[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 566431716efab52b40cc3af6610ba831d5c1 (commit) from de36ce47bf9858f3c517345f46e52d5a6fc506de (commit) - Log - commit 566431716efab52b40cc3af6610ba831d5c1 Author: Viktor Szakats Date: Sun Aug 29 00:59:09 2021 + convert tabs to spaces in two distributed Perl scripts Also fix indentation in c_rehash.in to 4 spaces, where a mixture of 4 and 8 spaces was used before, in addition to tabs. CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16459) (cherry picked from commit ea0d79db9be9066de350c44c160bd8b17f2be666) --- Summary of changes: apps/tsget.in | 50 +- tools/c_rehash.in | 292 +++--- 2 files changed, 171 insertions(+), 171 deletions(-) diff --git a/apps/tsget.in b/apps/tsget.in index d87ea4d654..8eab6a8f1f 100644 --- a/apps/tsget.in +++ b/apps/tsget.in @@ -21,10 +21,10 @@ sub read_body { my $return_data = ""; my $data_len = length ${$state->{data}}; if ($state->{bytes} < $data_len) { - $data_len = $data_len - $state->{bytes}; - $data_len = $maxlength if $data_len > $maxlength; - $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len; - $state->{bytes} += $data_len; +$data_len = $data_len - $state->{bytes}; +$data_len = $maxlength if $data_len > $maxlength; +$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len; +$state->{bytes} += $data_len; } return $return_data; } @@ -53,8 +53,8 @@ sub create_curl { $curl->setopt(CURLOPT_UPLOAD, 1); $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST"); $curl->setopt(CURLOPT_HTTPHEADER, - ["Content-Type: application/timestamp-query", - "Accept: application/timestamp-reply,application/timestamp-response"]); +["Content-Type: application/timestamp-query", +"Accept: application/timestamp-reply,application/timestamp-response"]); $curl->setopt(CURLOPT_READFUNCTION, \&read_body); $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); }); @@ -63,8 +63,8 @@ sub create_curl { # SSL related options. $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM"); -$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate. -$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN. +$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);# Verify server's certificate. +$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);# Check server's CN. $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k}); $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p}); $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c}); @@ -101,15 +101,15 @@ sub get_timestamp { my $error_string; if ($error_code != 0) { my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE); - $error_string = "could not get timestamp"; - $error_string .= ", http code: $http_code" unless $http_code == 0; - $error_string .= ", curl code: $error_code"; - $error_string .= " ($::error_buf)" if defined($::error_buf); +$error_string = "could not get timestamp"; +$error_string .= ", http code: $http_code" unless $http_code == 0; +$error_string .= ", curl code: $error_code"; +$error_string .= " ($::error_buf)" if defined($::error_buf); } else { my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE); - if (lc($ct) ne "application/timestamp-reply" - && lc($ct) ne "application/timestamp-response") { - $error_string = "unexpected content type returned: $ct"; +if (lc($ct) ne "application/timestamp-reply" +&& lc($ct) ne "application/timestamp-response") { +$error_string = "unexpected content type returned: $ct"; } } return ($ts_body, $error_string); @@ -163,15 +163,15 @@ REQUEST: foreach (@ARGV) { # Read request. my $body; if ($input eq "-") { - # Read the request from STDIN; - $body = ; +# Read the request from STDIN; +$body = ; } else { - # Read the request from file. +# Read the request from file. open INPUT, "<" . $input - or warn("$input: could not open input file: $!\n"), next REQUEST; +or warn("$input: could not open input file: $!\n"), next REQUEST; $body = ; close INPUT - or warn("$input: could not close input file: $!\n"), next REQUEST; +or warn("$input: could not close input file: $!\n"), next REQUEST; } # Send request. @@ -179,21 +179,21 @@ REQUEST: foreach (@ARGV) { my ($t
[openssl] master update
The branch master has been updated via ea0d79db9be9066de350c44c160bd8b17f2be666 (commit) from 6d56fcd86a75c6c3b061fc69bc2b3b100ebac24b (commit) - Log - commit ea0d79db9be9066de350c44c160bd8b17f2be666 Author: Viktor Szakats Date: Sun Aug 29 00:59:09 2021 + convert tabs to spaces in two distributed Perl scripts Also fix indentation in c_rehash.in to 4 spaces, where a mixture of 4 and 8 spaces was used before, in addition to tabs. CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16459) --- Summary of changes: apps/tsget.in | 50 +- tools/c_rehash.in | 292 +++--- 2 files changed, 171 insertions(+), 171 deletions(-) diff --git a/apps/tsget.in b/apps/tsget.in index d87ea4d654..8eab6a8f1f 100644 --- a/apps/tsget.in +++ b/apps/tsget.in @@ -21,10 +21,10 @@ sub read_body { my $return_data = ""; my $data_len = length ${$state->{data}}; if ($state->{bytes} < $data_len) { - $data_len = $data_len - $state->{bytes}; - $data_len = $maxlength if $data_len > $maxlength; - $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len; - $state->{bytes} += $data_len; +$data_len = $data_len - $state->{bytes}; +$data_len = $maxlength if $data_len > $maxlength; +$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len; +$state->{bytes} += $data_len; } return $return_data; } @@ -53,8 +53,8 @@ sub create_curl { $curl->setopt(CURLOPT_UPLOAD, 1); $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST"); $curl->setopt(CURLOPT_HTTPHEADER, - ["Content-Type: application/timestamp-query", - "Accept: application/timestamp-reply,application/timestamp-response"]); +["Content-Type: application/timestamp-query", +"Accept: application/timestamp-reply,application/timestamp-response"]); $curl->setopt(CURLOPT_READFUNCTION, \&read_body); $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); }); @@ -63,8 +63,8 @@ sub create_curl { # SSL related options. $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM"); -$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate. -$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN. +$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);# Verify server's certificate. +$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);# Check server's CN. $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k}); $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p}); $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c}); @@ -101,15 +101,15 @@ sub get_timestamp { my $error_string; if ($error_code != 0) { my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE); - $error_string = "could not get timestamp"; - $error_string .= ", http code: $http_code" unless $http_code == 0; - $error_string .= ", curl code: $error_code"; - $error_string .= " ($::error_buf)" if defined($::error_buf); +$error_string = "could not get timestamp"; +$error_string .= ", http code: $http_code" unless $http_code == 0; +$error_string .= ", curl code: $error_code"; +$error_string .= " ($::error_buf)" if defined($::error_buf); } else { my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE); - if (lc($ct) ne "application/timestamp-reply" - && lc($ct) ne "application/timestamp-response") { - $error_string = "unexpected content type returned: $ct"; +if (lc($ct) ne "application/timestamp-reply" +&& lc($ct) ne "application/timestamp-response") { +$error_string = "unexpected content type returned: $ct"; } } return ($ts_body, $error_string); @@ -163,15 +163,15 @@ REQUEST: foreach (@ARGV) { # Read request. my $body; if ($input eq "-") { - # Read the request from STDIN; - $body = ; +# Read the request from STDIN; +$body = ; } else { - # Read the request from file. +# Read the request from file. open INPUT, "<" . $input - or warn("$input: could not open input file: $!\n"), next REQUEST; +or warn("$input: could not open input file: $!\n"), next REQUEST; $body = ; close INPUT - or warn("$input: could not close input file: $!\n"), next REQUEST; +or warn("$input: could not close input file: $!\n"), next REQUEST; } # Send request. @@ -179,21 +179,21 @@ REQUEST: foreach (@ARGV) { my ($ts_body, $error) = get_timestamp $curl, \$body; if (defined($error)) { -
[web] master update
The branch master has been updated via 78a40cab4af1807c6530546557a93303b2505f40 (commit) from 598d9806bc701a208da5506fcba59cd629e21f21 (commit) - Log - commit 78a40cab4af1807c6530546557a93303b2505f40 Author: Tomáš Mráz Date: Mon Sep 13 12:07:30 2021 +0200 newsflash.txt: Add link to blog about Let's encrypt root expiration Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/262) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 7c8a166..dc25841 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +13-Sep-2021: New Blog post: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/";>Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 07-Sep-2021: Final version of OpenSSL 3.0.0 is now available: please download and upgrade! 24-Aug-2021: Security Advisory: two security fixes 24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes
[openssl] master update
The branch master has been updated via 6d56fcd86a75c6c3b061fc69bc2b3b100ebac24b (commit) from 7ea01f521d08d6585a62c7cfd9358c0f191bd903 (commit) - Log - commit 6d56fcd86a75c6c3b061fc69bc2b3b100ebac24b Author: Richard Levitte Date: Fri Sep 10 06:42:24 2021 +0200 Fix the build file templates where uplink matters We changed the manner in which a build needing applink is detected, but forgot to change the installation targets accordingly. Fixes #16570 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16577) (cherry picked from commit de36ce47bf9858f3c517345f46e52d5a6fc506de) --- Summary of changes: Configurations/unix-Makefile.tmpl| 8 Configurations/windows-makefile.tmpl | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index bf53cbcec5..52d2f6a64e 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -693,11 +693,11 @@ install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing development files" @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl - @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ @@ -767,10 +767,10 @@ install_dev: install_runtime_libs uninstall_dev: uninstall_runtime_libs @$(ECHO) "*** Uninstalling development files" - @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 63431b97ed..78d39ffb4b 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -543,10 +543,10 @@ install_dev: install_runtime_libs @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) @$(ECHO) "*** Installing development files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @{- output_off() if $disabled{uplink}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" - @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @{- output_on() if $disabled{uplink}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl"
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via de36ce47bf9858f3c517345f46e52d5a6fc506de (commit) from fc455e5838fd4520c75473342df6e1867367c913 (commit) - Log - commit de36ce47bf9858f3c517345f46e52d5a6fc506de Author: Richard Levitte Date: Fri Sep 10 06:42:24 2021 +0200 Fix the build file templates where uplink matters We changed the manner in which a build needing applink is detected, but forgot to change the installation targets accordingly. Fixes #16570 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16577) --- Summary of changes: Configurations/unix-Makefile.tmpl| 8 Configurations/windows-makefile.tmpl | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index bf53cbcec5..52d2f6a64e 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -693,11 +693,11 @@ install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing development files" @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl - @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ @@ -767,10 +767,10 @@ install_dev: install_runtime_libs uninstall_dev: uninstall_runtime_libs @$(ECHO) "*** Uninstalling development files" - @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 63431b97ed..78d39ffb4b 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -543,10 +543,10 @@ install_dev: install_runtime_libs @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) @$(ECHO) "*** Installing development files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @{- output_off() if $disabled{uplink}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" - @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @{- output_on() if $disabled{uplink}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl"
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via fc455e5838fd4520c75473342df6e1867367c913 (commit) from c24758277800ef8fe1f294bcc84da02ca5367129 (commit) - Log - commit fc455e5838fd4520c75473342df6e1867367c913 Author: Tomas Mraz Date: Fri Sep 10 10:45:01 2021 +0200 linux-x86-clang target: Add -latomic Fixes #16572 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16578) (cherry picked from commit 7ea01f521d08d6585a62c7cfd9358c0f191bd903) --- Summary of changes: Configurations/10-main.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 468698a366..8414b34ed9 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -857,6 +857,7 @@ my %targets = ( inherit_from => [ "linux-x86" ], CC => "clang", CXX => "clang++", +ex_libs => add(threads("-latomic")), }, "linux-x86_64" => { inherit_from => [ "linux-generic64" ],
[openssl] master update
The branch master has been updated via 7ea01f521d08d6585a62c7cfd9358c0f191bd903 (commit) from 485d0790ac1a29a0d4e7391d804810d485890376 (commit) - Log - commit 7ea01f521d08d6585a62c7cfd9358c0f191bd903 Author: Tomas Mraz Date: Fri Sep 10 10:45:01 2021 +0200 linux-x86-clang target: Add -latomic Fixes #16572 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16578) --- Summary of changes: Configurations/10-main.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 468698a366..8414b34ed9 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -857,6 +857,7 @@ my %targets = ( inherit_from => [ "linux-x86" ], CC => "clang", CXX => "clang++", +ex_libs => add(threads("-latomic")), }, "linux-x86_64" => { inherit_from => [ "linux-generic64" ],
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 9e44ffc281326330937eee0e94b6fd4bfcaa98eb (commit) from 2753b6ff7f0b91c7ddeb72a6a08948ca28d12a91 (commit) - Log - commit 9e44ffc281326330937eee0e94b6fd4bfcaa98eb Author: Nikita Ivanov Date: Tue Sep 7 11:31:17 2021 +0300 Fix nc_email to check ASN1 strings with NULL byte in the middle Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16524) (cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376) --- Summary of changes: crypto/x509v3/v3_ncons.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index d985aa91da..60cb4ceaa8 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -602,6 +602,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; +if (memchr(baseptr, 0, baseat - baseptr) || +memchr(emlptr, 0, emlat - emlptr)) +return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via c24758277800ef8fe1f294bcc84da02ca5367129 (commit) from 96c925c41bf6d9f60f3e8cbe528e82ac7ddc9539 (commit) - Log - commit c24758277800ef8fe1f294bcc84da02ca5367129 Author: Nikita Ivanov Date: Tue Sep 7 11:31:17 2021 +0300 Fix nc_email to check ASN1 strings with NULL byte in the middle Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16524) (cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376) --- Summary of changes: crypto/x509/v3_ncons.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index dc56fe2c0c..70a7e8304e 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -714,6 +714,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; +if (memchr(baseptr, 0, baseat - baseptr) || +memchr(emlptr, 0, emlat - emlptr)) +return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION;
[openssl] master update
The branch master has been updated via 485d0790ac1a29a0d4e7391d804810d485890376 (commit) from cc0d1b03a94b71dd9d8ee9aa11ee22fdc3659821 (commit) - Log - commit 485d0790ac1a29a0d4e7391d804810d485890376 Author: Nikita Ivanov Date: Tue Sep 7 11:31:17 2021 +0300 Fix nc_email to check ASN1 strings with NULL byte in the middle Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16524) --- Summary of changes: crypto/x509/v3_ncons.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index dc56fe2c0c..70a7e8304e 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -714,6 +714,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; +if (memchr(baseptr, 0, baseat - baseptr) || +memchr(emlptr, 0, emlat - emlptr)) +return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION;