Build completed: openssl master.30770

[AppVeyor]

Build openssl master.30770 completed



Commit ded9409938 by Rich Salz on 1/13/2020 5:44 PM:

fixup! fixup! fixup! fixup! Update man3/verify documentation, error text


Configure your notification preferences

Build failed: openssl master.30769

[AppVeyor]

Build openssl master.30769 failed


Commit 2d0d011734 by Kurt Roeckx on 1/13/2020 10:56 PM:

Create a new embeddedSCTs1 that's signed using SHA256


Configure your notification preferences

SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-trace

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-trace

Commit log since last time:

42b3f10b5e When deprecated symbols are removed, ensure liblegacy has WHIRLPOOL
7c3aa39fe3 Deprecate the low level Whirlpool functions.
c52ec197aa whirlpool: fix preprocessor indentation
33ee9ae059 Deprecate the low level MDC2 functions.
0feef76fe0 mdc2: fix preprocessor indentation
8ffb20ce05 Deprecate the low level MD4 functions.
01b0768d09 md4: fix preprocessor indentation
58e1f3d6d4 Deprecate the low level MD2 functions.
b2be1ea2c3 md2: fix preprocessor indentation
601fca1778 Deprecate the low level RIPEMD160 functions.
65167dba89 ripemd: fix preprocessor indentation
e683582bf3 Add dsa signature alg to fips provider
e0e68f9e34 Tweak option error messages
7671420d9e testutil_init.c: fix compilation error with enable-trace
11b4435986 Add GCM support for EVP_CTRL_GCM_IV_GEN and EVP_CTRL_GCM_SET_IV_INV 
to providers

Build failed: openssl master.30755

[AppVeyor]

Build openssl master.30755 failed


Commit 55fc6fe2bc by Sam on 1/13/2020 6:38 PM:

OpenSSL -> OpenTLS


Configure your notification preferences

Build failed: openssl master.30754

[AppVeyor]

Build openssl master.30754 failed


Commit f584d85f1e by Rich Salz on 1/13/2020 5:44 PM:

fixup! fixup! fixup! fixup! Update man3/verify documentation, error text


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings 386

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings 386

Commit log since last time:

42b3f10b5e When deprecated symbols are removed, ensure liblegacy has WHIRLPOOL
7c3aa39fe3 Deprecate the low level Whirlpool functions.
c52ec197aa whirlpool: fix preprocessor indentation
33ee9ae059 Deprecate the low level MDC2 functions.
0feef76fe0 mdc2: fix preprocessor indentation
8ffb20ce05 Deprecate the low level MD4 functions.
01b0768d09 md4: fix preprocessor indentation
58e1f3d6d4 Deprecate the low level MD2 functions.
b2be1ea2c3 md2: fix preprocessor indentation
601fca1778 Deprecate the low level RIPEMD160 functions.
65167dba89 ripemd: fix preprocessor indentation
e683582bf3 Add dsa signature alg to fips provider
e0e68f9e34 Tweak option error messages
7671420d9e testutil_init.c: fix compilation error with enable-trace
11b4435986 Add GCM support for EVP_CTRL_GCM_IV_GEN and EVP_CTRL_GCM_SET_IV_INV 
to providers

Build log ended with (last 100 lines):

clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -Icrypto/include -I../openssl 
-I../openssl/include -I../openssl/providers/common/include 
-I../openssl/providers/implementations/include -I../openssl/crypto/include  
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM 
-DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualif
 iers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN 
-DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-3\"" 
-DMODULESDIR="\"/usr/local/lib/ossl-modules\""   -MMD -MF 
crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT 
crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o 
../openssl/crypto/x509/x509_trs.c
clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -Icrypto/include -I../openssl 
-I../openssl/include -I../openssl/providers/common/include 
-I../openssl/providers/implementations/include -I../openssl/crypto/include  
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM 
-DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualif
 iers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN 
-DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib/engines-3\"" 
-DMODULESDIR="\"/usr/local/lib/ossl-modules\""   -MMD -MF 
crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT 
crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o 
../openssl/crypto/x509/x509_txt.c
clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -Icrypto/include -I../openssl 
-I../openssl/include -I../openssl/providers/common/include 
-I../openssl/providers/implementations/include -I../openssl/crypto/include  
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM 
-DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack 
-Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic 
-Wno-long-long -Wall -Wextra -Wno-unused-parameter 
-Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat 
-Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes 
-Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality 
-Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualif
 iers 

[openssl] master update

[beldmit]

The branch master has been updated
   via  9ce921f2dacc9f56b8ae932ae9c299670700a297 (commit)
   via  0b3b2b33c7e888fc1e735ad25cc1b963b5c24ad4 (commit)
   via  d4bff20d55b7ab7b4dd43ada28372efb90942dfd (commit)
  from  6d242fa585d6e52ee6e099ac4f89601231c0f1d3 (commit)


- Log -
commit 9ce921f2dacc9f56b8ae932ae9c299670700a297
Author: Rich Salz 
Date:   Wed Jan 8 09:03:00 2020 -0500

Remove duplicates

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/10134)

commit 0b3b2b33c7e888fc1e735ad25cc1b963b5c24ad4
Author: Rich Salz 
Date:   Thu Dec 12 13:34:32 2019 -0500

Better documentation of -www,-WWW,-HTTP flags

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/10134)

commit d4bff20d55b7ab7b4dd43ada28372efb90942dfd
Author: Rich Salz 
Date:   Sat Oct 12 17:45:56 2019 -0400

Refactor the tls/dlts version options

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/10134)

---

Summary of changes:
 doc/man1/openssl-s_client.pod.in | 45 +
 doc/man1/openssl-s_server.pod.in | 73 +---
 doc/man1/openssl-s_time.pod.in   | 17 ++
 doc/man1/openssl.pod | 31 +
 doc/perlvars.pm  | 32 ++
 util/dofile.pl   |  8 +
 6 files changed, 107 insertions(+), 99 deletions(-)

diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 8bd6c9eec1..779f91700f 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -79,19 +79,6 @@ B B
 [B<-psk> I]
 [B<-psk_session> I]
 [B<-quiet>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<-tls1_1>]
-[B<-tls1_2>]
-[B<-tls1_3>]
-[B<-no_ssl3>]
-[B<-no_tls1>]
-[B<-no_tls1_1>]
-[B<-no_tls1_2>]
-[B<-no_tls1_3>]
-[B<-dtls>]
-[B<-dtls1>]
-[B<-dtls1_2>]
 [B<-sctp>]
 [B<-sctp_label_bug>]
 [B<-fallback_scsv>]
@@ -127,6 +114,7 @@ B B
 [B<-early_data> I]
 [B<-enable_pha>]
 {- $OpenSSL::safe::opt_name_synopsis -}
+{- $OpenSSL::safe::opt_version_synopsis -}
 {- $OpenSSL::safe::opt_x_synopsis -}
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_r_synopsis -}
@@ -458,23 +446,6 @@ This option must be provided in order to use a PSK cipher.
 Use the pem encoded SSL_SESSION data stored in I as the basis of a PSK.
 Note that this will only work if TLSv1.3 is negotiated.
 
-=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, 
B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
-
-These options require or disable the use of the specified SSL or TLS protocols.
-By default, this command will negotiate the highest mutually supported protocol
-version.
-When a specific TLS version is required, only that version will be offered to
-and accepted from the server.
-Note that not all protocols and flags may be available, depending on how
-OpenSSL was built.
-
-=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
-
-These options make this command use DTLS protocols instead of TLS.
-With B<-dtls>, it will negotiate any supported DTLS protocol version,
-whilst B<-dtls1> and B<-dtls1_2> will only support DTLS1.0 and DTLS1.2
-respectively.
-
 =item B<-sctp>
 
 Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
@@ -685,12 +656,7 @@ data and when the server accepts the early data.
 For TLSv1.3 only, send the Post-Handshake Authentication extension. This will
 happen whether or not a certificate has been provided via B<-cert>.
 
-=item I:I
-
-Rather than providing B<-connect>, the target hostname and optional port may
-be provided as a single positional argument after all options. If neither this
-nor B<-connect> are provided, falls back to attempting to connect to
-I on port I<4433>.
+{- $OpenSSL::safe::opt_version_item -}
 
 {- $OpenSSL::safe::opt_name_item -}
 
@@ -702,6 +668,13 @@ I on port I<4433>.
 
 {- $OpenSSL::safe::opt_engine_item -}
 
+=item I:I
+
+Rather than providing B<-connect>, the target hostname and optional port may
+be provided as a single positional argument after all options. If neither this
+nor B<-connect> are provided, falls back to attempting to connect to
+I on port I<4433>.
+
 =back
 
 =head1 CONNECTED COMMANDS
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 743ad616d5..47343585bd 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -83,11 +83,6 @@ B B
 [B<-split_send_frag> I<+int>]
 [B<-max_pipelines> I<+int>]
 [B<-read_buf> I<+int>]
-[B<-no_ssl3>]
-[B<-no_tls1>]
-[B<-no_tls1_1>]
-[B<-no_tls1_2>]
-[B<-no_tls1_3>]
 [B<-bugs>]
 [B<-no_comp>]
 [B<-comp>]
@@ -149,17 +144,9 @@ B B
 [B<-psk_session> I]
 [B<-srpvfile> I]
 

[tools] master update

[Matt Caswell]

The branch master has been updated
   via  cbda6bd72e4abbe16a4a260312b1289a0e9e4764 (commit)
  from  73b0391902c67f9ebfcd5fa96cc10734d9631da8 (commit)


- Log -
commit cbda6bd72e4abbe16a4a260312b1289a0e9e4764
Author: Nicola Tuveri 
Date:   Sun Jan 5 10:52:57 2020 +0200

Apply OTC changes to gitaddrev

After the changes in https://github.com/openssl/web/pull/146
`gitaddrev` (on which `addrev` depends) required an update to count OTC
approvals rather than OMC approvals.

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/tools/pull/50)

---

Summary of changes:
 review-tools/gitaddrev | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev
index 1c2071e..177a92a 100755
--- a/review-tools/gitaddrev
+++ b/review-tools/gitaddrev
@@ -29,7 +29,7 @@ my @reviewers;
 my @nocla_reviewers;
 my @unknown_reviewers;
 my $skip_reviewer;
-my $omccount = 0;
+my $otccount = 0;
 sub try_add_reviewer {
 my $id = shift;
 my $rc = undef;
@@ -39,7 +39,7 @@ sub try_add_reviewer {
my $cla = $query->has_cla(lc $rev);
if ($cla) {
unless (grep {$_ eq $rev} @reviewers) {
-   $omccount++ if $query->is_member_of($id2, 'omc');
+   $otccount++ if $query->is_member_of($id2, 'otc');
push @reviewers, $rev;
}
$rc = $rev;
@@ -64,9 +64,9 @@ foreach (@ARGV) {
foreach ($query->list_people()) {
my $email_id = (grep { ref($_) eq "" && $_ =~ m|\@| } @$_)[0];
my $rev = $query->find_person_tag($email_id, 'rev');
-   my $omc = $query->is_member_of($email_id, 'omc');
+   my $otc = $query->is_member_of($email_id, 'otc');
next unless $query->has_cla(lc $rev);
-   next unless $query->is_member_of($email_id, 'commit') || $omc;
+   next unless $query->is_member_of($email_id, 'commit') || $otc;
my @ids =
sort grep { $_ =~ /^[a-z]+$/ || $_ =~ /^\@(?:\w|\w-\w)+$/ }
map {
@@ -78,13 +78,13 @@ foreach (@ARGV) {
}
} @$_;
foreach (@ids) {
-   $list{$_} = { tag => $rev, omc => $omc };
+   $list{$_} = { tag => $rev, otc => $otc };
}
}
foreach (sort { my $res = $list{$a}->{tag} cmp $list{$b}->{tag};
$res != 0 ? $res : ($a cmp $b) } keys %list) {
printf "%-15s %-6s (%s)\n",
-   $_, $list{$_}->{omc} ? "[OMC]" : "", $list{$_}->{tag};
+   $_, $list{$_}->{otc} ? "[OTC]" : "", $list{$_}->{tag};
}
exit 0;
 } elsif (/^--reviewer=(.+)$/) {
@@ -158,8 +158,8 @@ print STDERR "Going with these reviewers:\n  ", join("\n  
", @reviewers), "\n"
 if (scalar @reviewers < 2) {
 die "Too few reviewers (total must be at least 2)\n";
 }
-if ($omccount < 1) {
-die "At least one of the reviewers must be an OMC member\n";
+if ($otccount < 1) {
+die "At least one of the reviewers must be an OTC member\n";
 }
 if ($skip_reviewer) {
 @reviewers = grep { $_ ne $skip_reviewer } @reviewers;

Build completed: openssl master.30744

[AppVeyor]

Build openssl master.30744 completed



Commit 04308c8433 by Dr. David von Oheimb on 1/13/2020 7:47 AM:

fixup! fix various formatting nits in CMP contribution chunks 1-6 found by the new util/check-format.pl correct wording in doc, comments, and parameter names: self-signed -> self-issued where appropriate


Configure your notification preferences

Build failed: openssl master.30743

[AppVeyor]

Build openssl master.30743 failed


Commit 4d97f53ecc by H.J. Lu on 1/7/2020 6:15 PM:

i386: Add endbr32 to jump table in BF_cbc_encrypt


Configure your notification preferences

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  6d242fa585d6e52ee6e099ac4f89601231c0f1d3 (commit)
   via  557d673783f82795e8ae8ca71b0092f9dbdaaeef (commit)
  from  0ae5d4d6f8a0cd17fb9beb5876827f311c1b350c (commit)


- Log -
commit 6d242fa585d6e52ee6e099ac4f89601231c0f1d3
Author: Matt Caswell 
Date:   Thu Jan 9 15:21:14 2020 +

Add a test for HMAC via EVP_DigestSign*

We test with both an implicitly fetched digest and an explicitly fetched
digest.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/10796)

commit 557d673783f82795e8ae8ca71b0092f9dbdaaeef
Author: Matt Caswell 
Date:   Thu Jan 9 15:58:19 2020 +

Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set

If we're using an explicitly fetched digest in an EVP_DigestUpdate
operation, then we should still go the legacy route if
EVP_MD_CTX_FLAG_NO_INIT has been set because we are being used in the
context of a legacy signature algorithm and EVP_DigestInit has not been
called.

This fixes a seg fault in EVP_DigestSignUpdate()

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/10796)

---

Summary of changes:
 crypto/evp/digest.c   |  7 +++--
 test/evp_extra_test.c | 85 ---
 2 files changed, 66 insertions(+), 26 deletions(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 92dca9854b..adde3e13ab 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -303,7 +303,9 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, 
size_t count)
 return 0;
 }
 
-if (ctx->digest == NULL || ctx->digest->prov == NULL)
+if (ctx->digest == NULL
+|| ctx->digest->prov == NULL
+|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
 goto legacy;
 
 if (ctx->digest->dupdate == NULL) {
@@ -422,7 +424,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX 
*in)
 return 0;
 }
 
-if (in->digest->prov == NULL)
+if (in->digest->prov == NULL
+|| (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
 goto legacy;
 
 if (in->digest->dupctx == NULL) {
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 387e29496f..e7e73cd150 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -451,6 +451,22 @@ end:
 }
 #endif
 
+static EVP_PKEY *load_example_hmac_key(void)
+{
+EVP_PKEY *pkey = NULL;
+unsigned char key[] = {
+0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
+if (!TEST_ptr(pkey))
+return NULL;
+
+return pkey;
+}
+
 static int test_EVP_Enveloped(void)
 {
 int ret = 0;
@@ -495,10 +511,15 @@ err:
 }
 
 /*
- * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (RSA)
- * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (DSA)
- * Test 2: Use an MD BIO to do the Update calls instead (RSA)
- * Test 3: Use an MD BIO to do the Update calls instead (DSA)
+ * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch 
digest, RSA)
+ * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch 
digest, DSA)
+ * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch 
digest, HMAC)
+ * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch 
digest, RSA)
+ * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch 
digest, DSA)
+ * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch 
diegst, HMAC)
+ * Test 6: Use an MD BIO to do the Update calls instead (RSA)
+ * Test 7: Use an MD BIO to do the Update calls instead (DSA)
+ * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
  */
 static int test_EVP_DigestSignInit(int tst)
 {
@@ -510,8 +531,10 @@ static int test_EVP_DigestSignInit(int tst)
 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
 BIO *mdbio = NULL, *membio = NULL;
 size_t written;
+const EVP_MD *md;
+EVP_MD *mdexp = NULL;
 
-if (tst >= 2) {
+if (tst >= 6) {
 membio = BIO_new(BIO_s_mem());
 mdbio = BIO_new(BIO_f_md());
 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
@@ -525,10 +548,10 @@ static int test_EVP_DigestSignInit(int tst)
 goto out;
 }
 
-if (tst == 0 || tst == 2) {
+if (tst == 0 || tst == 3 || tst == 6) {
 if (!TEST_ptr(pkey = load_example_rsa_key()))
 goto out;
-} else {
+} else if (tst == 1 || tst == 4 || tst == 7) {
 #ifndef OPENSSL_NO_DSA
 if (!TEST_ptr(pkey = load_example_dsa_key()))
  

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  0ae5d4d6f8a0cd17fb9beb5876827f311c1b350c (commit)
  from  291850b473ef5d83ac7d90bdcd7f68d186515348 (commit)


- Log -
commit 0ae5d4d6f8a0cd17fb9beb5876827f311c1b350c
Author: Matt Caswell 
Date:   Thu Jan 2 16:15:26 2020 +

Deprecate the Low Level CAST APIs

Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/10742)

---

Summary of changes:
 CHANGES|  9 
 apps/speed.c   |  8 +--
 crypto/cast/c_cfb64.c  |  6 +++
 crypto/cast/c_ecb.c|  6 +++
 crypto/cast/c_enc.c|  6 +++
 crypto/cast/c_ofb64.c  |  6 +++
 crypto/cast/c_skey.c   |  6 +++
 crypto/evp/e_cast.c|  6 +++
 include/openssl/cast.h | 57 ++
 providers/implementations/ciphers/cipher_cast5.c   |  6 +++
 .../implementations/ciphers/cipher_cast5_hw.c  |  6 +++
 test/build.info| 13 ++---
 test/casttest.c|  6 +++
 test/recipes/05-test_cast.t| 11 +
 util/libcrypto.num | 14 +++---
 15 files changed, 130 insertions(+), 36 deletions(-)

diff --git a/CHANGES b/CHANGES
index e47c8ab968..215fd13b60 100644
--- a/CHANGES
+++ b/CHANGES
@@ -18,6 +18,15 @@
  equivalently named decrypt functions.
  [Matt Caswell]
 
+  *) All of the low level CAST functions have been deprecated including:
+ CAST_set_key, CAST_ecb_encrypt, CAST_encrypt, CAST_decrypt,
+ CAST_cbc_encrypt, CAST_cfb64_encrypt and CAST_ofb64_encrypt
+ Use of these low level functions has been informally discouraged for a 
long
+ time. Instead applications should use the high level EVP APIs, e.g.
+ EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
+ equivalently named decrypt functions.
+ [Matt Caswell]
+
   *) All of the low level Camelllia functions have been deprecated including:
  Camellia_set_key, Camellia_encrypt, Camellia_decrypt, 
Camellia_ecb_encrypt,
  Camellia_cbc_encrypt, Camellia_cfb128_encrypt, Camellia_cfb1_encrypt,
diff --git a/apps/speed.c b/apps/speed.c
index bb57da9c85..67bf650ec2 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -389,7 +389,7 @@ static const OPT_PAIR doit_choices[] = {
 {"blowfish", D_CBC_BF},
 {"bf", D_CBC_BF},
 #endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 {"cast-cbc", D_CBC_CAST},
 {"cast", D_CBC_CAST},
 {"cast5", D_CBC_CAST},
@@ -1464,7 +1464,7 @@ int speed_main(int argc, char **argv)
 #if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 BF_KEY bf_ks;
 #endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 CAST_KEY cast_ks;
 #endif
 static const unsigned char key16[16] = {
@@ -1992,7 +1992,7 @@ int speed_main(int argc, char **argv)
 if (doit[D_CBC_BF])
 BF_set_key(_ks, 16, key16);
 #endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 if (doit[D_CBC_CAST]) 
 CAST_set_key(_ks, 16, key16);
 #endif
@@ -2672,7 +2672,7 @@ int speed_main(int argc, char **argv)
 }
 }
 #endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 if (doit[D_CBC_CAST]) {
 if (async_jobs > 0) {
 BIO_printf(bio_err, "Async mode is not supported with %s\n",
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index 1ae13bc3d8..805a51d450 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include 
 #include "cast_local.h"
 
diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c
index 2b841ac919..cbd044366d 100644
--- a/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include 
 #include "cast_local.h"
 #include 
diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c
index 7e2461dfca..ede9f2e815 100644
--- a/crypto/cast/c_enc.c
+++ b/crypto/cast/c_enc.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * CAST low level 

Build completed: openssl master.30737

[AppVeyor]

Build openssl master.30737 completed



Commit be0363ff5c by Richard Levitte on 1/13/2020 11:28 AM:

DSA: Move DSA_security_bits() and DSA_bits()


Configure your notification preferences

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  291850b473ef5d83ac7d90bdcd7f68d186515348 (commit)
  from  652fba9ef74c1fe92b80d178ada419057d873682 (commit)


- Log -
commit 291850b473ef5d83ac7d90bdcd7f68d186515348
Author: Matt Caswell 
Date:   Thu Jan 2 15:22:19 2020 +

Deprecate Low Level Camellia APIs

Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/10741)

---

Summary of changes:
 CHANGES| 10 +++
 apps/speed.c   | 10 ++-
 crypto/camellia/camellia.c |  6 ++
 crypto/camellia/cmll_cbc.c |  6 ++
 crypto/camellia/cmll_cfb.c |  6 ++
 crypto/camellia/cmll_ctr.c |  6 ++
 crypto/camellia/cmll_ecb.c |  6 ++
 crypto/camellia/cmll_misc.c|  6 ++
 crypto/camellia/cmll_ofb.c |  6 ++
 crypto/evp/e_camellia.c|  6 ++
 include/openssl/camellia.h | 99 ++
 .../implementations/ciphers/cipher_camellia.c  |  6 ++
 .../implementations/ciphers/cipher_camellia_hw.c   |  6 ++
 util/libcrypto.num | 20 ++---
 14 files changed, 150 insertions(+), 49 deletions(-)

diff --git a/CHANGES b/CHANGES
index 08687f7972..e47c8ab968 100644
--- a/CHANGES
+++ b/CHANGES
@@ -18,6 +18,16 @@
  equivalently named decrypt functions.
  [Matt Caswell]
 
+  *) All of the low level Camelllia functions have been deprecated including:
+ Camellia_set_key, Camellia_encrypt, Camellia_decrypt, 
Camellia_ecb_encrypt,
+ Camellia_cbc_encrypt, Camellia_cfb128_encrypt, Camellia_cfb1_encrypt,
+ Camellia_cfb8_encrypt, Camellia_ofb128_encrypt and 
Camellia_ctr128_encrypt.
+ Use of these low level functions has been informally discouraged for a 
long
+ time. Instead applications should use the high level EVP APIs, e.g.
+ EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
+ equivalently named decrypt functions.
+ [Matt Caswell]
+
   *) Removed include/openssl/opensslconf.h.in and replaced it with
  include/openssl/configuration.h.in, which differs in not including
  .  A short header include/openssl/opensslconf.h
diff --git a/apps/speed.c b/apps/speed.c
index 5b87293123..bb57da9c85 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1471,6 +1471,7 @@ int speed_main(int argc, char **argv)
 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
 };
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 static const unsigned char key24[24] = {
 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
@@ -1482,7 +1483,8 @@ int speed_main(int argc, char **argv)
 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
 };
-#ifndef OPENSSL_NO_CAMELLIA
+#endif
+#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 CAMELLIA_KEY camellia_ks[3];
 #endif
 #ifndef OPENSSL_NO_RSA
@@ -1758,7 +1760,7 @@ int speed_main(int argc, char **argv)
 continue;
 }
 #endif
-#ifndef OPENSSL_NO_CAMELLIA
+#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 if (strcmp(algo, "camellia") == 0) {
 doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 
1;
 continue;
@@ -1956,7 +1958,7 @@ int speed_main(int argc, char **argv)
 AES_set_encrypt_key(key24, 192, _ks2);
 AES_set_encrypt_key(key32, 256, _ks3);
 #endif
-#ifndef OPENSSL_NO_CAMELLIA
+#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) {
 Camellia_set_key(key16, 128, _ks[0]);
 Camellia_set_key(key24, 192, _ks[1]);
@@ -2503,7 +2505,7 @@ int speed_main(int argc, char **argv)
 CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
 }
 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
-#ifndef OPENSSL_NO_CAMELLIA
+#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 if (doit[D_CBC_128_CML]) {
 if (async_jobs > 0) {
 BIO_printf(bio_err, "Async mode is not supported with %s\n",
diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c
index cb285d05ed..fd493a8a83 100644
--- a/crypto/camellia/camellia.c
+++ b/crypto/camellia/camellia.c
@@ -39,6 +39,12 @@
  * words reasonable performance even with not so modern compilers.
  */
 
+/*
+ * Camellia low level APIs are deprecated for public use, but still ok for
+ * internal 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-multiblock

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-multiblock

Commit log since last time:

42b3f10b5e When deprecated symbols are removed, ensure liblegacy has WHIRLPOOL
7c3aa39fe3 Deprecate the low level Whirlpool functions.
c52ec197aa whirlpool: fix preprocessor indentation
33ee9ae059 Deprecate the low level MDC2 functions.
0feef76fe0 mdc2: fix preprocessor indentation
8ffb20ce05 Deprecate the low level MD4 functions.
01b0768d09 md4: fix preprocessor indentation
58e1f3d6d4 Deprecate the low level MD2 functions.
b2be1ea2c3 md2: fix preprocessor indentation
601fca1778 Deprecate the low level RIPEMD160 functions.
65167dba89 ripemd: fix preprocessor indentation
e683582bf3 Add dsa signature alg to fips provider
e0e68f9e34 Tweak option error messages
7671420d9e testutil_init.c: fix compilation error with enable-trace
11b4435986 Add GCM support for EVP_CTRL_GCM_IV_GEN and EVP_CTRL_GCM_SET_IV_INV 
to providers

Build log ended with (last 100 lines):

clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -Icrypto/include -I../openssl 
-I../openssl/include -I../openssl/providers/common/include 
-I../openssl/providers/implementations/include -I../openssl/crypto/include  
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM 
-fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes 
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default 
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Win
 compatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations 
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" 
-DMODULESDIR="\"/usr/local/lib/ossl-modules\""   -MMD -MF 
crypto/x509/libcrypto-lib-by_dir.d.tmp -MT crypto/x509/libcrypto-lib-by_dir.o 
-c -o crypto/x509/libcrypto-lib-by_dir.o ../openssl/crypto/x509/by_dir.c
clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -Icrypto/include -I../openssl 
-I../openssl/include -I../openssl/providers/common/include 
-I../openssl/providers/implementations/include -I../openssl/crypto/include  
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM 
-fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes 
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default 
-Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof 
-Wconditional-uninitialized -Win
 compatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations 
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC 
-DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" 
-DMODULESDIR="\"/usr/local/lib/ossl-modules\""   -MMD -MF 
crypto/x509/libcrypto-lib-by_file.d.tmp -MT crypto/x509/libcrypto-lib-by_file.o 
-c -o crypto/x509/libcrypto-lib-by_file.o ../openssl/crypto/x509/by_file.c
clang  -I. -Iinclude -Iproviders/common/include 
-Iproviders/implementations/include -Icrypto/include -I../openssl 
-I../openssl/include -I../openssl/providers/common/include 
-I../openssl/providers/implementations/include -I../openssl/crypto/include  
-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM 
-fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g 
-DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare 
-Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes 
-Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default 
-Wno-parentheses-equality -Wno-language-extension-token 

Build failed: openssl master.30736

[AppVeyor]

Build openssl master.30736 failed


Commit 7655cb1f56 by H.J. Lu on 1/7/2020 6:15 PM:

i386: Add endbr32 to jump table in BF_cbc_encrypt


Configure your notification preferences

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  652fba9ef74c1fe92b80d178ada419057d873682 (commit)
   via  28104cdda3f1272e3e41f6eec2b5bff9f4fc162e (commit)
   via  1f9bfd899308960c1621ba07366f3c911fd27058 (commit)
   via  86a15d8366f4773d3f40510a4dc21bd5cc5c9974 (commit)
  from  bbe486cf6154df3d3aaedbae6c5b82d4ed31a5f8 (commit)


- Log -
commit 652fba9ef74c1fe92b80d178ada419057d873682
Author: Dr. David von Oheimb 
Date:   Sat Dec 21 20:46:07 2019 +0100

handle new findings of find-doc-nits on fn typedefs w/ extra space

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/10673)

commit 28104cdda3f1272e3e41f6eec2b5bff9f4fc162e
Author: Dr. David von Oheimb 
Date:   Sat Dec 21 20:42:10 2019 +0100

make find-doc-nits report function typedef w/ space before arg list

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/10673)

commit 1f9bfd899308960c1621ba07366f3c911fd27058
Author: Dr. David von Oheimb 
Date:   Sat Dec 21 19:48:19 2019 +0100

handle new findings of find-doc-nits for certain typedefs

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/10673)

commit 86a15d8366f4773d3f40510a4dc21bd5cc5c9974
Author: Dr. David von Oheimb 
Date:   Sat Dec 21 19:35:45 2019 +0100

improve 'typedef' patterns of find-doc-nits

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/10673)

---

Summary of changes:
 doc/man3/OSSL_CMP_CTX_new.pod| 15 --
 doc/man3/OSSL_CMP_log_open.pod   |  7 ---
 doc/man3/SSL_extension_supported.pod | 39 +++-
 util/find-doc-nits   |  9 +++--
 util/other.syms  |  7 +++
 5 files changed, 48 insertions(+), 29 deletions(-)

diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index 96d6841fb2..aa42d55352 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -16,9 +16,11 @@ OSSL_CMP_CTX_set_serverPort,
 OSSL_CMP_CTX_set1_proxyName,
 OSSL_CMP_CTX_set_proxyPort,
 OSSL_CMP_DEFAULT_PORT,
+OSSL_cmp_http_cb_t,
 OSSL_CMP_CTX_set_http_cb,
 OSSL_CMP_CTX_set_http_cb_arg,
 OSSL_CMP_CTX_get_http_cb_arg,
+OSSL_cmp_transfer_cb_t,
 OSSL_CMP_CTX_set_transfer_cb,
 OSSL_CMP_CTX_set_transfer_cb_arg,
 OSSL_CMP_CTX_get_transfer_cb_arg,
@@ -46,6 +48,7 @@ OSSL_CMP_CTX_push0_policy,
 OSSL_CMP_CTX_set1_oldCert,
 OSSL_CMP_CTX_set1_p10CSR,
 OSSL_CMP_CTX_push0_genm_ITAV,
+OSSL_cmp_certConf_cb_t,
 OSSL_CMP_CTX_set_certConf_cb,
 OSSL_CMP_CTX_set_certConf_cb_arg,
 OSSL_CMP_CTX_get_certConf_cb_arg,
@@ -81,14 +84,14 @@ OSSL_CMP_CTX_set1_senderNonce
  int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name);
  int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port);
  #define OSSL_CMP_DEFAULT_PORT 80
- typedef BIO (*OSSL_cmp_http_cb_t) (OSSL_CMP_CTX *ctx, BIO *hbio,
+ typedef BIO *(*OSSL_cmp_http_cb_t)(OSSL_CMP_CTX *ctx, BIO *hbio,
 unsigned long detail);
  int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_http_cb_t cb);
  int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
  void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
- typedef int (*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx,
-const OSSL_CMP_MSG *req,
-OSSL_CMP_MSG **res);
+ typedef int (*OSSL_cmp_transfer_cb_t)(OSSL_CMP_CTX *ctx,
+   const OSSL_CMP_MSG *req,
+   OSSL_CMP_MSG **res);
  int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx,
   OSSL_cmp_transfer_cb_t cb);
  int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
@@ -135,8 +138,8 @@ OSSL_CMP_CTX_set1_senderNonce
  int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
 
  /* certificate confirmation: */
- typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
-int fail_info, const char **txt);
+ typedef int (*OSSL_cmp_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert,
+   int fail_info, const char **txt);
  int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t 
cb);
  int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
  void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
diff --git a/doc/man3/OSSL_CMP_log_open.pod b/doc/man3/OSSL_CMP_log_open.pod
index 2b803ad08e..64399e2b72 100644
--- a/doc/man3/OSSL_CMP_log_open.pod
+++ b/doc/man3/OSSL_CMP_log_open.pod
@@ -23,6 +23,7 @@ 

Build completed: openssl master.30730

[AppVeyor]

Build openssl master.30730 completed



Commit e66d284f18 by Richard Levitte on 1/13/2020 8:52 AM:

fixup! EVP: Adapt EVP_PKEY Seal and Open for provider keys


Configure your notification preferences

Build failed: openssl master.30729

[AppVeyor]

Build openssl master.30729 failed


Commit 6008f279d4 by Richard Levitte on 1/12/2020 12:23 AM:

Add CHANGES entry regarding the documentation of EVP_PKEY_size() et al


Configure your notification preferences

Build failed: openssl master.30728

[AppVeyor]

Build openssl master.30728 failed


Commit 7ea07e8e7b by Richard Levitte on 1/13/2020 8:31 AM:

fixup! EVP: Adapt EVP_PKEY checking, comparing and copying for provider keys


Configure your notification preferences

[openssl] OpenSSL_1_1_1-stable update

[Richard Levitte]

The branch OpenSSL_1_1_1-stable has been updated
   via  5f6343dea1233deb6d762e24e0e0d3d795b9513d (commit)
  from  6d5e2a41793da9891e08f61a77f636e297db (commit)


- Log -
commit 5f6343dea1233deb6d762e24e0e0d3d795b9513d
Author: Richard Levitte 
Date:   Thu Jan 9 14:49:53 2020 +0100

Configure: use $list_separator_re only for defines and includes

This regexp was used a bit too uncontrolled, which had it split flag
values where it should not have.

Fixes #10792

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10793)

(cherry picked from commit bbe486cf6154df3d3aaedbae6c5b82d4ed31a5f8)

---

Summary of changes:
 Configure | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Configure b/Configure
index 317940de11..35436d990d 100755
--- a/Configure
+++ b/Configure
@@ -533,7 +533,7 @@ while ((my $first, my $second) = (shift @list, shift 
@list)) {
 
  if ($#ARGV < 0);
 
-# For the "make variables" CINCLUDES and CDEFINES, we support lists with
+# For the "make variables" CPPINCLUDES and CPPDEFINES, we support lists with
 # platform specific list separators.  Users from those platforms should
 # recognise those separators from how you set up the PATH to find executables.
 # The default is the Unix like separator, :, but as an exception, we also
@@ -974,7 +974,11 @@ foreach (keys %user) {
 
 if (defined $value) {
 if (ref $user{$_} eq 'ARRAY') {
-$user{$_} = [ split /$list_separator_re/, $value ];
+if ($_ eq 'CPPDEFINES' || $_ eq 'CPPINCLUDES') {
+$user{$_} = [ split /$list_separator_re/, $value ];
+} else {
+$user{$_} = [ $value ];
+}
 } elsif (!defined $user{$_}) {
 $user{$_} = $value;
 }

[openssl] master update

[Richard Levitte]

The branch master has been updated
   via  bbe486cf6154df3d3aaedbae6c5b82d4ed31a5f8 (commit)
  from  42b3f10b5e461496aab1f74d24103d6902ebfcd5 (commit)


- Log -
commit bbe486cf6154df3d3aaedbae6c5b82d4ed31a5f8
Author: Richard Levitte 
Date:   Thu Jan 9 14:49:53 2020 +0100

Configure: use $list_separator_re only for defines and includes

This regexp was used a bit too uncontrolled, which had it split flag
values where it should not have.

Fixes #10792

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10793)

---

Summary of changes:
 Configure | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Configure b/Configure
index 8ee0fbdb25..1e86bfa198 100755
--- a/Configure
+++ b/Configure
@@ -590,7 +590,7 @@ while ((my $first, my $second) = (shift @list, shift 
@list)) {
 
  if ($#ARGV < 0);
 
-# For the "make variables" CINCLUDES and CDEFINES, we support lists with
+# For the "make variables" CPPINCLUDES and CPPDEFINES, we support lists with
 # platform specific list separators.  Users from those platforms should
 # recognise those separators from how you set up the PATH to find executables.
 # The default is the Unix like separator, :, but as an exception, we also
@@ -1030,7 +1030,11 @@ foreach (keys %user) {
 
 if (defined $value) {
 if (ref $user{$_} eq 'ARRAY') {
-$user{$_} = [ split /$list_separator_re/, $value ];
+if ($_ eq 'CPPDEFINES' || $_ eq 'CPPINCLUDES') {
+$user{$_} = [ split /$list_separator_re/, $value ];
+} else {
+$user{$_} = [ $value ];
+}
 } elsif (!defined $user{$_}) {
 $user{$_} = $value;
 }