Build failed: openssl master.31008
Build openssl master.31008 failed Commit 532eb2c1f3 by Shane Lontis on 1/21/2020 5:57 AM: Add DSA Key validation to default provider Configure your notification preferences
Build failed: openssl master.31007
Build openssl master.31007 failed Commit 50d5b3aa1f by Shane Lontis on 1/21/2020 5:45 AM: Add DH key validation to default provider Configure your notification preferences
Build failed: openssl master.31006
Build openssl master.31006 failed Commit 6e65a8f214 by Pauli on 1/21/2020 4:45 AM: apps/passwd: convert to use KDF CRYPT functions. Configure your notification preferences
Build failed: openssl master.31005
Build openssl master.31005 failed Commit fcda0dd7f5 by Pauli on 1/21/2020 2:12 AM: Add SHA2 CRYPT based password derivation function to the legacy provider. Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings 386
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings 386 Commit log since last time: bddbfae1cd libssl: Eliminate as much use of EVP_PKEY_size() as possible 9767a3dca7 libcrypto: Eliminate as much use of EVP_PKEY_size() as possible 0a054d2a0b APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible ed5cb1776b mdc2: use evp_test instead of a separate test application. 08bff785fc apps: Fix deprecation conditional in speed.c da2d32f6db Deprecate the low level IDEA functions. 621f74b3e3 idea: fix preprocessor indention ac23078b78 param_bld: add a padded BN call. a978dc3bff TODO: undo md5.h and sha.h changes temporarily 781aa7ab63 Deprecate the low level MD5 functions. 85d843c8ec Deprecate the low level SHA functions. 8720b17794 sha: fix preprocessor indentation b2b43d1b69 Add GNU properties note for Intel CET in x86_64-xlate.pl f6aa577412 EVP: Add evp_pkey_make_provided() and refactor around it c8a5573577 CORE: renumber OSSL_FUNC_KEYMGMT macros 806253f31f DSA: Move DSA_security_bits() and DSA_bits() f17268d0d0 Add CHANGES entry regarding the documentation of EVP_PKEY_size() et al 03d65ca209 DOC: Make EVP_SignInit.pod conform with man-pages(7) 6942a0d6fe DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() 81a624f2c2 TEST: Adapt test/evp_pkey_provided_test.c to check the key size 9e5aaf7886 PROV: Adapt the RSA, DSA and DH KEYMGMT implementations 6508e85883 EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys e4a1d02300 Modify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too 9bb3e5fd87 For all assembler scripts where it matters, recognise clang > 9.x 98706c5a8c Build file templates: Use explicit files instead of $< or $? for pods 43becc3fe5 news: combined NEWS entry for deprecated low level cipher functions a73ade6013 changes: combined CHANGES entry for deprecated low level cipher functions. fe4309b0de Add duplication APIs to ASN1_TIME and related types 83c5100675 Digest function deprecation CHANGES. Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualif iers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualif iers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o
Passed: openssl/openssl#31564 (master - 967ef73)
Build Update for openssl/openssl - Build: #31564 Status: Passed Duration: 40 mins and 48 secs Commit: 967ef73 (master) Author: H.J. Lu Message: Fix unwind info in crypto/rc4/asm/rc4-x86_64.pl Move .cfi_startproc to the right place for RC4. Add missing .cfi_startproc and .cfi_endproc to RC4_options. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/10872) View the changeset: https://github.com/openssl/openssl/compare/068489a27f74...967ef73013be View the full build log and details: https://travis-ci.org/openssl/openssl/builds/639562758?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Passed: openssl/openssl#31565 (OpenSSL_1_1_1-stable - d6116a9)
Build Update for openssl/openssl - Build: #31565 Status: Passed Duration: 27 mins and 24 secs Commit: d6116a9 (OpenSSL_1_1_1-stable) Author: H.J. Lu Message: Fix unwind info in crypto/rc4/asm/rc4-x86_64.pl Move .cfi_startproc to the right place for RC4. Add missing .cfi_startproc and .cfi_endproc to RC4_options. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/10872) (cherry picked from commit 967ef73013becef2aec3439f8c45204b24121018) View the changeset: https://github.com/openssl/openssl/compare/609d24bbd79c...d6116a9850f8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/639562952?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build completed: openssl master.30998
Build openssl master.30998 completed Commit 742e5de958 by Dr. David von Oheimb on 1/20/2020 11:09 AM: a couple of small improvements in http_client.c due to new review comments Configure your notification preferences
Build failed: openssl master.30997
Build openssl master.30997 failed Commit c98a1c885f by Dmitry Belyavskiy on 1/20/2020 3:58 PM: Merge branch 'master' into gost_cms Configure your notification preferences
Errored: openssl/openssl#31557 (master - 993ebac)
Build Update for openssl/openssl - Build: #31557 Status: Errored Duration: 44 mins and 7 secs Commit: 993ebac (master) Author: Matt Caswell Message: Convert rand_bytes_ex and rand_priv_bytes_ex to public functions These were initially added as internal functions only. However they will also need to be used by libssl as well. Therefore it make sense to move them into the public API. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10864) View the changeset: https://github.com/openssl/openssl/compare/09a4cb9ec7ea...993ebac9ed38 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/639532132?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via d6116a9850f83f02af263ffa850d5510edff516c (commit) from 609d24bbd79c4999df9d8c2b3551977cec9b17ce (commit) - Log - commit d6116a9850f83f02af263ffa850d5510edff516c Author: H.J. Lu Date: Thu Jan 16 13:37:14 2020 -0800 Fix unwind info in crypto/rc4/asm/rc4-x86_64.pl Move .cfi_startproc to the right place for RC4. Add missing .cfi_startproc and .cfi_endproc to RC4_options. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/10872) (cherry picked from commit 967ef73013becef2aec3439f8c45204b24121018) --- Summary of changes: crypto/rc4/asm/rc4-x86_64.pl | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 17f635dfdd..32d842c59f 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -138,11 +138,12 @@ $code=<<___; .globl RC4 .type RC4,\@function,4 .align 16 -RC4: or $len,$len +RC4: +.cfi_startproc + or $len,$len jne .Lentry ret .Lentry: -.cfi_startproc push%rbx .cfi_push %rbx push%r12 @@ -527,6 +528,7 @@ RC4_set_key: .type RC4_options,\@abi-omnipotent .align 16 RC4_options: +.cfi_startproc lea .Lopts(%rip),%rax mov OPENSSL_ia32cap_P(%rip),%edx bt \$20,%edx @@ -539,6 +541,7 @@ RC4_options: add \$12,%rax .Ldone: ret +.cfi_endproc .align 64 .Lopts: .asciz "rc4(8x,int)"
[openssl] master update
The branch master has been updated via 967ef73013becef2aec3439f8c45204b24121018 (commit) from 068489a27f74c5f5a779aef4618e68e46db746d4 (commit) - Log - commit 967ef73013becef2aec3439f8c45204b24121018 Author: H.J. Lu Date: Thu Jan 16 13:37:14 2020 -0800 Fix unwind info in crypto/rc4/asm/rc4-x86_64.pl Move .cfi_startproc to the right place for RC4. Add missing .cfi_startproc and .cfi_endproc to RC4_options. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/10872) --- Summary of changes: crypto/rc4/asm/rc4-x86_64.pl | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 7c0f1a4cb7..9572f77378 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -140,11 +140,12 @@ $code=<<___; .globl RC4 .type RC4,\@function,4 .align 16 -RC4: or $len,$len +RC4: +.cfi_startproc + or $len,$len jne .Lentry ret .Lentry: -.cfi_startproc push%rbx .cfi_push %rbx push%r12 @@ -529,6 +530,7 @@ RC4_set_key: .type RC4_options,\@abi-omnipotent .align 16 RC4_options: +.cfi_startproc lea .Lopts(%rip),%rax mov OPENSSL_ia32cap_P(%rip),%edx bt \$20,%edx @@ -541,6 +543,7 @@ RC4_options: add \$12,%rax .Ldone: ret +.cfi_endproc .align 64 .Lopts: .asciz "rc4(8x,int)"
[openssl] master update
The branch master has been updated via 068489a27f74c5f5a779aef4618e68e46db746d4 (commit) from 993ebac9ed38481e4d3795c437d4e98b985c68ce (commit) - Log - commit 068489a27f74c5f5a779aef4618e68e46db746d4 Author: Matt Caswell Date: Wed Jan 8 16:16:22 2020 + Implement the NULL cipher in the default provider Libssl uses the null cipher in certain situations. It should be converted to a provided cipher. Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10865) --- Summary of changes: crypto/evp/evp_enc.c | 6 +- providers/defltprov.c | 1 + providers/implementations/ciphers/build.info | 4 + providers/implementations/ciphers/cipher_null.c| 110 + .../implementations/include/prov/implementations.h | 1 + 5 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 providers/implementations/ciphers/cipher_null.c diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 35feec17f6..4687a2b8e4 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -142,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (tmpcipher->prov == NULL) { switch(tmpcipher->nid) { +case NID_undef: case NID_aes_256_ecb: case NID_aes_192_ecb: case NID_aes_128_ecb: @@ -326,7 +327,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; #else EVP_CIPHER *provciph = -EVP_CIPHER_fetch(NULL, OBJ_nid2sn(cipher->nid), ""); +EVP_CIPHER_fetch(NULL, + cipher->nid == NID_undef ? "NULL" + : OBJ_nid2sn(cipher->nid), + ""); if (provciph == NULL) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); diff --git a/providers/defltprov.c b/providers/defltprov.c index 3220bc5220..166281fae3 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -138,6 +138,7 @@ static const OSSL_ALGORITHM deflt_digests[] = { }; static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = { +ALG("NULL", null_functions), ALG("AES-256-ECB", aes256ecb_functions), ALG("AES-192-ECB", aes192ecb_functions), ALG("AES-128-ECB", aes128ecb_functions), diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info index bff5a2d41f..c45ea00f16 100644 --- a/providers/implementations/ciphers/build.info +++ b/providers/implementations/ciphers/build.info @@ -7,6 +7,7 @@ $COMMON_GOAL=../../libcommon.a +$NULL_GOAL=../../libimplementations.a $AES_GOAL=../../libimplementations.a $TDES_1_GOAL=../../libimplementations.a $TDES_2_GOAL=../../libimplementations.a @@ -35,6 +36,9 @@ IF[{- !$disabled{des} -}] SOURCE[$TDES_1_GOAL]=cipher_tdes.c cipher_tdes_hw.c ENDIF +SOURCE[$NULL_GOAL]=\ +cipher_null.c + SOURCE[$AES_GOAL]=\ cipher_aes.c cipher_aes_hw.c \ cipher_aes_xts.c cipher_aes_xts_hw.c \ diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c new file mode 100644 index 00..6443e65742 --- /dev/null +++ b/providers/implementations/ciphers/cipher_null.c @@ -0,0 +1,110 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "prov/implementations.h" +#include "prov/ciphercommon.h" +#include "prov/providercommonerr.h" + +static OSSL_OP_cipher_newctx_fn null_newctx; +static void *null_newctx(void *provctx) +{ +static int dummy = 0; + +return +} + +static OSSL_OP_cipher_freectx_fn null_freectx; +static void null_freectx(void *vctx) +{ +} + +static OSSL_OP_cipher_encrypt_init_fn null_init; +static int null_init(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ +return 1; +} + +static OSSL_OP_cipher_cipher_fn null_cipher; +static int null_cipher(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, size_t inl) +{ +if (outsize < inl) +return 0; +if (in != out) +memcpy(out, in, inl); +*outl = inl; +return 1; +} + +static OSSL_OP_cipher_final_fn null_final; +static int null_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) +{ +*outl = 0; +return 1;
[openssl] master update
The branch master has been updated via 993ebac9ed38481e4d3795c437d4e98b985c68ce (commit) from 09a4cb9ec7ea9ccb4885588ba3e138b9f5f606c7 (commit) - Log - commit 993ebac9ed38481e4d3795c437d4e98b985c68ce Author: Matt Caswell Date: Wed Jan 15 16:34:55 2020 + Convert rand_bytes_ex and rand_priv_bytes_ex to public functions These were initially added as internal functions only. However they will also need to be used by libssl as well. Therefore it make sense to move them into the public API. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10864) --- Summary of changes: crypto/bn/bn_rand.c| 8 ++--- crypto/rand/rand_lib.c | 8 ++--- doc/internal/man3/rand_bytes_ex.pod| 41 -- doc/man3/RAND_bytes.pod| 19 +- include/crypto/rand.h | 6 include/openssl/rand.h | 7 .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 4 +-- .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c| 4 +-- providers/implementations/ciphers/cipher_des.c | 4 +-- providers/implementations/ciphers/cipher_tdes.c| 4 +-- .../implementations/ciphers/cipher_tdes_wrap.c | 4 +-- .../implementations/ciphers/ciphercommon_gcm.c | 6 ++-- util/libcrypto.num | 2 ++ 13 files changed, 48 insertions(+), 69 deletions(-) delete mode 100644 doc/internal/man3/rand_bytes_ex.pod diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index d61b08dba2..2428a49efd 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -47,8 +47,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom, } /* make a random number and set the top and bottom bits */ -b = flag == NORMAL ? rand_bytes_ex(libctx, buf, bytes) - : rand_priv_bytes_ex(libctx, buf, bytes); +b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes) + : RAND_priv_bytes_ex(libctx, buf, bytes); if (b <= 0) goto err; @@ -60,7 +60,7 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom, unsigned char c; for (i = 0; i < bytes; i++) { -if (rand_bytes_ex(libctx, , 1) <= 0) +if (RAND_bytes_ex(libctx, , 1) <= 0) goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; @@ -280,7 +280,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, goto err; } for (done = 0; done < num_k_bytes;) { -if (!rand_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes))) +if (!RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes))) goto err; if (!EVP_DigestInit_ex(mdctx, md, NULL) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 0be9db1c5f..86952739c0 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -851,7 +851,7 @@ void RAND_add(const void *buf, int num, double randomness) * the default method, then just call RAND_bytes(). Otherwise make * sure we're instantiated and use the private DRBG. */ -int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) +int RAND_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) { RAND_DRBG *drbg; const RAND_METHOD *meth = RAND_get_rand_method(); @@ -872,10 +872,10 @@ int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) int RAND_priv_bytes(unsigned char *buf, int num) { -return rand_priv_bytes_ex(NULL, buf, num); +return RAND_priv_bytes_ex(NULL, buf, num); } -int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) +int RAND_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) { RAND_DRBG *drbg; const RAND_METHOD *meth = RAND_get_rand_method(); @@ -896,7 +896,7 @@ int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num) int RAND_bytes(unsigned char *buf, int num) { -return rand_bytes_ex(NULL, buf, num); +return RAND_bytes_ex(NULL, buf, num); } #if !defined(OPENSSL_NO_DEPRECATED_1_1_0) && !defined(FIPS_MODE) diff --git a/doc/internal/man3/rand_bytes_ex.pod b/doc/internal/man3/rand_bytes_ex.pod deleted file mode 100644 index e1bb0f04df..00 --- a/doc/internal/man3/rand_bytes_ex.pod +++ /dev/null @@ -1,41 +0,0 @@ -=pod - -=head1 NAME - -rand_bytes_ex, rand_priv_bytes_ex -- internal random number routines - -=head1 SYNOPSIS - - #include "crypto/rand.h" - - int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); - int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); - -=head1 DESCRIPTION - -rand_bytes_ex() and rand_priv_bytes_ex() are the
[openssl] master update
The branch master has been updated via 09a4cb9ec7ea9ccb4885588ba3e138b9f5f606c7 (commit) from 2dd04ca881414779e847a21e6be4e428257c25f1 (commit) - Log - commit 09a4cb9ec7ea9ccb4885588ba3e138b9f5f606c7 Author: Matt Caswell Date: Wed Jan 15 18:11:04 2020 + Don't register drbg_delete_thread_state twice drbg_delete_thread_state cleans up after both the public and the private DRBG. It can be registered automtically by getting either of those DRBGs, but it should not be registered twice. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10862) --- Summary of changes: crypto/rand/drbg_lib.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 2c9ed3fb6d..a695a5f7dd 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1353,7 +1353,12 @@ RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx) drbg = CRYPTO_THREAD_get_local(>public_drbg); if (drbg == NULL) { ctx = openssl_ctx_get_concrete(ctx); -if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) +/* + * If the private_drbg is also NULL then this is the first time we've + * used this thread. + */ +if (CRYPTO_THREAD_get_local(>private_drbg) == NULL +&& !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) return NULL; drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PUBLIC); CRYPTO_THREAD_set_local(>public_drbg, drbg); @@ -1381,7 +1386,12 @@ RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx) drbg = CRYPTO_THREAD_get_local(>private_drbg); if (drbg == NULL) { ctx = openssl_ctx_get_concrete(ctx); -if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) +/* + * If the public_drbg is also NULL then this is the first time we've + * used this thread. + */ +if (CRYPTO_THREAD_get_local(>public_drbg) == NULL +&& !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) return NULL; drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PRIVATE); CRYPTO_THREAD_set_local(>private_drbg, drbg);
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-multiblock
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-multiblock Commit log since last time: bddbfae1cd libssl: Eliminate as much use of EVP_PKEY_size() as possible 9767a3dca7 libcrypto: Eliminate as much use of EVP_PKEY_size() as possible 0a054d2a0b APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible ed5cb1776b mdc2: use evp_test instead of a separate test application. 08bff785fc apps: Fix deprecation conditional in speed.c da2d32f6db Deprecate the low level IDEA functions. 621f74b3e3 idea: fix preprocessor indention ac23078b78 param_bld: add a padded BN call. a978dc3bff TODO: undo md5.h and sha.h changes temporarily 781aa7ab63 Deprecate the low level MD5 functions. 85d843c8ec Deprecate the low level SHA functions. 8720b17794 sha: fix preprocessor indentation b2b43d1b69 Add GNU properties note for Intel CET in x86_64-xlate.pl f6aa577412 EVP: Add evp_pkey_make_provided() and refactor around it c8a5573577 CORE: renumber OSSL_FUNC_KEYMGMT macros 806253f31f DSA: Move DSA_security_bits() and DSA_bits() f17268d0d0 Add CHANGES entry regarding the documentation of EVP_PKEY_size() et al 03d65ca209 DOC: Make EVP_SignInit.pod conform with man-pages(7) 6942a0d6fe DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() 81a624f2c2 TEST: Adapt test/evp_pkey_provided_test.c to check the key size 9e5aaf7886 PROV: Adapt the RSA, DSA and DH KEYMGMT implementations 6508e85883 EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys e4a1d02300 Modify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too 9bb3e5fd87 For all assembler scripts where it matters, recognise clang > 9.x 98706c5a8c Build file templates: Use explicit files instead of $< or $? for pods 43becc3fe5 news: combined NEWS entry for deprecated low level cipher functions a73ade6013 changes: combined CHANGES entry for deprecated low level cipher functions. fe4309b0de Add duplication APIs to ASN1_TIME and related types 83c5100675 Digest function deprecation CHANGES. Build log ended with (last 100 lines): clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Win compatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/whrlpool/libcrypto-lib-wp_dgst.d.tmp -MT crypto/whrlpool/libcrypto-lib-wp_dgst.o -c -o crypto/whrlpool/libcrypto-lib-wp_dgst.o ../openssl/crypto/whrlpool/wp_dgst.c clang -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Win compatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF