date:20210913

[openssl] openssl-3.0 update

2021-09-13 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  566431716efab52b40cc3af6610ba831d5c1 (commit)
  from  de36ce47bf9858f3c517345f46e52d5a6fc506de (commit)


- Log -
commit 566431716efab52b40cc3af6610ba831d5c1
Author: Viktor Szakats 
Date:   Sun Aug 29 00:59:09 2021 +

convert tabs to spaces in two distributed Perl scripts

Also fix indentation in c_rehash.in to 4 spaces, where a mixture of 4 and 8
spaces was used before, in addition to tabs.

CLA: trivial

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16459)

(cherry picked from commit ea0d79db9be9066de350c44c160bd8b17f2be666)

---

Summary of changes:
 apps/tsget.in |  50 +-
 tools/c_rehash.in | 292 +++---
 2 files changed, 171 insertions(+), 171 deletions(-)

diff --git a/apps/tsget.in b/apps/tsget.in
index d87ea4d654..8eab6a8f1f 100644
--- a/apps/tsget.in
+++ b/apps/tsget.in
@@ -21,10 +21,10 @@ sub read_body {
 my $return_data = "";
 my $data_len = length ${$state->{data}};
 if ($state->{bytes} < $data_len) {
-   $data_len = $data_len - $state->{bytes};
-   $data_len = $maxlength if $data_len > $maxlength;
-   $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
-   $state->{bytes} += $data_len;
+$data_len = $data_len - $state->{bytes};
+$data_len = $maxlength if $data_len > $maxlength;
+$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+$state->{bytes} += $data_len;
 }
 return $return_data;
 }
@@ -53,8 +53,8 @@ sub create_curl {
 $curl->setopt(CURLOPT_UPLOAD, 1);
 $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
 $curl->setopt(CURLOPT_HTTPHEADER,
-   ["Content-Type: application/timestamp-query",
-   "Accept: 
application/timestamp-reply,application/timestamp-response"]);
+["Content-Type: application/timestamp-query",
+"Accept: application/timestamp-reply,application/timestamp-response"]);
 $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
 $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
 
@@ -63,8 +63,8 @@ sub create_curl {
 
 # SSL related options.
 $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
-$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);  # Verify server's certificate.
-$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);  # Check server's CN.
+$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);# Verify server's certificate.
+$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);# Check server's CN.
 $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
 $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
 $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
@@ -101,15 +101,15 @@ sub get_timestamp {
 my $error_string;
 if ($error_code != 0) {
 my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
-   $error_string = "could not get timestamp";
-   $error_string .= ", http code: $http_code" unless $http_code == 0;
-   $error_string .= ", curl code: $error_code";
-   $error_string .= " ($::error_buf)" if defined($::error_buf);
+$error_string = "could not get timestamp";
+$error_string .= ", http code: $http_code" unless $http_code == 0;
+$error_string .= ", curl code: $error_code";
+$error_string .= " ($::error_buf)" if defined($::error_buf);
 } else {
 my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
-   if (lc($ct) ne "application/timestamp-reply"
-   && lc($ct) ne "application/timestamp-response") {
-   $error_string = "unexpected content type returned: $ct";
+if (lc($ct) ne "application/timestamp-reply"
+&& lc($ct) ne "application/timestamp-response") {
+$error_string = "unexpected content type returned: $ct";
 }
 }
 return ($ts_body, $error_string);
@@ -163,15 +163,15 @@ REQUEST: foreach (@ARGV) {
 # Read request.
 my $body;
 if ($input eq "-") {
-   # Read the request from STDIN;
-   $body = ;
+# Read the request from STDIN;
+$body = ;
 } else {
-   # Read the request from file.
+# Read the request from file.
 open INPUT, "<" . $input
-   or warn("$input: could not open input file: $!\n"), next REQUEST;
+or warn("$input: could not open input file: $!\n"), next REQUEST;
 $body = ;
 close INPUT
-   or warn("$input: could not close input file: $!\n"), next REQUEST;
+or warn("$input: could not close input file: $!\n"), next REQUEST;
 }
 
 # Send request.
@@ -179,21 +179,21 @@ REQUEST: foreach (@ARGV) {
 
 my ($t

[openssl] master update

2021-09-13 Thread Dr . Paul Dale

The branch master has been updated
   via  ea0d79db9be9066de350c44c160bd8b17f2be666 (commit)
  from  6d56fcd86a75c6c3b061fc69bc2b3b100ebac24b (commit)


- Log -
commit ea0d79db9be9066de350c44c160bd8b17f2be666
Author: Viktor Szakats 
Date:   Sun Aug 29 00:59:09 2021 +

convert tabs to spaces in two distributed Perl scripts

Also fix indentation in c_rehash.in to 4 spaces, where a mixture of 4 and 8
spaces was used before, in addition to tabs.

CLA: trivial

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16459)

---

Summary of changes:
 apps/tsget.in |  50 +-
 tools/c_rehash.in | 292 +++---
 2 files changed, 171 insertions(+), 171 deletions(-)

diff --git a/apps/tsget.in b/apps/tsget.in
index d87ea4d654..8eab6a8f1f 100644
--- a/apps/tsget.in
+++ b/apps/tsget.in
@@ -21,10 +21,10 @@ sub read_body {
 my $return_data = "";
 my $data_len = length ${$state->{data}};
 if ($state->{bytes} < $data_len) {
-   $data_len = $data_len - $state->{bytes};
-   $data_len = $maxlength if $data_len > $maxlength;
-   $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
-   $state->{bytes} += $data_len;
+$data_len = $data_len - $state->{bytes};
+$data_len = $maxlength if $data_len > $maxlength;
+$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+$state->{bytes} += $data_len;
 }
 return $return_data;
 }
@@ -53,8 +53,8 @@ sub create_curl {
 $curl->setopt(CURLOPT_UPLOAD, 1);
 $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
 $curl->setopt(CURLOPT_HTTPHEADER,
-   ["Content-Type: application/timestamp-query",
-   "Accept: 
application/timestamp-reply,application/timestamp-response"]);
+["Content-Type: application/timestamp-query",
+"Accept: application/timestamp-reply,application/timestamp-response"]);
 $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
 $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
 
@@ -63,8 +63,8 @@ sub create_curl {
 
 # SSL related options.
 $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
-$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);  # Verify server's certificate.
-$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);  # Check server's CN.
+$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);# Verify server's certificate.
+$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);# Check server's CN.
 $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
 $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
 $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
@@ -101,15 +101,15 @@ sub get_timestamp {
 my $error_string;
 if ($error_code != 0) {
 my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
-   $error_string = "could not get timestamp";
-   $error_string .= ", http code: $http_code" unless $http_code == 0;
-   $error_string .= ", curl code: $error_code";
-   $error_string .= " ($::error_buf)" if defined($::error_buf);
+$error_string = "could not get timestamp";
+$error_string .= ", http code: $http_code" unless $http_code == 0;
+$error_string .= ", curl code: $error_code";
+$error_string .= " ($::error_buf)" if defined($::error_buf);
 } else {
 my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
-   if (lc($ct) ne "application/timestamp-reply"
-   && lc($ct) ne "application/timestamp-response") {
-   $error_string = "unexpected content type returned: $ct";
+if (lc($ct) ne "application/timestamp-reply"
+&& lc($ct) ne "application/timestamp-response") {
+$error_string = "unexpected content type returned: $ct";
 }
 }
 return ($ts_body, $error_string);
@@ -163,15 +163,15 @@ REQUEST: foreach (@ARGV) {
 # Read request.
 my $body;
 if ($input eq "-") {
-   # Read the request from STDIN;
-   $body = ;
+# Read the request from STDIN;
+$body = ;
 } else {
-   # Read the request from file.
+# Read the request from file.
 open INPUT, "<" . $input
-   or warn("$input: could not open input file: $!\n"), next REQUEST;
+or warn("$input: could not open input file: $!\n"), next REQUEST;
 $body = ;
 close INPUT
-   or warn("$input: could not close input file: $!\n"), next REQUEST;
+or warn("$input: could not close input file: $!\n"), next REQUEST;
 }
 
 # Send request.
@@ -179,21 +179,21 @@ REQUEST: foreach (@ARGV) {
 
 my ($ts_body, $error) = get_timestamp $curl, \$body;
 if (defined($error)) {
-

[web] master update

2021-09-13 Thread Matt Caswell

The branch master has been updated
   via  78a40cab4af1807c6530546557a93303b2505f40 (commit)
  from  598d9806bc701a208da5506fcba59cd629e21f21 (commit)


- Log -
commit 78a40cab4af1807c6530546557a93303b2505f40
Author: Tomáš Mráz 
Date:   Mon Sep 13 12:07:30 2021 +0200

newsflash.txt: Add link to blog about Let's encrypt root expiration

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/262)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 7c8a166..dc25841 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 
+13-Sep-2021: New Blog post: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/";>Old
 Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2
 07-Sep-2021: Final version of OpenSSL 3.0.0 is now available: please download 
and upgrade!
 24-Aug-2021: Security Advisory: two 
security fixes
 24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes

[openssl] master update

2021-09-13 Thread Richard Levitte

The branch master has been updated
   via  6d56fcd86a75c6c3b061fc69bc2b3b100ebac24b (commit)
  from  7ea01f521d08d6585a62c7cfd9358c0f191bd903 (commit)


- Log -
commit 6d56fcd86a75c6c3b061fc69bc2b3b100ebac24b
Author: Richard Levitte 
Date:   Fri Sep 10 06:42:24 2021 +0200

Fix the build file templates where uplink matters

We changed the manner in which a build needing applink is detected,
but forgot to change the installation targets accordingly.

Fixes #16570

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16577)

(cherry picked from commit de36ce47bf9858f3c517345f46e52d5a6fc506de)

---

Summary of changes:
 Configurations/unix-Makefile.tmpl| 8 
 Configurations/windows-makefile.tmpl | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index bf53cbcec5..52d2f6a64e 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -693,11 +693,11 @@ install_dev: install_runtime_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing development files"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl 
$(DESTDIR)$(INSTALLTOP)/include/openssl
-   @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "install $(SRCDIR)/ms/applink.c -> 
$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@cp $(SRCDIR)/ms/applink.c 
$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-   @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
  $(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
@@ -767,10 +767,10 @@ install_dev: install_runtime_libs
 
 uninstall_dev: uninstall_runtime_libs
@$(ECHO) "*** Uninstalling development files"
-   @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-   @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
  $(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
diff --git a/Configurations/windows-makefile.tmpl 
b/Configurations/windows-makefile.tmpl
index 63431b97ed..78d39ffb4b 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -543,10 +543,10 @@ install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & 
exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
-   @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @{- output_off() if $disabled{uplink}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
   "$(INSTALLTOP)\include\openssl"
-   @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @{- output_on() if $disabled{uplink}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
   "$(SRCDIR)\include\openssl\*.h" \
   "$(INSTALLTOP)\include\openssl"

[openssl] openssl-3.0 update

2021-09-13 Thread Richard Levitte

The branch openssl-3.0 has been updated
   via  de36ce47bf9858f3c517345f46e52d5a6fc506de (commit)
  from  fc455e5838fd4520c75473342df6e1867367c913 (commit)


- Log -
commit de36ce47bf9858f3c517345f46e52d5a6fc506de
Author: Richard Levitte 
Date:   Fri Sep 10 06:42:24 2021 +0200

Fix the build file templates where uplink matters

We changed the manner in which a build needing applink is detected,
but forgot to change the installation targets accordingly.

Fixes #16570

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16577)

---

Summary of changes:
 Configurations/unix-Makefile.tmpl| 8 
 Configurations/windows-makefile.tmpl | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index bf53cbcec5..52d2f6a64e 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -693,11 +693,11 @@ install_dev: install_runtime_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing development files"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl 
$(DESTDIR)$(INSTALLTOP)/include/openssl
-   @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "install $(SRCDIR)/ms/applink.c -> 
$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@cp $(SRCDIR)/ms/applink.c 
$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-   @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
  $(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
@@ -767,10 +767,10 @@ install_dev: install_runtime_libs
 
 uninstall_dev: uninstall_runtime_libs
@$(ECHO) "*** Uninstalling development files"
-   @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-   @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
  $(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
diff --git a/Configurations/windows-makefile.tmpl 
b/Configurations/windows-makefile.tmpl
index 63431b97ed..78d39ffb4b 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -543,10 +543,10 @@ install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & 
exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
-   @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @{- output_off() if $disabled{uplink}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
   "$(INSTALLTOP)\include\openssl"
-   @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } 
(@{$target{defines}}, @{$config{defines}}); "" -}
+   @{- output_on() if $disabled{uplink}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
   "$(SRCDIR)\include\openssl\*.h" \
   "$(INSTALLTOP)\include\openssl"

[openssl] openssl-3.0 update

2021-09-13 Thread tomas

The branch openssl-3.0 has been updated
   via  fc455e5838fd4520c75473342df6e1867367c913 (commit)
  from  c24758277800ef8fe1f294bcc84da02ca5367129 (commit)


- Log -
commit fc455e5838fd4520c75473342df6e1867367c913
Author: Tomas Mraz 
Date:   Fri Sep 10 10:45:01 2021 +0200

linux-x86-clang target: Add -latomic

Fixes #16572

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16578)

(cherry picked from commit 7ea01f521d08d6585a62c7cfd9358c0f191bd903)

---

Summary of changes:
 Configurations/10-main.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 468698a366..8414b34ed9 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -857,6 +857,7 @@ my %targets = (
 inherit_from => [ "linux-x86" ],
 CC   => "clang",
 CXX  => "clang++",
+ex_libs  => add(threads("-latomic")),
 },
 "linux-x86_64" => {
 inherit_from => [ "linux-generic64" ],

[openssl] master update

2021-09-13 Thread tomas

The branch master has been updated
   via  7ea01f521d08d6585a62c7cfd9358c0f191bd903 (commit)
  from  485d0790ac1a29a0d4e7391d804810d485890376 (commit)


- Log -
commit 7ea01f521d08d6585a62c7cfd9358c0f191bd903
Author: Tomas Mraz 
Date:   Fri Sep 10 10:45:01 2021 +0200

linux-x86-clang target: Add -latomic

Fixes #16572

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16578)

---

Summary of changes:
 Configurations/10-main.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 468698a366..8414b34ed9 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -857,6 +857,7 @@ my %targets = (
 inherit_from => [ "linux-x86" ],
 CC   => "clang",
 CXX  => "clang++",
+ex_libs  => add(threads("-latomic")),
 },
 "linux-x86_64" => {
 inherit_from => [ "linux-generic64" ],

[openssl] OpenSSL_1_1_1-stable update

2021-09-13 Thread Dr . Paul Dale

The branch OpenSSL_1_1_1-stable has been updated
   via  9e44ffc281326330937eee0e94b6fd4bfcaa98eb (commit)
  from  2753b6ff7f0b91c7ddeb72a6a08948ca28d12a91 (commit)


- Log -
commit 9e44ffc281326330937eee0e94b6fd4bfcaa98eb
Author: Nikita Ivanov 
Date:   Tue Sep 7 11:31:17 2021 +0300

Fix nc_email to check ASN1 strings with NULL byte in the middle

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16524)

(cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376)

---

Summary of changes:
 crypto/x509v3/v3_ncons.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index d985aa91da..60cb4ceaa8 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -602,6 +602,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING 
*base)
 if (baseat != baseptr) {
 if ((baseat - baseptr) != (emlat - emlptr))
 return X509_V_ERR_PERMITTED_VIOLATION;
+if (memchr(baseptr, 0, baseat - baseptr) ||
+memchr(emlptr, 0, emlat - emlptr))
+return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
 /* Case sensitive match of local part */
 if (strncmp(baseptr, emlptr, emlat - emlptr))
 return X509_V_ERR_PERMITTED_VIOLATION;

[openssl] openssl-3.0 update

2021-09-13 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  c24758277800ef8fe1f294bcc84da02ca5367129 (commit)
  from  96c925c41bf6d9f60f3e8cbe528e82ac7ddc9539 (commit)


- Log -
commit c24758277800ef8fe1f294bcc84da02ca5367129
Author: Nikita Ivanov 
Date:   Tue Sep 7 11:31:17 2021 +0300

Fix nc_email to check ASN1 strings with NULL byte in the middle

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16524)

(cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376)

---

Summary of changes:
 crypto/x509/v3_ncons.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index dc56fe2c0c..70a7e8304e 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -714,6 +714,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING 
*base)
 if (baseat != baseptr) {
 if ((baseat - baseptr) != (emlat - emlptr))
 return X509_V_ERR_PERMITTED_VIOLATION;
+if (memchr(baseptr, 0, baseat - baseptr) ||
+memchr(emlptr, 0, emlat - emlptr))
+return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
 /* Case sensitive match of local part */
 if (strncmp(baseptr, emlptr, emlat - emlptr))
 return X509_V_ERR_PERMITTED_VIOLATION;

[openssl] master update

2021-09-13 Thread Dr . Paul Dale

The branch master has been updated
   via  485d0790ac1a29a0d4e7391d804810d485890376 (commit)
  from  cc0d1b03a94b71dd9d8ee9aa11ee22fdc3659821 (commit)


- Log -
commit 485d0790ac1a29a0d4e7391d804810d485890376
Author: Nikita Ivanov 
Date:   Tue Sep 7 11:31:17 2021 +0300

Fix nc_email to check ASN1 strings with NULL byte in the middle

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16524)

---

Summary of changes:
 crypto/x509/v3_ncons.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index dc56fe2c0c..70a7e8304e 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -714,6 +714,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING 
*base)
 if (baseat != baseptr) {
 if ((baseat - baseptr) != (emlat - emlptr))
 return X509_V_ERR_PERMITTED_VIOLATION;
+if (memchr(baseptr, 0, baseat - baseptr) ||
+memchr(emlptr, 0, emlat - emlptr))
+return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
 /* Case sensitive match of local part */
 if (strncmp(baseptr, emlptr, emlat - emlptr))
 return X509_V_ERR_PERMITTED_VIOLATION;

[openssl] openssl-3.0 update

[openssl] master update

[web] master update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] openssl-3.0 update

[openssl] master update

[openssl] OpenSSL_1_1_1-stable update

[openssl] openssl-3.0 update

[openssl] master update

10 matches

Site Navigation

Mail list logo

Footer information