SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128
Commit log since last time:
9db6af922c EC: Reverse the default asn1_flag in a new EC_GROUP
977e95b912 EVP: Fix evp_pkey_ctx_store_cached_data() to handle provider backed
EVP_PKEY_CTX
60488d2434 EVP: Don't find standard EVP_PKEY_METHODs automatically
8ce04db808 CORE & PROV: clean away OSSL_FUNC_mac_size()
28e1904250 apps/ecparam: Avoid crash when parameters fail to load
963a65bfb4 apps/ca: Properly handle certificate expiration times in do_updatedb
1409b5f664 Deprecate EVP_MD_CTX_{set_}update_fn()
66194839fe Add diacritics to my name in CHANGES.md
6a1a6498ac dh_cms_set_peerkey: Pad the public key to p size
af403db090 Add some missing committers to the AUTHORS list
f94a91698b Add a CI job to run the threads test with threads sanitizer on
0b07db6f56 Ensure the EVP_PKEY operation_cache is appropriately locked
4099460514 Ensure access to FIPS_state and rate_limit is appropriately locked
04b9435a99 Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data()
b233ea8276 Avoid races by caching exported ciphers in the init function
cd4e6a3512 Refactor RAND_get0_primary() locking
a0134d293e Add a multi-thread test for shared EVP_PKEYs
7ff9fdd4b3 Deprecate X509_certificate_type
d3372c2f35 Add some PKIX-RPKI objects
6aab42c390 OSSL_HTTP_REQ_CTX.pod and OSSL_HTTP_transfer.pod: various
improvements
4d190f99ef Constify OSSL_HTTP_REQ_CTX_get0_mem_bio()
a6d40689ec HTTP: add more error detection to low-level API
d337af1891 HTTP: Fix mistakes and unclarities on maxline and max_resp_len params
8e71614797 Fix not backwards-compat X509_http_nbio() and X509_CRL_http_nbio()
673474b164 OSSL_HTTP_REQ_CTX_nbio(): Revert to having state var that keeps req
len still to send
f2db0528d8 PROV: Add SM2 encoders and decoders, as well as support functionality
58f422f6f4 Fix some odd names in our provider source code
b8a1272d57 Test that EC keys without a public key in them work as expected
ec7aef3356 Ensure EC keys with a private key but without a public key can be
created
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128
Platform and configuration command:
$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128
Commit log since last time:
c34063d7a1 Add a test for setting, popping and clearing error marks
4e08ea6f11 Allow multiple nested marks
5b1d94c11c Fix some warnings from clang 10 in params.c
908c9fc7ed apps/pkcs12: Clean up the order in which many options are presented
09afbec94b e_loader_attic.c: Improve result handling of file_load_try_decode()
61dd4168f5 Allow for PKCS#12 input without MAC in p12_kiss.c and
e_loader_attic.c
3a6df6bd5c e_loader_attic.c: Remove redundant 'pass phrase' sub-string from
try_decode_PKCS12()
0c2c560cb9 apps/storeutl: Add error output in case of parse/decryption/mac
errors in input files
852feb3bd8 apps/pkcs12: Really do not perform MAC in case -nomac
b84965aff0 apps/pkcs12: Do not prompt for password in case -nomac and
-noenc/-nodes
bb57c90e6c Minor improvements of doc for ca and x509 app
279b61d0ca apps/pkcs12: Retain test output files
9c73e48a08 Minor cleanup of error output for various apps
c1097eecdf apps/ca: Minor code and doc cleanup
d7e498ac55 Deprecate RSA harder
b24d6c335d Rename internal drbg_ functions so they have an ossl_ prefix.
b68a947fd2 Rename SHA3 internal functions so they have an ossl_ prefix
5687afdf03 rename sha1_ctrl to ossl_sha1_ctrl.
1dc188ba0e Provide side RNG functions renamed to have an ossl_ prefix.
893d3df972 rename mac_key_* to ossl_mac_key_*
572e6df7db rename md5_block_asm_data_order to ossl_md5_block_asm_data_order
627b73cc72 Rename md5_sha1_* ossl_md5_sha1_*
3800cc6f4d DOC: Fix example in OSSL_PARAM_int.pod
f1d6670840 Swap to FIPS186-2 DSA generation outside of the FIPS module
c2bd8d2783 Swap to DH_PARAMGEN_TYPE_GENERATOR as the default outside of the
FIPS module
d3d2c0dc68 Adapt ssltest_old to not use deprecated DH APIs
3105d84693 Extend the auto DH testing to check DH sizes
b6ae56fd27 Add some additional test certificates/keys
1b2a55ffa2 Add a CHANGES.md entry for the "tmp_dh" functions/macros
33c39a0659 Add a test for the various ways of setting temporary DH params
0437309fdf Document some SSL DH related functions/macros
1072041b17 Return sensible values for some SSL ctrls
13c453728c Only disabled what we need to in a no-dh build
163f6dc1f7 Implement a replacement for SSL_set_tmp_dh()
9912be1b33 Remove deprecated functionality from s_server
8b7df247b7 Disable the DHParameters config option in a no-deprecated build
936d565768 Remove DH usage from tls_process_cke_dhe
184280971c Remove DH usage in tls_construct_server_key_exchange()
cb5a427acf Avoid the use of a DH object in tls_construct_cke_dhe()
1b2b475517 Deprecate SSL_CTRL_SET_TMP_DH and other related ctrls
1ee22dc268 Convert TLS ServerKeyExchange processing to use an EVP_PKEY
091f6074c5 Convert TLS auto DH parameters to use EVP_PKEY
2b93900e28 DOC: Rewrite the section on reporting errors in
doc/man3/ERR_put_error.pod
e19c5a1064 CONF: Convert one last CONFerr() to ERR_raise()
01fe51578e Simplify util/err-to-raise
b06e70b868 Really deprecate the old NAMEerr() macros
bf57cab74b util/find-doc-nits: check podchecker() return value
c7d32b6ba5 util/mkrc.pl: Make sure FILEVERSION and PRODUCTVERSION have four
numbers
ef2a44eb31 NetBSD build fix.
ccbf3f90c4 DOC: Fixup the description of the -x509_strict option
4605c5ab47 Fix dsa securitycheck for fips.
e557d46333 Add documentation for EVP_PKEY2PKCS8/EVP_PKCS82PKEY
317b7c57e4 Fixup EVP-MAC-KMAC documentation
fce56f5b69 REF_PRINT: cast pointer to void to avoid warnings
3084b9d316 Document the provider KDF API.
e76a696273 test/endecoder_legacy_test.c: new test for legacy comparison
efb4667f72 Fix SUPPORT.md for better readability
322d56cd64 Fix a few github file references
a18cf8fc63 Remove -C option from x509 command
1696b8909b Remove -C from dhparam,dsaparam,ecparam
256d41d437 BIO: Undefine UNICODE in b_addr.c to get POSIX declaration of
gai_strerror()
105d01f1eb crypto/provider_core.c: fix a couple of faulty ERR_raise_data() calls
a150f8e1fc CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()
9311d0c471 Convert all {NAME}err() in crypto/ to their corresponding
ERR_raise() call
31a6b52f6d EVP: Adapt EVP_PKEY2PKCS8() to better handle provider-native keys
0bb450fe2f DragonFlyBSD build fix and update.
a04400fc74 Remove unused helper functions EVP_str2ctrl() & EVP_hex2ctrl().
a7da4d488d [test/recipes] Split test_fuzz into separate recipes
9ce8e0d17e Optimize AES-XTS mode in OpenSSL for aarch64
c87a7f31a3 apps/passwd: remove the -crypt option.
93c87f745d rsa_test: add return value check
d8701e2523 Do not prepend $OPENSSL_CONF_INCLUDE to absolute include paths
368d9e030f Add ossl_is_absolute_path function to detect absolute paths
69d16b70cf Avoid duplicate ends_with_dirsep functions
122e81f070 test/recipes/30-test_evp_libctx.t: use fips-and-base.cnf
f49d486075 test/evp_libctx_test.c: use OSSL_ENCODER
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 4114964865 Build files: add module installation targets ae6b654b66 TEST: make and use a fipsinstall script c0bfc473d8 Use the libctx for all EVP_PKEY_CTX operations 4f6c704495 Re-enable FIPS testing in sslapitest.c 5e30f2fd58 Use a non-default libctx in sslapitest 09ec5e6f5d dhparam: white space cleaning 61b2afb50a apps: undeprecate the conditioned out apps 19d9be09d1 openssl: include the version a command was deprecated in the output text. f84fe4f448 apps: reinstate deprecated commands but using PKEY APIs 7539cb70eb dsaparam: update command line app to use EVP calls b304f8567c CHANGES: note which command line utilities are marked for deprecation but still available. 769cfc3bd0 Undeprecate DH_get_length() and DH_set_length() functions dddbbc6f39 gendsa: update command line app to use EVP calls 8f7e1f68cc genrsa: update command line app to use EVP calls 99a7c3a7bf openssl: include the version a command was deprecated in the output text. 188dd86ab4 apps: reinstate deprecated commands but using PKEY APIs ccefc3411e dhparam: update command line app to use EVP calls b0cfe526d7 tests: reinstate tests for deprecated but non-removed functionality cd3572a110 dsaparam: update command line app to use EVP calls 54affb77c5 rsa: update command line app to use EVP calls b940349de1 dsa: update command line app to use EVP calls e0331eb8b8 Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber 753283cd23 Add CMP error reason 'missing reference cert' e599d0aecd Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/ a81151bd56 Add a couple of hints to fuzz/README.md 642f60d840 Rename CMP_PROTECTEDPART to OSSL_CMP_PROTECTEDPART for consistency 7a41760667 GOST2012 TLS ClientCertificateType Identifiers support ccb47dbf47 DOC: Extend the description of EVP_PKEY_CTX_new_from_name() 476de2e5e5 DOC: Add more description of EVP_PKEY_fromdata(), and examples 031c9bd3f3 apps/speed: fix invalid final report when run SM2 benchmarks in parallel ad16671d49 GOST cipher names adjustment 301ea192c7 INSTALL: document 'no-ui-console' rather than 'no-ui' 629c72db5f When calling the import_to function pass the libctx too 7da7b27eec Windows: Add type casting in CRYPTO_atomic_add to remove warning 4350a6bd42 doc: note that the FIPS provider contains some non-approved algorithms. 19985ac42c news: note the addition of ECX and SHAKE256 to the FIPS provider as non-approved algorithms b5bcc05302 pkey: free key manager on error path d8171446a2 ecx: check for errors creating public keys from private ones. c1e48c5171 s390: ECX key generation fixes. 43cd37014e ecx: add key generation support. 1ee1e55114 Add ECX to FIPS provider as non-FIPS algorithms 8a5cb59601 TEST: Add a test of keygen with an empty template in test/evp_extra_test.c d0ddf9b409 EVP: Fix calls to evp_pkey_export_to_provider() 6f89229603 TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support 7525c93030 Document X509_verify_ex() and X509_REQ_verify_ex() 465f34ed27 Introduce an internal version of X509_check_issued() 0820217441 Create a libctx aware X509_verify_ex() b27ed81943 Put sys-specific files in build.info 705536e2b5 Use build.info, not ifdef for crypto modules 7165593ce5 Add DH keygen to providers b03ec3b5d6 Add DSA keygen to provider 09b3654096 Make sure we always send an alert in libssl if we hit a fatal error e395ba223d When calling EC_POINT_point2buf we must use a libctx 137b274aee Document the new libctx aware private key functions d6a2bdf7f1 Make sure we use the libctx in libssl when loading PrivateKeys 1531241c54 Teach PEM_read_bio_PrivateKey about libctx 8755b08524 Teach the OSSL_STORE code about libctx f13fdeb321 Use the libctx in Ed448 private key decoding 472a88b79e Teach d2i_PrivateKey et al about libctx ca59b00bbd Fix no-pic static builds 49276c3569 EVP: fix memleak in evp_pkey_downgrade() 813d317178 EVP: Add a temporary SM2 hack to key generation 10d756a70e EC: Refactor EVP_PKEY_CTX curve setting macros for param generation 1f185f51a7 PROV: Implement EC param / key generation 2b9add6965 KEYMGMT: Add functions to get param/key generation parameters a5c864ce90 Fix Dynamic engine loading so that the call to ENGINE_load_builtin_engines() is performed. 9bf475fcf3 mkerr: remove legacy guards from generated error headers ff1f7cdeb1 Add ex_data to EVP_PKEY. 0437435a96 BIO_do_accept: correct error return value b93e2ec273 Fix some errors in documentation e32e00ab20 Initialize files that declare internal symbols 8270c4791d Rework util/find-doc-nits to distinguish internal documentation eacd30a703 Add manpage entry for X509_check_purpose() abfc73f374 Fix EVP_DigestSign interface when used with DES CMAC cc572c2564 EVP: legacy_ctrl_to_param() to handle provider side keys
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: a6482df03a Fix enable-ec_nistp_64_gcc_128 c50fd0f959 Fix BN error reporting f305ecdac0 Run evp_test in FIPS mode 7f612b1f04 Don't set ctx->cipher until after a successful fetch e9c116ebcb GCM cipher in provider now fails if passed bad keylength
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 2b2eb210a1 Fix commit a672a02a s390x build breakage afdec13dd9 Add missing accessors for X509 AuthorityKeyIdentifier 8b9575ba37 Add a CHANGES entry about loading the config file by default 109ef7ae43 Fix the krb5 external test 29dc6e00f2 Load the config file by default 988b29850b Suppress loading the FIPS module in evp_test 8453096ebf Properly process the "Availablein" keyword for evp_test e2e5abe47a Prevent an infinite recursion when the query cache is flushed. f06cf3c414 The query cache has been updated to not depend on RAND_bytes being available. 59b2cb2638 Use allow_early_data_cb from SSL instead of SSL_CTX 0c789f59f1 Fix warning C4164 in MSVC. 7408f6759f make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA a672a02a64 Add gcm ciphers (aes and aria) to providers. f5b7f99e69 Temporary workaround for ectest.c for [extended tests] 189dbdd994 ERR: fix err_data_size inconsistencies faa9dcd4d4 Rename X509_STORE ptr stored in opaque struct X509_STORE_CTX e870791a4d Add evp_util macros 8c00f267b8 CAdES : lowercase name for now internal methods. CAdES : rework CAdES signing API. Make it private, as it is unused outside library bounds. Fix varous doc-nits. faea3bd133 Document recent changes in NEWS and CHANGES 02c163ea89 Check for NULL return from zalloc in dh_dupctx. c361297046 Avoid using ERR_put_error() directly in OpenSSL code 036913b107 Adapt the FIPS provider to use the new core error functions 49c6434673 Refactor provider support for reporting errors add8c8e964 ERR: Remove ERR_put_func_error() and reimplement ERR_put_error() as a macro ed57f7f935 ERR: Implement the macros ERR_raise() and ERR_raise_data() and use them 7c0e20dc6f ERR: Add new building blocks for reporting errors 8a4dc425cc ERR: refactor useful inner macros to err_locl.h. Add function name field e039ca38c8 Move some macros from include/openssl/opensslconf.h.in, add OPENSSL_FUNC
[openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ec_nistp_64_gcc_128
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ec_nistp_64_gcc_128 Commit log since last time: 9c5ef4ea48 Eliminate unused buffers from ssl3_change_cipher_state d072eea2e3 Remove unused variables from tls1_change_cipher_state 51adf14a94 make update _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
