[openssl] master update
The branch master has been updated via 0a10825a009c830125fef94c81d34e41300a24a5 (commit) from 8e22f9d6d956ad583afe10b986519731c113ac80 (commit) - Log - commit 0a10825a009c830125fef94c81d34e41300a24a5 Author: Bernd Edlinger Date: Wed Oct 24 23:10:38 2018 +0200 Enable brainpool curves for TLS1.3 See the recently assigned brainpool code points at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7485) --- Summary of changes: include/internal/tlsgroups.h | 10 +++ ssl/s3_lib.c | 5 +- ssl/ssl_local.h | 5 ++ ssl/statem/extensions.c | 2 +- ssl/statem/extensions_clnt.c | 20 +- ssl/statem/extensions_srvr.c | 15 ++-- ssl/statem/statem_lib.c | 6 ++ ssl/t1_lib.c | 129 +-- ssl/t1_trce.c| 3 + test/ssl-tests/20-cert-select.cnf| 4 +- test/ssl-tests/20-cert-select.cnf.in | 4 +- 11 files changed, 153 insertions(+), 50 deletions(-) diff --git a/include/internal/tlsgroups.h b/include/internal/tlsgroups.h index 8a35ced122..73fb53bc5f 100644 --- a/include/internal/tlsgroups.h +++ b/include/internal/tlsgroups.h @@ -41,6 +41,16 @@ # define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C # define OSSL_TLS_GROUP_ID_x25519 0x001D # define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13 0x001F +# define OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13 0x0020 +# define OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13 0x0021 +# define OSSL_TLS_GROUP_ID_gc256A 0x0022 +# define OSSL_TLS_GROUP_ID_gc256B 0x0023 +# define OSSL_TLS_GROUP_ID_gc256C 0x0024 +# define OSSL_TLS_GROUP_ID_gc256D 0x0025 +# define OSSL_TLS_GROUP_ID_gc512A 0x0026 +# define OSSL_TLS_GROUP_ID_gc512B 0x0027 +# define OSSL_TLS_GROUP_ID_gc512C 0x0028 # define OSSL_TLS_GROUP_ID_ffdhe20480x0100 # define OSSL_TLS_GROUP_ID_ffdhe30720x0101 # define OSSL_TLS_GROUP_ID_ffdhe40960x0102 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 88565a7000..1a89bde851 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3607,8 +3607,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) int *cptr = parg; for (i = 0; i < clistlen; i++) { +uint16_t cid = SSL_IS_TLS13(s) + ? ssl_group_id_tls13_to_internal(clist[i]) + : clist[i]; const TLS_GROUP_INFO *cinf -= tls1_group_id_lookup(s->ctx, clist[i]); += tls1_group_id_lookup(s->ctx, cid); if (cinf != NULL) cptr[i] = tls1_group_id2nid(cinf->group_id, 1); diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 9b88140a28..ddae48b2af 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2169,6 +2169,9 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_ed25519 0x0807 #define TLSEXT_SIGALG_ed448 0x0808 +#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256 0x081a +#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384 0x081b +#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512 0x081c /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 @@ -2642,6 +2645,8 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); +__owur uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id); +__owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id); __owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id); __owur int tls1_group_id2nid(uint16_t group_id, int include_unknown); __owur uint16_t tls1_nid2group_id(int nid); diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index bc437be26a..0ac8253be3 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1369,7 +1369,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent) group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 1)) + 2)) break; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b38c9ca684..d6d4e55ce7 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -224,6 +224,21 @@ EXT_RETURN tls_construct_ctos_supported
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DlQFe_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGJlhd0xMz2Ma4KqBuQuV19c0VfCVcPj4Ww4CIno5tN4e95CtpgueEO52H6QCu04Ux5NMBbLlaWS-2BFOrdBHJqtfdwfkJhuUfQrYoDGruoX98zrVSnzewjkLH6Y40TmuEZU7cja-2F0H-2FuSlC2tbvcnmOAB7-2BEUe0DZTY0ihSnSM-2FqwMtJv5EJyZHbXFhVh9BiYD0-3D Build ID: 420063 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] master update
The branch master has been updated via 8e22f9d6d956ad583afe10b986519731c113ac80 (commit) from bc6d9c9395a74a31b4e0c4a8cd729197adbf6a46 (commit) - Log - commit 8e22f9d6d956ad583afe10b986519731c113ac80 Author: Allan Jude Date: Fri Nov 19 18:58:51 2021 + Detect arm64-*-*bsd and enable assembly optimizations Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17084) --- Summary of changes: Configurations/10-main.conf | 8 util/perl/OpenSSL/config.pm | 1 + 2 files changed, 9 insertions(+) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 8414b34ed9..9f8fb32a86 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1062,6 +1062,14 @@ my %targets = ( perlasm_scheme => "elf", }, +"BSD-aarch64" => { +inherit_from => [ "BSD-generic64" ], +lib_cppflags => add("-DL_ENDIAN"), +bn_ops => "SIXTY_FOUR_BIT_LONG", +asm_arch => 'aarch64', +perlasm_scheme => "linux64", +}, + "bsdi-elf-gcc" => { inherit_from => [ "BASE_unix" ], CC => "gcc", diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index d8be17cdc5..e3802ade43 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -745,6 +745,7 @@ EOF [ 'ia64-.*-.*bsd.*',{ target => "BSD-ia64" } ], [ 'x86_64-.*-dragonfly.*', { target => "BSD-x86_64" } ], [ 'amd64-.*-.*bsd.*', { target => "BSD-x86_64" } ], + [ 'arm64-.*-.*bsd.*', { target => "BSD-aarch64" } ], [ '.*86.*-.*-.*bsd.*', sub { # mimic ld behaviour when it's looking for libc...
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 7182ad7925077a825e451d09c59c2181d8533dc6 (commit) from 1c981ebb6e3346ebd0e76d0100ad0e1e854dbdda (commit) - Log - commit 7182ad7925077a825e451d09c59c2181d8533dc6 Author: Matt Caswell Date: Wed Nov 24 10:11:45 2021 + Don't delete the doc/html directories when cleaning The doc/html sub-dirs get created by Configure. Therefore they should not be cleaned away by "nmake clean". Otherwise the following sequence fails: perl Configure VC-WIN64A nmake clean nmake nmake install Fixes #17114 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17128) (cherry picked from commit bc6d9c9395a74a31b4e0c4a8cd729197adbf6a46) --- Summary of changes: Configurations/windows-makefile.tmpl | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 81a94ee19f..4718f118e3 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -462,10 +462,10 @@ libclean: -del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb clean: libclean - -rd /Q /S $(HTMLDOCS1_BLDDIRS) - -rd /Q /S $(HTMLDOCS3_BLDDIRS) - -rd /Q /S $(HTMLDOCS5_BLDDIRS) - -rd /Q /S $(HTMLDOCS7_BLDDIRS) + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS1) || "\@rem" -} + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS3) || "\@rem" -} + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS5) || "\@rem" -} + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS7) || "\@rem" -} {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -} {- join("\n\t", map { "-del /Q /F $_" } @MODULES) || "\@rem" -} {- join("\n\t", map { "-del /Q /F $_" } @SCRIPTS) || "\@rem" -}
[openssl] master update
The branch master has been updated via bc6d9c9395a74a31b4e0c4a8cd729197adbf6a46 (commit) from 3e0441520b9a349dc50662919ea18f03dfc0d624 (commit) - Log - commit bc6d9c9395a74a31b4e0c4a8cd729197adbf6a46 Author: Matt Caswell Date: Wed Nov 24 10:11:45 2021 + Don't delete the doc/html directories when cleaning The doc/html sub-dirs get created by Configure. Therefore they should not be cleaned away by "nmake clean". Otherwise the following sequence fails: perl Configure VC-WIN64A nmake clean nmake nmake install Fixes #17114 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17128) --- Summary of changes: Configurations/windows-makefile.tmpl | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 81a94ee19f..4718f118e3 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -462,10 +462,10 @@ libclean: -del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb clean: libclean - -rd /Q /S $(HTMLDOCS1_BLDDIRS) - -rd /Q /S $(HTMLDOCS3_BLDDIRS) - -rd /Q /S $(HTMLDOCS5_BLDDIRS) - -rd /Q /S $(HTMLDOCS7_BLDDIRS) + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS1) || "\@rem" -} + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS3) || "\@rem" -} + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS5) || "\@rem" -} + {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS7) || "\@rem" -} {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -} {- join("\n\t", map { "-del /Q /F $_" } @MODULES) || "\@rem" -} {- join("\n\t", map { "-del /Q /F $_" } @SCRIPTS) || "\@rem" -}