[openssl] master update
The branch master has been updated via f643deac417a3ccb27f77670bb2b136de49079d9 (commit) from e2f5081116d8b3dadd602fcf611bc6584ab395f7 (commit) - Log - commit f643deac417a3ccb27f77670bb2b136de49079d9 Author: Daniel Axtens Date: Mon Mar 18 10:22:44 2019 +1100 PPC assembly pack: fix copy-paste error in CTR mode There are two copy-paste errors in handling CTR mode. When dealing with a 2 or 3 block tail, the code branches to the CBC decryption exit path, rather than to the CTR exit path. This can lead to data corruption: in the Linux kernel we have a copy of this file, and the bug leads to corruption of the IV, which leads to data corruption when we call the encryption function again later to encrypt subsequent blocks. Originally reported to the Linux kernel by Ondrej Mosnáček CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8510) --- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index ce3fae0..44056e3 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -1829,7 +1829,7 @@ Lctr32_enc8x_three: stvx_u $out1,$x10,$out stvx_u $out2,$x20,$out addi$out,$out,0x30 - b Lcbc_dec8x_done + b Lctr32_enc8x_done .align 5 Lctr32_enc8x_two: @@ -1841,7 +1841,7 @@ Lctr32_enc8x_two: stvx_u $out0,$x00,$out stvx_u $out1,$x10,$out addi$out,$out,0x20 - b Lcbc_dec8x_done + b Lctr32_enc8x_done .align 5 Lctr32_enc8x_one:
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 253d76 EVP_PBE_scrypt() handles salt=NULL as salt="" f7f2a55aee test/params_api_test.c: fix size_t assumptions 16161a30f2 Update to xenial 52eb5b7ca4 Configurations/windows-makefile.tmpl: small fixes 4acd79ff46 Guard some SM2 functions with OPENSSL_NO_SM2 c37e635065 trace: update the documentation fe50e11571 trace: ensure correct grouping 13d06925e8 trace: don't leak the line prefix 5afb177c3c trace: rename the trace channel types e474a286f5 trace: remove some magic numbers 355417eb46 VMS: only use the high precision on VMS v8.4 and up Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. ok ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13alerts.t .. ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... ok ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_bio_memleak.t .. ok ../../openssl/test/recipes/90-test_constant_time.t ok ../../openssl
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5dcfd6c50a216f81bf43e1f21bc5f3fc517ba47a (commit) from 87d9429c7e8b2fd4396e0ad9e60351be467b5c96 (commit) - Log - commit 5dcfd6c50a216f81bf43e1f21bc5f3fc517ba47a Author: Daniel Axtens Date: Mon Mar 18 10:22:44 2019 +1100 PPC assembly pack: fix copy-paste error in CTR mode There are two copy-paste errors in handling CTR mode. When dealing with a 2 or 3 block tail, the code branches to the CBC decryption exit path, rather than to the CTR exit path. This can lead to data corruption: in the Linux kernel we have a copy of this file, and the bug leads to corruption of the IV, which leads to data corruption when we call the encryption function again later to encrypt subsequent blocks. Originally reported to the Linux kernel by Ondrej Mosnáček CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8510) (cherry picked from commit f643deac417a3ccb27f77670bb2b136de49079d9) --- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index 488b133..b8dd42d 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -1829,7 +1829,7 @@ Lctr32_enc8x_three: stvx_u $out1,$x10,$out stvx_u $out2,$x20,$out addi$out,$out,0x30 - b Lcbc_dec8x_done + b Lctr32_enc8x_done .align 5 Lctr32_enc8x_two: @@ -1841,7 +1841,7 @@ Lctr32_enc8x_two: stvx_u $out0,$x00,$out stvx_u $out1,$x10,$out addi$out,$out,0x20 - b Lcbc_dec8x_done + b Lctr32_enc8x_done .align 5 Lctr32_enc8x_one:
Still Failing: openssl/openssl#24109 (OpenSSL_1_1_1-stable - 5dcfd6c)
Build Update for openssl/openssl - Build: #24109 Status: Still Failing Duration: 16 mins and 17 secs Commit: 5dcfd6c (OpenSSL_1_1_1-stable) Author: Daniel Axtens Message: PPC assembly pack: fix copy-paste error in CTR mode There are two copy-paste errors in handling CTR mode. When dealing with a 2 or 3 block tail, the code branches to the CBC decryption exit path, rather than to the CTR exit path. This can lead to data corruption: in the Linux kernel we have a copy of this file, and the bug leads to corruption of the IV, which leads to data corruption when we call the encryption function again later to encrypt subsequent blocks. Originally reported to the Linux kernel by Ondrej Mosnáček CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8510) (cherry picked from commit f643deac417a3ccb27f77670bb2b136de49079d9) View the changeset: https://github.com/openssl/openssl/compare/87d9429c7e8b...5dcfd6c50a21 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/507774812?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build failed: openssl master.23514
Build openssl master.23514 failed Commit ef622293a8 by Dr. Matthias St. Pierre on 3/18/2019 10:43 AM: Configure: untabify indentation Configure your notification preferences
[openssl] master update
The branch master has been updated via c13d2ab439a9dcbbf22ef85a00603142b0a37779 (commit) via a383083194b882a904ae66fcf74ebc348602407c (commit) via 7bb19a0f950dd87607133d526e31a083f35921fd (commit) from f643deac417a3ccb27f77670bb2b136de49079d9 (commit) - Log - commit c13d2ab439a9dcbbf22ef85a00603142b0a37779 Author: Richard Levitte Date: Fri Feb 8 17:01:56 2019 +0100 Add generic EVP method fetcher This is an interface between Core dispatch table fetching and EVP_{method}_fetch(). All that's needed from the diverse method fetchers are the functions to create a method structure from a dispatch table, a function that ups the method reference counter and a function to free the method (in case of failure). This routine is internal to the EVP API andis therefore only made accessible within crypto/evp, by including evp_locl.h Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8341) commit a383083194b882a904ae66fcf74ebc348602407c Author: Richard Levitte Date: Thu Mar 14 21:51:50 2019 +0100 Replumbing: better reference counter control in ossl_method_construct() Fully assume that the method constructors use reference counting. Otherwise, we may leak memory, or loose track and do a double free. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8341) commit 7bb19a0f950dd87607133d526e31a083f35921fd Author: Richard Levitte Date: Wed Mar 13 11:12:00 2019 +0100 Replumbing: pass callback data to the algo destructor too All relevant OSSL_METHOD_CONSTRUCT_METHOD callbacks got the callback data passed to them, except 'destruct'. There's no reason why it shouldn't get that pointer passed, so we make a small adjustment. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8341) --- Summary of changes: crypto/core_fetch.c | 32 ++-- crypto/evp/build.info | 4 + crypto/evp/evp_fetch.c | 197 +++ crypto/evp/evp_locl.h | 12 +- doc/internal/man3/evp_generic_fetch.pod | 232 doc/internal/man3/ossl_method_construct.pod | 14 +- include/internal/core.h | 2 +- 7 files changed, 478 insertions(+), 15 deletions(-) create mode 100644 crypto/evp/evp_fetch.c create mode 100644 doc/internal/man3/evp_generic_fetch.pod diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index d2d7766..d38e132 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -39,25 +39,33 @@ static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) data->mcm_data)) == NULL) continue; +/* + * Note regarding putting the method in stores: + * + * we don't need to care if it actually got in or not here. + * If it didn't get in, it will simply not be available when + * ossl_method_construct() tries to get it from the store. + * + * It is *expected* that the put function increments the refcnt + * of the passed method. + */ + if (data->force_store || !no_store) { /* * If we haven't been told not to store, * add to the global store */ -if (!data->mcm->put(data->libctx, NULL, -thismap->property_definition, -method, data->mcm_data)) { -data->mcm->destruct(method); -continue; -} +data->mcm->put(data->libctx, NULL, + thismap->property_definition, + method, data->mcm_data); } -if (!data->mcm->put(data->libctx, data->store, -thismap->property_definition, -method, data->mcm_data)) { -data->mcm->destruct(method); -continue; -} +data->mcm->put(data->libctx, data->store, + thismap->property_definition, + method, data->mcm_data); + +/* refcnt-- because we're dropping the reference */ +data->mcm->destruct(method, data->mcm_data); } return 1; diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 862afa8..10ba3a3 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -16,6 +16,10 @@ SOURCE[../../libcrypto]=\ e_chacha20_poly1305.c cmeth_lib.c \ mac_lib.c c_allm.c pkey_mac.c +# New design +SOURCE[../../libcrypto]=\ + evp_fetch.c + INCLUDE[e_aes.o]=.. ../modes INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes INCLU
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-sm2
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: 253d76 EVP_PBE_scrypt() handles salt=NULL as salt="" f7f2a55aee test/params_api_test.c: fix size_t assumptions 16161a30f2 Update to xenial 52eb5b7ca4 Configurations/windows-makefile.tmpl: small fixes 4acd79ff46 Guard some SM2 functions with OPENSSL_NO_SM2 c37e635065 trace: update the documentation fe50e11571 trace: ensure correct grouping 13d06925e8 trace: don't leak the line prefix 5afb177c3c trace: rename the trace channel types e474a286f5 trace: remove some magic numbers 355417eb46 VMS: only use the high precision on VMS v8.4 and up
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-sm3
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: 253d76 EVP_PBE_scrypt() handles salt=NULL as salt="" f7f2a55aee test/params_api_test.c: fix size_t assumptions 16161a30f2 Update to xenial 52eb5b7ca4 Configurations/windows-makefile.tmpl: small fixes 4acd79ff46 Guard some SM2 functions with OPENSSL_NO_SM2 c37e635065 trace: update the documentation fe50e11571 trace: ensure correct grouping 13d06925e8 trace: don't leak the line prefix 5afb177c3c trace: rename the trace channel types e474a286f5 trace: remove some magic numbers 355417eb46 VMS: only use the high precision on VMS v8.4 and up
Build failed: openssl master.23516
Build openssl master.23516 failed Commit 17a5630954 by David von Oheimb on 3/13/2019 11:25 AM: add parentheses in conditional _expression_ in v3_akey.c as requested by reviewer Configure your notification preferences
Build failed: openssl master.23517
Build openssl master.23517 failed Commit a2bde4a6e3 by Matt Caswell on 3/13/2019 5:26 PM: Implement SHA256 in the default provider Configure your notification preferences
[openssl] master update
The branch master has been updated via 5743d1268d455859ed94be8749c4aaac6333c01b (commit) via 0742eb9f6675e2dde7b437f3d6d9aa37e7a5919e (commit) via 86afd005fb8184e37c41d85128a01b58ac152d60 (commit) via a4c467c96aeae3d52e2f16b8b829749ed6c55fe7 (commit) from c13d2ab439a9dcbbf22ef85a00603142b0a37779 (commit) - Log - commit 5743d1268d455859ed94be8749c4aaac6333c01b Author: David von Oheimb Date: Fri May 11 14:52:51 2018 +0200 add 'Signature Value:' line and correct indentation when printing X.509 signature value Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6226) commit 0742eb9f6675e2dde7b437f3d6d9aa37e7a5919e Author: David von Oheimb Date: Fri May 11 12:01:49 2018 +0200 update reference output of test_x509 in test/certs/cyrillic.* Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6226) commit 86afd005fb8184e37c41d85128a01b58ac152d60 Author: David von Oheimb Date: Mon Jan 29 16:58:07 2018 +0100 remove 'keyid:' when printing simple X509 authority keyID (without issuer and serial) Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6226) commit a4c467c96aeae3d52e2f16b8b829749ed6c55fe7 Author: David von Oheimb Date: Mon Jan 29 16:54:40 2018 +0100 remove needless empty lines when printing certificates Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6226) --- Summary of changes: crypto/dsa/dsa_ameth.c | 2 ++ crypto/rsa/rsa_ameth.c | 2 +- crypto/x509/t_x509.c | 15 +-- crypto/x509v3/v3_akey.c | 2 +- crypto/x509v3/v3_alt.c | 1 - crypto/x509v3/v3_cpols.c | 21 ++--- crypto/x509v3/v3_crld.c | 6 -- crypto/x509v3/v3_ncons.c | 5 - crypto/x509v3/v3_pci.c | 3 +-- crypto/x509v3/v3_prn.c | 7 --- test/certs/cyrillic.msb | 34 +- test/certs/cyrillic.utf8 | 34 +- test/certs/cyrillic_crl.utf8 | 31 --- 13 files changed, 90 insertions(+), 73 deletions(-) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index f28021d..756ee74 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -458,6 +458,8 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, DSA_SIG_free(dsa_sig); return rv; } +if (BIO_puts(bp, "\n") <= 0) +return 0; return X509_signature_dump(bp, sig, indent); } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index c6ae8a4..139415e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -447,7 +447,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, RSA_PSS_PARAMS_free(pss); if (!rv) return 0; -} else if (!sig && BIO_puts(bp, "\n") <= 0) { +} else if (BIO_puts(bp, "\n") <= 0) { return 0; } if (sig) diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 29e2093..3367228 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -284,7 +284,7 @@ int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) s = sig->data; for (i = 0; i < n; i++) { if ((i % 18) == 0) { -if (BIO_write(bp, "\n", 1) <= 0) +if (i > 0 && BIO_write(bp, "\n", 1) <= 0) return 0; if (BIO_indent(bp, indent, indent) <= 0) return 0; @@ -302,11 +302,14 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig) { int sig_nid; -if (BIO_puts(bp, "Signature Algorithm: ") <= 0) +int indent = 4; +if (BIO_printf(bp, "%*sSignature Algorithm: ", indent, "") <= 0) return 0; if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; +if (sig && BIO_printf(bp, "\n%*sSignature Value:", indent, "") <= 0) +return 0; sig_nid = OBJ_obj2nid(sigalg->algorithm); if (sig_nid != NID_undef) { int pkey_nid, dig_nid; @@ -314,13 +317,13 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); if (ameth && ameth->sig_print) -return ameth->sig_print(bp, sigalg, sig, 9, 0); +return ameth->sig_print(bp, sigalg, sig, indent + 4, 0); } } -if (sig) -return X509_signature_dump(bp, sig, 9); -else if (BIO_puts(bp, "\n") <= 0) +if (BIO_write(bp, "\n", 1) !=
Failed: mspncp/openssl#549 (msp-github-1737-first-pr - eaea759)
Build Update for mspncp/openssl - Build: #549 Status: Failed Duration: 48 mins and 25 secs Commit: eaea759 (msp-github-1737-first-pr) Author: Dr. Matthias St. Pierre Message: Fix leak of secrecy in ecdh_compute_key() A temporary buffer containing g^xy was not cleared in ecdh_compute_key() before freeing it, so the shared secret was leaked in memory. View the changeset: https://github.com/mspncp/openssl/commit/eaea7595dd17 View the full build log and details: https://travis-ci.org/mspncp/openssl/builds/507974636?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the mspncp/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=17377011&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 1ff2c992c24c330c0d40708b4169b862563d6aab (commit) from 5743d1268d455859ed94be8749c4aaac6333c01b (commit) - Log - commit 1ff2c992c24c330c0d40708b4169b862563d6aab Author: Bernd Edlinger Date: Sun Mar 17 09:48:15 2019 +0100 Clear the secret point in ecdh_simple_compute_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8501) --- Summary of changes: crypto/ec/ecdh_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index 40a564f..b63cab9 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -112,7 +112,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, ret = 1; err: -EC_POINT_free(tmp); +EC_POINT_clear_free(tmp); if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx);
[openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via c5bc42d7a131cf7a6a2ebd97a7a4a559d01af0f9 (commit) from 7ebbb293e1d68c014e50dc49944aba0b72f35074 (commit) - Log - commit c5bc42d7a131cf7a6a2ebd97a7a4a559d01af0f9 Author: Bernd Edlinger Date: Sun Mar 17 09:48:15 2019 +0100 Clear the secret point in ecdh_simple_compute_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8501) (cherry picked from commit 1ff2c992c24c330c0d40708b4169b862563d6aab) --- Summary of changes: crypto/ec/ecdh_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index a865145..2d620cb 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -138,7 +138,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, ret = 1; err: -EC_POINT_free(tmp); +EC_POINT_clear_free(tmp); if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 18c1f9997aa57756015e9790a987cc3a27901c72 (commit) from 5dcfd6c50a216f81bf43e1f21bc5f3fc517ba47a (commit) - Log - commit 18c1f9997aa57756015e9790a987cc3a27901c72 Author: Bernd Edlinger Date: Sun Mar 17 09:48:15 2019 +0100 Clear the secret point in ecdh_simple_compute_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8501) (cherry picked from commit 1ff2c992c24c330c0d40708b4169b862563d6aab) --- Summary of changes: crypto/ec/ecdh_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index bd93793..254a1dc 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -112,7 +112,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, ret = 1; err: -EC_POINT_free(tmp); +EC_POINT_clear_free(tmp); if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx);
[openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via dbf71ae457dfa5632518612b58efccd40f528f26 (commit) from 6555a8941bd6be5790d3b45c41de23234a8e527f (commit) - Log - commit dbf71ae457dfa5632518612b58efccd40f528f26 Author: Bernd Edlinger Date: Sun Mar 17 10:02:07 2019 +0100 Clear the secret point in ecdh_compute_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8502) --- Summary of changes: crypto/ecdh/ech_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index d3b0524..8b69ce5 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -207,7 +207,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, err: if (tmp) -EC_POINT_free(tmp); +EC_POINT_clear_free(tmp); if (ctx) BN_CTX_end(ctx); if (ctx)
[openssl] master update
The branch master has been updated via 8a74bb5c7becbd7492f4445b852602c3e88ba143 (commit) from 1ff2c992c24c330c0d40708b4169b862563d6aab (commit) - Log - commit 8a74bb5c7becbd7492f4445b852602c3e88ba143 Author: Bernd Edlinger Date: Sun Mar 17 17:28:24 2019 +0100 Clear the point S before freeing in ec_scalar_mul_ladder The secret point R can be recovered from S using the equation R = S - P. The X and Z coordinates should be sufficient for that. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8504) --- Summary of changes: crypto/ec/ec_mult.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 9b0aac2..c76c528 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -378,7 +378,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, err: EC_POINT_free(p); -EC_POINT_free(s); +EC_POINT_clear_free(s); BN_CTX_end(ctx); return ret;
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 202f7c56597eb6f57eba1ea31503a734e5fbf930 (commit) from 18c1f9997aa57756015e9790a987cc3a27901c72 (commit) - Log - commit 202f7c56597eb6f57eba1ea31503a734e5fbf930 Author: Bernd Edlinger Date: Sun Mar 17 17:28:24 2019 +0100 Clear the point S before freeing in ec_scalar_mul_ladder The secret point R can be recovered from S using the equation R = S - P. The X and Z coordinates should be sufficient for that. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8504) (cherry picked from commit 8a74bb5c7becbd7492f4445b852602c3e88ba143) --- Summary of changes: crypto/ec/ec_mult.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 0e0a5e1..f8832e9 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -378,7 +378,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, err: EC_POINT_free(p); -EC_POINT_free(s); +EC_POINT_clear_free(s); BN_CTX_end(ctx); return ret;
[openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 502b871ad4eacc96a31f89d9a9470ca2858da998 (commit) from c5bc42d7a131cf7a6a2ebd97a7a4a559d01af0f9 (commit) - Log - commit 502b871ad4eacc96a31f89d9a9470ca2858da998 Author: Bernd Edlinger Date: Sun Mar 17 17:28:24 2019 +0100 Clear the point S before freeing in ec_mul_consttime The secret point R can be recovered from S using the equation R = S - P. The X and Z coordinates should be sufficient for that. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8505) --- Summary of changes: crypto/ec/ec_mult.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 8350082..47c0fc0 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -325,7 +325,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, ret = 1; err: -EC_POINT_free(s); +EC_POINT_clear_free(s); BN_CTX_end(ctx); BN_CTX_free(new_ctx);
[openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 94eb7d07c0c14bf18bd3a4e4d6c1ef1e6633d447 (commit) from dbf71ae457dfa5632518612b58efccd40f528f26 (commit) - Log - commit 94eb7d07c0c14bf18bd3a4e4d6c1ef1e6633d447 Author: Bernd Edlinger Date: Sun Mar 17 17:28:24 2019 +0100 Clear the point S before freeing in ec_mul_consttime The secret point R can be recovered from S using the equation R = S - P. The X and Z coordinates should be sufficient for that. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8505) (cherry picked from commit 502b871ad4eacc96a31f89d9a9470ca2858da998) --- Summary of changes: crypto/ec/ec_mult.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index da71526..fce8882 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -519,7 +519,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, ret = 1; err: -EC_POINT_free(s); +EC_POINT_clear_free(s); BN_CTX_end(ctx); BN_CTX_free(new_ctx);
Still Failing: openssl/openssl#24128 (OpenSSL_1_1_1-stable - 18c1f99)
Build Update for openssl/openssl - Build: #24128 Status: Still Failing Duration: 25 mins and 36 secs Commit: 18c1f99 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Clear the secret point in ecdh_simple_compute_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8501) (cherry picked from commit 1ff2c992c24c330c0d40708b4169b862563d6aab) View the changeset: https://github.com/openssl/openssl/compare/5dcfd6c50a21...18c1f9997aa5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/508101110?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#24132 (OpenSSL_1_1_1-stable - 202f7c5)
Build Update for openssl/openssl - Build: #24132 Status: Still Failing Duration: 25 mins and 50 secs Commit: 202f7c5 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Clear the point S before freeing in ec_scalar_mul_ladder The secret point R can be recovered from S using the equation R = S - P. The X and Z coordinates should be sufficient for that. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8504) (cherry picked from commit 8a74bb5c7becbd7492f4445b852602c3e88ba143) View the changeset: https://github.com/openssl/openssl/compare/18c1f9997aa5...202f7c56597e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/508105654?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 529586085e38487d45974817d4f3ff40f30e19f6 (commit) from 8a74bb5c7becbd7492f4445b852602c3e88ba143 (commit) - Log - commit 529586085e38487d45974817d4f3ff40f30e19f6 Author: David von Oheimb Date: Tue Mar 19 09:35:03 2019 +1000 Add -new and -subj options to x509 app for direct cert generation Complete and improve error output of parse_name() in apps/apps.c Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8193) --- Summary of changes: apps/apps.c | 17 +++ apps/x509.c | 72 +++-- doc/man1/x509.pod | 26 test/recipes/25-test_x509.t | 21 - 4 files changed, 113 insertions(+), 23 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 06b5434..8921c18 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1623,8 +1623,10 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) if (n == NULL) return NULL; work = OPENSSL_strdup(cp); -if (work == NULL) +if (work == NULL) { +BIO_printf(bio_err, "%s: Error copying name input\n", opt_getprog()); goto err; +} while (*cp) { char *bp = work; @@ -1639,7 +1641,7 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) *bp++ = *cp++; if (*cp == '\0') { BIO_printf(bio_err, -"%s: Hit end of string before finding the equals.\n", +"%s: Hit end of string before finding the '='\n", opt_getprog()); goto err; } @@ -1655,8 +1657,8 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) } if (*cp == '\\' && *++cp == '\0') { BIO_printf(bio_err, -"%s: escape character at end of string\n", -opt_getprog()); + "%s: escape character at end of string\n", + opt_getprog()); goto err; } } @@ -1670,7 +1672,7 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) nid = OBJ_txt2nid(typestr); if (nid == NID_undef) { BIO_printf(bio_err, "%s: Skipping unknown attribute \"%s\"\n", - opt_getprog(), typestr); + opt_getprog(), typestr); continue; } if (*valstr == '\0') { @@ -1681,8 +1683,11 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, valstr, strlen((char *)valstr), --1, ismulti ? -1 : 0)) +-1, ismulti ? -1 : 0)) { +BIO_printf(bio_err, "%s: Error adding name attribute \"/%s=%s\"\n", + opt_getprog(), typestr ,valstr); goto err; +} } OPENSSL_free(work); diff --git a/apps/x509.c b/apps/x509.c index e4d5e07..3a5d561 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -49,8 +49,8 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM, OPT_CAKEYFORM, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE, -OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA, -OPT_CAKEY, OPT_CASERIAL, OPT_SET_SERIAL, OPT_FORCE_PUBKEY, +OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA, OPT_CAKEY, +OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ, OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT, OPT_C, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL, OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH, @@ -132,7 +132,9 @@ const OPTIONS x509_options[] = { {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, +{"new", OPT_NEW, '-', "Generate a certificate from scratch"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the key to put inside certificate"}, +{"subj", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)"}, {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, {"clrreject", OPT_CLRREJECT, '-', "Clears all the prohibited or rejected uses of the certificate"}, @@ -158,6 +160,11 @@ int x509_main(int argc, char **argv) BIO *out = NULL; CONF *extconf = NULL; EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL; +int newcert = 0; +char *subj = NULL; +X509_
[openssl] master update
The branch master has been updated via 16bfe6cee0853bd340e270f2deda6000ea6eeaa9 (commit) from 529586085e38487d45974817d4f3ff40f30e19f6 (commit) - Log - commit 16bfe6cee0853bd340e270f2deda6000ea6eeaa9 Author: Richard Levitte Date: Tue Mar 19 06:52:15 2019 +0100 doc/man3/OSSL_PARAM_TYPE.pod: modify Example 2 to allow unspecified params A parameter requestor is never obligated to ask for all available parameters on an object. Unfortunately, Example 2 showed a code pattern that introduced such an obligation, and therefore needed a small adjustment. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8523) --- Summary of changes: doc/man3/OSSL_PARAM_TYPE.pod | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/man3/OSSL_PARAM_TYPE.pod b/doc/man3/OSSL_PARAM_TYPE.pod index c4ca37a..2842eae 100644 --- a/doc/man3/OSSL_PARAM_TYPE.pod +++ b/doc/man3/OSSL_PARAM_TYPE.pod @@ -272,7 +272,9 @@ This example is for setting parameters on some object: =head2 Example 2 -This example is for requesting parameters on some object: +This example is for requesting parameters on some object, and also +demonstrates that the requestor isn't obligated to request all +available parameters: const char *foo = NULL; size_t foo_l; @@ -289,8 +291,14 @@ could fill in the parameters like this: /* const OSSL_PARAM *params */ -OSSL_PARAM_set_utf8_ptr(OSSL_PARAM_locate(params, "foo"), "foo value"); -OSSL_PARAM_set_utf8_string(OSSL_PARAM_locate(params, "bar"), "bar value"); +const OSSL_PARAM *p; + +if ((p = OSSL_PARAM_locate(params, "foo")) == NULL) +OSSL_PARAM_set_utf8_ptr(p, "foo value"); +if ((p = OSSL_PARAM_locate(params, "bar")) == NULL) +OSSL_PARAM_set_utf8_ptr(p, "bar value"); +if ((p = OSSL_PARAM_locate(params, "cookie")) == NULL) +OSSL_PARAM_set_utf8_ptr(p, "cookie value"); =head1 SEE ALSO
[openssl] master update
The branch master has been updated via 226f2bf191ba8c2b33749ddc80c9ace051bebf80 (commit) from 16bfe6cee0853bd340e270f2deda6000ea6eeaa9 (commit) - Log - commit 226f2bf191ba8c2b33749ddc80c9ace051bebf80 Author: Benjamin Kaduk Date: Thu Mar 14 12:55:03 2019 -0500 Fix strict-warnings build on FreeBSD The 'key' member of the (system-defined!) struct session op is of type c_caddr_t, which can be (signed) char, so inter-casting with the unsigned char* input to cipher_init() causes -Wpointer-sign errors, and we can't change the signature of cipher_init() due to the function pointer type required by EVP_CIPHER_meth_set_init(). As the least-bad option, introduce a void* cast to quell the following warning: engines/e_devcrypto.c:356:36: error: passing 'c_caddr_t' (aka 'const char *') to parameter of type 'const unsigned char *' converts between pointers to integer types with different sign [-Werror,-Wpointer-sign] return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), ^~~~ engines/e_devcrypto.c:191:66: note: passing argument to parameter 'key' here static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8509) --- Summary of changes: engines/e_devcrypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index c0b0d1e..b1e8709 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -353,7 +353,7 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) to_cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx); memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess)); -return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), +return cipher_init(to_ctx, (void *)cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), (cipher_ctx->op == COP_ENCRYPT)); case EVP_CTRL_INIT:
[openssl] master update
The branch master has been updated via ce1415ed2ce15305356cd028bcf7b9bc688d6d5c (commit) from 226f2bf191ba8c2b33749ddc80c9ace051bebf80 (commit) - Log - commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c Author: Shane Lontis Date: Tue Mar 19 09:58:09 2019 +1000 Added NULL check to BN_clear() & BN_CTX_end() Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8518) --- Summary of changes: crypto/bn/bn_ctx.c | 2 ++ crypto/bn/bn_lib.c | 2 ++ crypto/bn/bn_prime.c | 3 +-- crypto/dh/dh_check.c | 18 ++ crypto/dh/dh_gen.c | 6 ++ crypto/dh/dh_key.c | 6 ++ crypto/dsa/dsa_gen.c | 6 ++ crypto/ec/ec2_smpl.c | 3 +-- crypto/ec/ec_lib.c | 3 +-- crypto/ec/ec_mult.c | 3 +-- crypto/ec/ecdh_ossl.c| 3 +-- crypto/ec/ecp_nistz256.c | 3 +-- crypto/ec/ecp_smpl.c | 6 ++ crypto/rsa/rsa_gen.c | 3 +-- crypto/rsa/rsa_ossl.c| 12 crypto/rsa/rsa_x931g.c | 6 ++ 16 files changed, 31 insertions(+), 54 deletions(-) diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 9e908bf..62e29b5 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -184,6 +184,8 @@ void BN_CTX_start(BN_CTX *ctx) void BN_CTX_end(BN_CTX *ctx) { +if (ctx == NULL) +return; CTXDBG("ENTER BN_CTX_end()", ctx); if (ctx->err_stack) ctx->err_stack--; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 6de17c3..17293ed 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -338,6 +338,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) void BN_clear(BIGNUM *a) { +if (a == NULL) +return; bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 7a87b97..2c9f89d 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -170,8 +170,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, found = 1; err: OPENSSL_free(mods); -if (ctx != NULL) -BN_CTX_end(ctx); +BN_CTX_end(ctx); BN_CTX_free(ctx); bn_check_top(ret); return found; diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 31332cd..cd7f70b 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -58,10 +58,8 @@ int DH_check_params(const DH *dh, int *ret) ok = 1; err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } @@ -171,10 +169,8 @@ int DH_check(const DH *dh, int *ret) } ok = 1; err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } @@ -225,9 +221,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) ok = 1; err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 4e4aeb3..1e5c7ca 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, ok = 0; } -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 58210fb..4b0b1f3 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) ret = BN_bn2bin(tmp, key); err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ret; } diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 2c42049..858f127 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (seed_out) memcpy(seed_out, seed, qsize); } -if (ctx) -BN_CTX_end(ctx); +BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); return ok; @@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, OPENSSL_free(seed); if (seed_out != seed_tmp) OPENSSL_free(seed_tmp); -if (ctx) -BN_CTX_end(ctx); +BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); EVP_MD_CTX_free(mctx); diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 7bd2a63..ebd6f21 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -204,8 +204,7 @@ int ec_GF2m_simple_group_check_dis
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via c8a9fa6910c3cb6e9b5f8eb029eb6fc80dfc9cfe (commit) from 202f7c56597eb6f57eba1ea31503a734e5fbf930 (commit) - Log - commit c8a9fa6910c3cb6e9b5f8eb029eb6fc80dfc9cfe Author: Shane Lontis Date: Tue Mar 19 09:58:09 2019 +1000 Added NULL check to BN_clear() & BN_CTX_end() Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8518) (cherry picked from commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c) --- Summary of changes: crypto/bn/bn_ctx.c | 2 ++ crypto/bn/bn_lib.c | 2 ++ crypto/bn/bn_prime.c | 3 +-- crypto/dh/dh_check.c | 18 ++ crypto/dh/dh_gen.c | 6 ++ crypto/dh/dh_key.c | 6 ++ crypto/dsa/dsa_gen.c | 6 ++ crypto/ec/ec2_smpl.c | 3 +-- crypto/ec/ec_lib.c | 3 +-- crypto/ec/ec_mult.c | 3 +-- crypto/ec/ecdh_ossl.c| 3 +-- crypto/ec/ecp_nistz256.c | 3 +-- crypto/ec/ecp_smpl.c | 6 ++ crypto/rsa/rsa_gen.c | 3 +-- crypto/rsa/rsa_ossl.c| 12 crypto/rsa/rsa_x931g.c | 6 ++ 16 files changed, 31 insertions(+), 54 deletions(-) diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 54b7999..90cecea 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx) void BN_CTX_end(BN_CTX *ctx) { +if (ctx == NULL) +return; CTXDBG_ENTRY("BN_CTX_end", ctx); if (ctx->err_stack) ctx->err_stack--; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 8286b38..f93bbcf 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -338,6 +338,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) void BN_clear(BIGNUM *a) { +if (a == NULL) +return; bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index b91b31b..236b711 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -135,8 +135,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, found = 1; err: OPENSSL_free(mods); -if (ctx != NULL) -BN_CTX_end(ctx); +BN_CTX_end(ctx); BN_CTX_free(ctx); bn_check_top(ret); return found; diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index fc45577..52cc0eb 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -58,10 +58,8 @@ int DH_check_params(const DH *dh, int *ret) ok = 1; err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } @@ -171,10 +169,8 @@ int DH_check(const DH *dh, int *ret) } ok = 1; err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } @@ -225,9 +221,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) ok = 1; err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 59137e0..b115028 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, ok = 0; } -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 4f85be7..182ce32 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) ret = BN_bn2bin(tmp, key); err: -if (ctx != NULL) { -BN_CTX_end(ctx); -BN_CTX_free(ctx); -} +BN_CTX_end(ctx); +BN_CTX_free(ctx); return ret; } diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 383d853..30b20bb 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (seed_out) memcpy(seed_out, seed, qsize); } -if (ctx) -BN_CTX_end(ctx); +BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); return ok; @@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, OPENSSL_free(seed); if (seed_out != seed_tmp) OPENSSL_free(seed_tmp); -if (ctx) -BN_CTX_end(ctx); +BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); EVP_MD_CTX_free(mctx); diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 0a05a7a..898e741 100644 --- a/crypto/ec/ec
[openssl] master update
The branch master has been updated via 93b1e74cbeaf117658dd1dfc868bd70d9f7ffc65 (commit) from ce1415ed2ce15305356cd028bcf7b9bc688d6d5c (commit) - Log - commit 93b1e74cbeaf117658dd1dfc868bd70d9f7ffc65 Author: Richard Levitte Date: Sat Mar 16 12:07:35 2019 +0100 Fix no-posix-io 'openssl pkeyutl' uses stat() to determine the file size when signing using Ed25519/Ed448, and this was guarded with OPENSSL_NO_POSIX_IO. It is however arguable if stat() is a POSIX IO function, considering that it doesn't use file descriptors, and even more so since we use stat() elsewhere without that guard. This will allow test/recipes/20-test_pkeyutl.t to be able to do its work for Ed25519/Ed448 signature tests. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8498) --- Summary of changes: apps/pkeyutl.c | 9 ++--- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 0c27589..7f1e621 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -13,9 +13,7 @@ #include #include #include -#ifndef OPENSSL_NO_POSIX_IO -# include -#endif +#include #define KEY_NONE0 #define KEY_PRIVKEY 1 @@ -348,15 +346,12 @@ int pkeyutl_main(int argc, char **argv) if (pkey_op != EVP_PKEY_OP_DERIVE) { in = bio_open_default(infile, 'r', FORMAT_BINARY); -#ifndef OPENSSL_NO_POSIX_IO -if (infile != NULL) -{ +if (infile != NULL) { struct stat st; if (stat(infile, &st) == 0 && st.st_size <= INT_MAX) filesize = (int)st.st_size; } -#endif if (in == NULL) goto end; }
[openssl] master update
The branch master has been updated via 2864df8f9d3264e19b49a246e272fb513f4c1be3 (commit) from 93b1e74cbeaf117658dd1dfc868bd70d9f7ffc65 (commit) - Log - commit 2864df8f9d3264e19b49a246e272fb513f4c1be3 Author: Richard Levitte Date: Sat Mar 16 10:15:19 2019 +0100 Add missing '.text' in crypto/bn/asm/ppc.pl Fixes #8495 Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8496) --- Summary of changes: crypto/bn/asm/ppc.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl index f251e8e..21f6963 100644 --- a/crypto/bn/asm/ppc.pl +++ b/crypto/bn/asm/ppc.pl @@ -258,6 +258,7 @@ $data=<
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 0584ce737efd26aa82d659087fc9f081ef8e30c4 (commit) from c8a9fa6910c3cb6e9b5f8eb029eb6fc80dfc9cfe (commit) - Log - commit 0584ce737efd26aa82d659087fc9f081ef8e30c4 Author: Richard Levitte Date: Sat Mar 16 10:15:19 2019 +0100 Add missing '.text' in crypto/bn/asm/ppc.pl Fixes #8495 Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8496) (cherry picked from commit 2864df8f9d3264e19b49a246e272fb513f4c1be3) --- Summary of changes: crypto/bn/asm/ppc.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl index e370681..f43018a 100644 --- a/crypto/bn/asm/ppc.pl +++ b/crypto/bn/asm/ppc.pl @@ -258,6 +258,7 @@ $data=<
[openssl] master update
The branch master has been updated via 1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312 (commit) from 2864df8f9d3264e19b49a246e272fb513f4c1be3 (commit) - Log - commit 1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312 Author: Hua Zhang Date: Wed Mar 13 14:28:44 2019 +0800 Fix compiling error for mips32r6 and mips64r6 There are some compiling errors for mips32r6 and mips64r6: crypto/bn/bn-mips.S:56: Error: opcode not supported on this processor: mips2 (mips2) `mulu $1,$12,$7' crypto/mips_arch.h: Assembler messages: crypto/mips_arch.h:15: Error: junk at end of line, first unrecognized character is `&' Signed-off-by: Hua Zhang Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8464) --- Summary of changes: crypto/bn/asm/mips.pl | 2 +- crypto/mips_arch.h| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 51a4b5f..bff624d 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -88,7 +88,7 @@ if ($flavour =~ /64|n32/i) { $SZREG=4; $REG_S="sw"; $REG_L="lw"; - $code=".set mips2\n"; + $code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set mips2\n#endif\n"; } # Below is N32/64 register layout used in the original module. diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h index 0ac3bfa..df4ff7a 100644 --- a/crypto/mips_arch.h +++ b/crypto/mips_arch.h @@ -11,7 +11,7 @@ # define __MIPS_ARCH_H__ # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ - defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) + defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ && !defined(_MIPS_ARCH_MIPS32R2) # define _MIPS_ARCH_MIPS32R2 # endif
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 0d0d12b80456c81faef31fddb9d8e2ccacc2eece (commit) from 0584ce737efd26aa82d659087fc9f081ef8e30c4 (commit) - Log - commit 0d0d12b80456c81faef31fddb9d8e2ccacc2eece Author: Hua Zhang Date: Wed Mar 13 14:28:44 2019 +0800 Fix compiling error for mips32r6 and mips64r6 There are some compiling errors for mips32r6 and mips64r6: crypto/bn/bn-mips.S:56: Error: opcode not supported on this processor: mips2 (mips2) `mulu $1,$12,$7' crypto/mips_arch.h: Assembler messages: crypto/mips_arch.h:15: Error: junk at end of line, first unrecognized character is `&' Signed-off-by: Hua Zhang Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8464) (cherry picked from commit 1b9c5f2e2f283a3b12d02a89c11b8e8d97bc6312) --- Summary of changes: crypto/bn/asm/mips.pl | 2 +- crypto/mips_arch.h| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 3875132..8574e57 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -89,7 +89,7 @@ if ($flavour =~ /64|n32/i) { $SZREG=4; $REG_S="sw"; $REG_L="lw"; - $code=".set mips2\n"; + $code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set mips2\n#endif\n"; } # Below is N32/64 register layout used in the original module. diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h index 75043e7..6145f4d 100644 --- a/crypto/mips_arch.h +++ b/crypto/mips_arch.h @@ -11,7 +11,7 @@ # define __MIPS_ARCH_H__ # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ - defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) + defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ && !defined(_MIPS_ARCH_MIPS32R2) # define _MIPS_ARCH_MIPS32R2 # endif