(3.0) Legacy code should be removed when all is provider based */
/* BEGIN legacy */
if (id == -1) {
if (pkey == NULL)
-return 0;
+return NULL;
id = pkey->type;
}
Build completed: openssl master.30137
Build openssl master.30137 completed Commit 9d2706c6bb by Kelvin Lee on 12/17/2019 5:26 AM: Merge remote-tracking branch 'cmpossl/fix_cmp_msg_test' into fix-cmp-test-typo Configure your notification preferences
Build failed: openssl master.30136
Build openssl master.30136 failed Commit df0cf67b49 by Kelvin Lee on 12/16/2019 10:52 PM: Compile the right cmp test sources. Configure your notification preferences
Build failed: openssl master.30135
Build openssl master.30135 failed Commit baef6cbbb9 by Rich Salz on 12/16/2019 7:52 PM: Do some cleanup on LHASH Configure your notification preferences
Build completed: openssl master.30133
Build openssl master.30133 completed Commit 770602b9fc by Matt Caswell on 12/5/2019 5:09 PM: Deprecate the low level AES functions Configure your notification preferences
Build failed: openssl master.30132
Build openssl master.30132 failed Commit 19f909856d by Matt Caswell on 12/16/2019 2:55 PM: Update the HISTORY entry for RSA_get0_pss_params() Configure your notification preferences
Errored: openssl/openssl#30704 (master - 19f9098)
Build Update for openssl/openssl - Build: #30704 Status: Errored Duration: 55 mins and 16 secs Commit: 19f9098 (master) Author: Matt Caswell Message: Update the HISTORY entry for RSA_get0_pss_params() Make a note of when this function was first introduced Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10568) (cherry picked from commit e2af84bd45c017c0c6a0fa06ee5d7fcf11d7366d) View the changeset: https://github.com/openssl/openssl/compare/e295de1d8433...19f909856d5c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/625718423?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build failed: openssl OpenSSL_1_1_1-stable.30131
Build openssl OpenSSL_1_1_1-stable.30131 failed Commit e2af84bd45 by Matt Caswell on 12/16/2019 2:50 PM: Update the HISTORY entry for RSA_get0_pss_params() Configure your notification preferences
Still Failing: openssl/openssl#30703 (OpenSSL_1_1_1-stable - e2af84b)
Build Update for openssl/openssl - Build: #30703 Status: Still Failing Duration: 32 mins and 12 secs Commit: e2af84b (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Update the HISTORY entry for RSA_get0_pss_params() Make a note of when this function was first introduced Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10568) View the changeset: https://github.com/openssl/openssl/compare/517f24130e83...e2af84bd45c0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/625718213?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#30702 (OpenSSL_1_1_1-stable - 517f241)
Build Update for openssl/openssl - Build: #30702 Status: Errored Duration: 33 mins and 0 secs Commit: 517f241 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Test that EVP_PKEY_set1_DH() correctly identifies the DH type Provide a test to check tat when we assign a DH object we know whether we are dealing with PKCS#3 or X9.42 DH keys. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10593) (cherry picked from commit e295de1d8433ed07092845cb6c56aa424ff35c6d) View the changeset: https://github.com/openssl/openssl/compare/39d912389184...517f24130e83 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/625710690?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#30701 (master - e295de1)
Build Update for openssl/openssl - Build: #30701 Status: Errored Duration: 53 mins and 43 secs Commit: e295de1 (master) Author: Matt Caswell Message: Test that EVP_PKEY_set1_DH() correctly identifies the DH type Provide a test to check tat when we assign a DH object we know whether we are dealing with PKCS#3 or X9.42 DH keys. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10593) View the changeset: https://github.com/openssl/openssl/compare/1aeec3dbc2d6...e295de1d8433 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/625707329?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#30700 (OpenSSL_1_1_1-stable - 39d9123)
Build Update for openssl/openssl - Build: #30700 Status: Still Failing Duration: 42 mins and 39 secs Commit: 39d9123 (OpenSSL_1_1_1-stable) Author: kinichiro Message: Return 1 when openssl req -addext kv is duplicated CLA: trivial Fixes #10273 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/10578) (cherry picked from commit 1aeec3dbc2d62f902698b1eba9ed31cbd436f9dc) View the changeset: https://github.com/openssl/openssl/compare/f9fdb9d2f5a0...39d912389184 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/625697096?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#30699 (master - 1aeec3d)
Build Update for openssl/openssl - Build: #30699 Status: Errored Duration: 50 mins and 1 sec Commit: 1aeec3d (master) Author: kinichiro Message: Return 1 when openssl req -addext kv is duplicated CLA: trivial Fixes #10273 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/10578) View the changeset: https://github.com/openssl/openssl/compare/146113827135...1aeec3dbc2d6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/625696120?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 19f909856d5cd955493978f1bfaf79c107c20201 (commit) from e295de1d8433ed07092845cb6c56aa424ff35c6d (commit) - Log - commit 19f909856d5cd955493978f1bfaf79c107c20201 Author: Matt Caswell Date: Wed Dec 4 10:21:52 2019 + Update the HISTORY entry for RSA_get0_pss_params() Make a note of when this function was first introduced Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10568) (cherry picked from commit e2af84bd45c017c0c6a0fa06ee5d7fcf11d7366d) --- Summary of changes: doc/man3/RSA_get0_key.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod index a947c39643..29101fb8a1 100644 --- a/doc/man3/RSA_get0_key.pod +++ b/doc/man3/RSA_get0_key.pod @@ -163,6 +163,8 @@ L, L =head1 HISTORY +The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e. + The RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(),
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via e2af84bd45c017c0c6a0fa06ee5d7fcf11d7366d (commit)
via c1ebe0509a1b4af4cc1f3a7a14ca463d32af918c (commit)
from 517f24130e83b9b3c2262758f34a7c09a7f63089 (commit)
- Log -
commit e2af84bd45c017c0c6a0fa06ee5d7fcf11d7366d
Author: Matt Caswell
Date: Wed Dec 4 10:21:52 2019 +
Update the HISTORY entry for RSA_get0_pss_params()
Make a note of when this function was first introduced
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/10568)
commit c1ebe0509a1b4af4cc1f3a7a14ca463d32af918c
Author: Matt Caswell
Date: Wed Dec 4 10:21:06 2019 +
Backport the RSA_get0_pss_params() function from master
This is a missing accessor in order to obtain PSS parameters from an
RSA key, which should also be available in 1.1.1.
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/10568)
---
Summary of changes:
crypto/rsa/rsa_lib.c | 5 +
doc/man3/RSA_get0_key.pod | 7 ++-
include/openssl/ossl_typ.h | 1 +
include/openssl/rsa.h | 5 +++--
util/libcrypto.num | 1 +
5 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index cfee919352..63fd1a6db4 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -451,6 +451,11 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r)
return r->iqmp;
}
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)
+{
+return r->pss;
+}
+
void RSA_clear_flags(RSA *r, int flags)
{
r->flags &= ~flags;
diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod
index 358c2de256..adcd57c490 100644
--- a/doc/man3/RSA_get0_key.pod
+++ b/doc/man3/RSA_get0_key.pod
@@ -5,7 +5,7 @@
RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key,
RSA_get0_factors, RSA_get0_crt_params,
RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q,
-RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp,
+RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params,
RSA_clear_flags,
RSA_test_flags, RSA_set_flags, RSA_get0_engine,
RSA_get_multi_prime_extra_count,
RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params,
@@ -33,6 +33,7 @@ RSA_set0_multi_prime_params, RSA_get_version
const BIGNUM *RSA_get0_dmp1(const RSA *r);
const BIGNUM *RSA_get0_dmq1(const RSA *r);
const BIGNUM *RSA_get0_iqmp(const RSA *r);
+ const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
void RSA_clear_flags(RSA *r, int flags);
int RSA_test_flags(const RSA *r, int flags);
void RSA_set_flags(RSA *r, int flags);
@@ -98,6 +99,8 @@ retrieved separately by the corresponding function
RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(),
RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively.
+RSA_get0_pss_params() is used to retrieve the RSA-PSS parameters.
+
RSA_set_flags() sets the flags in the B parameter on the RSA
object. Multiple flags can be passed in one go (bitwise ORed together).
Any flags that are already set are left set. RSA_test_flags() tests to
@@ -157,6 +160,8 @@ L, L
=head1 HISTORY
+The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e.
+
The
RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(),
RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(),
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index 7993ca28f3..e0edfaaf47 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -109,6 +109,7 @@ typedef struct dsa_method DSA_METHOD;
typedef struct rsa_st RSA;
typedef struct rsa_meth_st RSA_METHOD;
+typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
typedef struct ec_key_st EC_KEY;
typedef struct ec_key_method_st EC_KEY_METHOD;
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index cdce1264eb..5e76365c0d 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -224,6 +224,7 @@ const BIGNUM *RSA_get0_q(const RSA *d);
const BIGNUM *RSA_get0_dmp1(const RSA *r);
const BIGNUM *RSA_get0_dmq1(const RSA *r);
const BIGNUM *RSA_get0_iqmp(const RSA *r);
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
void RSA_clear_flags(RSA *r, int flags);
int RSA_test_flags(const RSA *r, int flags);
void RSA_set_flags(RSA *r, int flags);
@@ -279,14 +280,14 @@ int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int
cmd, int p1, void *p2);
DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-typedef struct rsa_pss_params_st {
+struct rsa_pss_params_st {
X509_ALGOR *hashAlgorithm;
X509_ALGOR *maskGenAlgorithm;
ASN1_INTEGER *saltLength;
ASN1_INTEGER *trailerField;
/* Decoded hash algorithm from
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 517f24130e83b9b3c2262758f34a7c09a7f63089 (commit)
via e6d06e11e9cea84e41b0b68f63dacb4d4db356cc (commit)
from 39d9123891845f203465dfda181f5c24b45756d1 (commit)
- Log -
commit 517f24130e83b9b3c2262758f34a7c09a7f63089
Author: Matt Caswell
Date: Mon Dec 9 12:03:02 2019 +
Test that EVP_PKEY_set1_DH() correctly identifies the DH type
Provide a test to check tat when we assign a DH object we know whether
we are dealing with PKCS#3 or X9.42 DH keys.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/10593)
(cherry picked from commit e295de1d8433ed07092845cb6c56aa424ff35c6d)
commit e6d06e11e9cea84e41b0b68f63dacb4d4db356cc
Author: Matt Caswell
Date: Mon Dec 9 11:51:48 2019 +
Ensure EVP_PKEY_set1_DH detects X9.42 keys
OpenSSL supports both PKCS#3 and X9.42 DH keys. By default we use PKCS#3
keys. The function `EVP_PKEY_set1_DH` was assuming that the supplied DH
key was a PKCS#3 key. It should detect what type of key it is and assign
the correct type as appropriate.
Fixes #10592
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/10593)
(cherry picked from commit 32c869ffaba67822602ea9fec611272ff8e8db58)
---
Summary of changes:
crypto/evp/p_lib.c| 4 +++-
test/evp_extra_test.c | 38 ++
2 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 451bc95eae..9f1a485a5b 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -540,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
{
-int ret = EVP_PKEY_assign_DH(pkey, key);
+int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+int ret = EVP_PKEY_assign(pkey, type, key);
+
if (ret)
DH_up_ref(key);
return ret;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index b9caa30d2e..2ca78a921f 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -18,6 +18,7 @@
#include
#include
#include
+#include
#include "testutil.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
@@ -1135,6 +1136,41 @@ static int test_decrypt_null_chunks(void)
}
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
+static int test_EVP_PKEY_set1_DH(void)
+{
+DH *x942dh, *pkcs3dh;
+EVP_PKEY *pkey1, *pkey2;
+int ret = 0;
+
+x942dh = DH_get_2048_256();
+pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
+pkey1 = EVP_PKEY_new();
+pkey2 = EVP_PKEY_new();
+if (!TEST_ptr(x942dh)
+|| !TEST_ptr(pkcs3dh)
+|| !TEST_ptr(pkey1)
+|| !TEST_ptr(pkey2))
+goto err;
+
+if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
+|| !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
+goto err;
+
+
+if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
+|| !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
+goto err;
+
+ret = 1;
+ err:
+EVP_PKEY_free(pkey1);
+EVP_PKEY_free(pkey2);
+DH_free(x942dh);
+DH_free(pkcs3dh);
+
+return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
@@ -1167,5 +1203,7 @@ int setup_tests(void)
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ADD_TEST(test_decrypt_null_chunks);
#endif
+ADD_TEST(test_EVP_PKEY_set1_DH);
+
return 1;
}
[openssl] master update
The branch master has been updated
via e295de1d8433ed07092845cb6c56aa424ff35c6d (commit)
via 32c869ffaba67822602ea9fec611272ff8e8db58 (commit)
from 1aeec3dbc2d62f902698b1eba9ed31cbd436f9dc (commit)
- Log -
commit e295de1d8433ed07092845cb6c56aa424ff35c6d
Author: Matt Caswell
Date: Mon Dec 9 12:03:02 2019 +
Test that EVP_PKEY_set1_DH() correctly identifies the DH type
Provide a test to check tat when we assign a DH object we know whether
we are dealing with PKCS#3 or X9.42 DH keys.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/10593)
commit 32c869ffaba67822602ea9fec611272ff8e8db58
Author: Matt Caswell
Date: Mon Dec 9 11:51:48 2019 +
Ensure EVP_PKEY_set1_DH detects X9.42 keys
OpenSSL supports both PKCS#3 and X9.42 DH keys. By default we use PKCS#3
keys. The function `EVP_PKEY_set1_DH` was assuming that the supplied DH
key was a PKCS#3 key. It should detect what type of key it is and assign
the correct type as appropriate.
Fixes #10592
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/10593)
---
Summary of changes:
crypto/evp/p_lib.c| 4 +++-
test/evp_extra_test.c | 38 ++
2 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 8e6682fff4..99d6063e3e 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -569,7 +569,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
{
-int ret = EVP_PKEY_assign_DH(pkey, key);
+int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+int ret = EVP_PKEY_assign(pkey, type, key);
+
if (ret)
DH_up_ref(key);
return ret;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index ce487049f3..93680796ea 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -22,6 +22,7 @@
#include
#include
#include
+#include
#include "testutil.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
@@ -1412,6 +1413,41 @@ static int test_decrypt_null_chunks(void)
}
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
+static int test_EVP_PKEY_set1_DH(void)
+{
+DH *x942dh, *pkcs3dh;
+EVP_PKEY *pkey1, *pkey2;
+int ret = 0;
+
+x942dh = DH_get_2048_256();
+pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
+pkey1 = EVP_PKEY_new();
+pkey2 = EVP_PKEY_new();
+if (!TEST_ptr(x942dh)
+|| !TEST_ptr(pkcs3dh)
+|| !TEST_ptr(pkey1)
+|| !TEST_ptr(pkey2))
+goto err;
+
+if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
+|| !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
+goto err;
+
+
+if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
+|| !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
+goto err;
+
+ret = 1;
+ err:
+EVP_PKEY_free(pkey1);
+EVP_PKEY_free(pkey2);
+DH_free(x942dh);
+DH_free(pkcs3dh);
+
+return ret;
+}
+
int setup_tests(void)
{
ADD_ALL_TESTS(test_EVP_DigestSignInit, 4);
@@ -1447,5 +1483,7 @@ int setup_tests(void)
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ADD_TEST(test_decrypt_null_chunks);
#endif
+ADD_TEST(test_EVP_PKEY_set1_DH);
+
return 1;
}
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 39d9123891845f203465dfda181f5c24b45756d1 (commit)
from f9fdb9d2f5a0358a3fd34b060fe23cb0eceb2e2c (commit)
- Log -
commit 39d9123891845f203465dfda181f5c24b45756d1
Author: kinichiro
Date: Thu Dec 5 20:00:50 2019 +0900
Return 1 when openssl req -addext kv is duplicated
CLA: trivial
Fixes #10273
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/10578)
(cherry picked from commit 1aeec3dbc2d62f902698b1eba9ed31cbd436f9dc)
---
Summary of changes:
apps/req.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index d717c493e5..a603907cd5 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -200,9 +200,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts,
char *kv)
*p = '\0';
/* Finally have a clean "key"; see if it's there [by attempt to add it]. */
-if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))
-!= NULL || lh_OPENSSL_STRING_error(addexts)) {
-OPENSSL_free(p != NULL ? p : kv);
+p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv);
+if (p != NULL) {
+OPENSSL_free(p);
+return 1;
+} else if (lh_OPENSSL_STRING_error(addexts)) {
+OPENSSL_free(kv);
return -1;
}
[openssl] master update
The branch master has been updated
via 1aeec3dbc2d62f902698b1eba9ed31cbd436f9dc (commit)
from 146113827135b4c646531a48f388e43add6ff871 (commit)
- Log -
commit 1aeec3dbc2d62f902698b1eba9ed31cbd436f9dc
Author: kinichiro
Date: Thu Dec 5 20:00:50 2019 +0900
Return 1 when openssl req -addext kv is duplicated
CLA: trivial
Fixes #10273
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/10578)
---
Summary of changes:
apps/req.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index 76bbbeb555..87994ceb7c 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -214,9 +214,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts,
char *kv)
*p = '\0';
/* Finally have a clean "key"; see if it's there [by attempt to add it]. */
-if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))
-!= NULL || lh_OPENSSL_STRING_error(addexts)) {
-OPENSSL_free(p != NULL ? p : kv);
+p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv);
+if (p != NULL) {
+OPENSSL_free(p);
+return 1;
+} else if (lh_OPENSSL_STRING_error(addexts)) {
+OPENSSL_free(kv);
return -1;
}
[web] master update
The branch master has been updated via 70947eca9c26af584ac69467a6f5fcd1a2fa6b5a (commit) from 420fb543c12b2a4a18aae85315f8eaefefcd1c33 (commit) - Log - commit 70947eca9c26af584ac69467a6f5fcd1a2fa6b5a Author: Matt Caswell Date: Thu Nov 21 13:44:10 2019 + Update the by-laws to introduce the OTC concept We split the responsibilities of the current OMC into two different groups - the OMC and the OTC (OpenSSL Technical Committee). The OMC still retains its overall management function but the OTC becomes responsible for technical decision making. PR reviews will then require approval from an OTC member instead of an OMC member. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/143) --- Summary of changes: policies/omc-bylaws.html | 276 --- 1 file changed, 211 insertions(+), 65 deletions(-) diff --git a/policies/omc-bylaws.html b/policies/omc-bylaws.html index af5a2ca..88704a8 100644 --- a/policies/omc-bylaws.html +++ b/policies/omc-bylaws.html @@ -13,7 +13,7 @@ OpenSSL Bylaws First issued 13th February 2017 - Last modified 20th December 2017 +Last modified 10th December 2019 @@ -72,10 +72,26 @@ The OMC: makes all decisions regarding management and strategic direction -of the project; -sets and maintains all policies and procedures; -nominates, elects and removes committers and OMC members as -required; +of the project; including: + + business requirements; + feature requirements; + platform requirements; + roadmap requirements and priority; + end-of-life decisions; + release timing and requirement decisions; + + +maintains the project infrastructure; +maintains the project website; +maintains the project code of conduct; +sets and maintains all project Bylaws; +sets and maintains all non-technical policies and non-technical procedures; +nominates and elects OMC members as required; +approves or rejects OTC nominations for committers and OTC members; +adds or removes OMC, OTC, or committers as required; +adjudicates any objections to OTC decisions; +adjudicates any objections to any commits to project repositories; ensures security issues are dealt with in an appropriate manner; schedules releases and determines future release plans and the @@ -95,13 +111,20 @@ but the ones that count in order to participate in the OMC decision-making process are the ones listed below. + In general, the OMC will leave technical decisions to the OpenSSL + Technical Committee (OTC, see below) and not participate in + discussions related to development and documention of the OpenSSL + Toolkit. In exceptional cases however an OTC vote can be overruled + by an OMC vote. Such an exceptional case would be for example if an + OTC decision stands contrary to OMC policies or decisions. + OMC members may become inactive. In order to remain active a member must, in any calendar quarter, contribute by: a) Having authored, or been recorded as a reviewer of, at least one commit made to any OpenSSL repository (including non-code based ones) and -b) vote in at least two-thirds of the total votes closed in the +b) vote in at least two-thirds of the OMC votes closed in the first two months of the quarter and the last month of the preceding quarter. @@ -129,30 +152,7 @@ to vote on and participate in discussions. They retain access to OMC internal resources. - OpenSSL Software Foundation (OSF) - - The OpenSSL Software Foundation represents the OpenSSL project in - legal and most official formal capacities in relation to external - entities and individuals. This includes, but is not limited to, - managing contributor license agreements, managing donations, - registering and holding trademarks, registering and holding domain - names, obtaining external legal advice, and so on. - - Any OMC member may serve as a director of OSF if they wish. To do - so they should send a request to any existing OSF director. - - OpenSSL Software Services (OSS) - - OpenSSL Software Services represents the OpenSSL
