SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: d77ba503a2 Adjust ssl_test_new for SHA1 security level 8ce390e139 Adjust sslapitest for SHA1 security level fdf312709a Adjust dtlstest for SHA1 security level 0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0". c404e4fab3 Add test case for openssl crl -noout -hash output 872b7979c7 crl: noout is not an output item 3b9e47695f CHANGES: document the FIPS provider configuration and installation f2ea01d9f1 README-FIPS: document the installation of the FIPS provider b2d8c7b6a3 Configure: disable fips mode by default afa0a13c1a Configure: sort the disablables alphabetically d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows 18da9fc31f Configure/Makefile: install the fips provider if it was configured 4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it 5b68918185 Configure/Makefile: separate install of the FIPS module c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation 59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol. 2395ad8079 test: never run fipsinstall if the tests are not enabled. 3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output 2e535eb50a Configuration: rework how dependency making is handled 0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative e9b30d9f50 Test a Finished message at the wrong time results in unexpected message f42e68dc47 Defer Finished MAC handling until after state transition 460d2fbcd7 Store the list of activated providers in the libctx 2d5695016d Properly protect access to the provider flag_activated field 98369ef25f Add a threading test for loading/unloading providers 4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms 176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts 1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage 624359374b Skip test_fipsload when fips is disabled. 50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test cdf63a3736 Add X509 version constants. d97adfda28 memleaktest with MSVC's AddressSanitizer 67ea4beb94 OPENSSL_sk functions are effectively already documented 5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer() e1491a2f15 Add testing for updated cipher IV 8365652287 Use "canonical" names when matching the output of the commands 680dbd16dc Skip GOST engine tests in out of tree builds eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby c0a79e9836 Rename some globals, add ossl prefix. e6760e3e84 Add system guessing for linux64-riscv64 target e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT. 1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse 94471ccfda add verbosity for pyca job a938f0045e re-add pyca/cryptography testing a09fb26ba9 add wycheproof submodule f2561fa566 updated pyca/cryptography submodule version 3e4981dd59 Avoid #include with inline function on C++Builder c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). 990aa405db Doc updates for DH/DSA examples f1ffaaeece Fixes related to separation of DH and DHX types 6c9bc258d2 Add type_name member to provided methods and use it d21224f1ad Documentation fix for openssl-verify certificates
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: d77ba503a2 Adjust ssl_test_new for SHA1 security level 8ce390e139 Adjust sslapitest for SHA1 security level fdf312709a Adjust dtlstest for SHA1 security level 0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0". c404e4fab3 Add test case for openssl crl -noout -hash output 872b7979c7 crl: noout is not an output item 3b9e47695f CHANGES: document the FIPS provider configuration and installation f2ea01d9f1 README-FIPS: document the installation of the FIPS provider b2d8c7b6a3 Configure: disable fips mode by default afa0a13c1a Configure: sort the disablables alphabetically d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows 18da9fc31f Configure/Makefile: install the fips provider if it was configured 4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it 5b68918185 Configure/Makefile: separate install of the FIPS module c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation 59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol. 2395ad8079 test: never run fipsinstall if the tests are not enabled. 3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output 2e535eb50a Configuration: rework how dependency making is handled 0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative e9b30d9f50 Test a Finished message at the wrong time results in unexpected message f42e68dc47 Defer Finished MAC handling until after state transition 460d2fbcd7 Store the list of activated providers in the libctx 2d5695016d Properly protect access to the provider flag_activated field 98369ef25f Add a threading test for loading/unloading providers 4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms 176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts 1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage 624359374b Skip test_fipsload when fips is disabled. 50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test cdf63a3736 Add X509 version constants. d97adfda28 memleaktest with MSVC's AddressSanitizer 67ea4beb94 OPENSSL_sk functions are effectively already documented 5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer() e1491a2f15 Add testing for updated cipher IV 8365652287 Use "canonical" names when matching the output of the commands 680dbd16dc Skip GOST engine tests in out of tree builds eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby c0a79e9836 Rename some globals, add ossl prefix. e6760e3e84 Add system guessing for linux64-riscv64 target e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT. 1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse 94471ccfda add verbosity for pyca job a938f0045e re-add pyca/cryptography testing a09fb26ba9 add wycheproof submodule f2561fa566 updated pyca/cryptography submodule version 3e4981dd59 Avoid #include with inline function on C++Builder c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). 990aa405db Doc updates for DH/DSA examples f1ffaaeece Fixes related to separation of DH and DHX types 6c9bc258d2 Add type_name member to provided methods and use it d21224f1ad Documentation fix for openssl-verify certificates
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-stdio
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-stdio Commit log since last time: d77ba503a2 Adjust ssl_test_new for SHA1 security level 8ce390e139 Adjust sslapitest for SHA1 security level fdf312709a Adjust dtlstest for SHA1 security level 0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0". c404e4fab3 Add test case for openssl crl -noout -hash output 872b7979c7 crl: noout is not an output item 3b9e47695f CHANGES: document the FIPS provider configuration and installation f2ea01d9f1 README-FIPS: document the installation of the FIPS provider b2d8c7b6a3 Configure: disable fips mode by default afa0a13c1a Configure: sort the disablables alphabetically d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows 18da9fc31f Configure/Makefile: install the fips provider if it was configured 4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it 5b68918185 Configure/Makefile: separate install of the FIPS module c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation 59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol. 2395ad8079 test: never run fipsinstall if the tests are not enabled. 3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output 2e535eb50a Configuration: rework how dependency making is handled 0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative e9b30d9f50 Test a Finished message at the wrong time results in unexpected message f42e68dc47 Defer Finished MAC handling until after state transition 460d2fbcd7 Store the list of activated providers in the libctx 2d5695016d Properly protect access to the provider flag_activated field 98369ef25f Add a threading test for loading/unloading providers 4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms 176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts 1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage 624359374b Skip test_fipsload when fips is disabled. 50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test cdf63a3736 Add X509 version constants. d97adfda28 memleaktest with MSVC's AddressSanitizer 67ea4beb94 OPENSSL_sk functions are effectively already documented 5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer() e1491a2f15 Add testing for updated cipher IV 8365652287 Use "canonical" names when matching the output of the commands 680dbd16dc Skip GOST engine tests in out of tree builds eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby c0a79e9836 Rename some globals, add ossl prefix. e6760e3e84 Add system guessing for linux64-riscv64 target e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT. 1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse 94471ccfda add verbosity for pyca job a938f0045e re-add pyca/cryptography testing a09fb26ba9 add wycheproof submodule f2561fa566 updated pyca/cryptography submodule version 3e4981dd59 Avoid #include with inline function on C++Builder c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). 990aa405db Doc updates for DH/DSA examples f1ffaaeece Fixes related to separation of DH and DHX types 6c9bc258d2 Add type_name member to provided methods and use it d21224f1ad Documentation fix for openssl-verify certificates
[openssl] master update
The branch master has been updated
via 045a893091994a5837a2bec9cc5646ae9ff07a2c (commit)
from dd28d1c4d305574e5feacb0f3fee21192b9ccf2f (commit)
- Log -
commit 045a893091994a5837a2bec9cc5646ae9ff07a2c
Author: FdaSilvaYY
Date: Tue Apr 27 22:50:18 2021 +0200
ssl: fix possible ref counting fields use before init.
`strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is
called.
The possible call is made before reference and lock fields setup.
Reviewed-by: Paul Dale
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/15052)
---
Summary of changes:
ssl/ssl_lib.c | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3d0f309fd2..27a5ec4581 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3181,6 +3181,15 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char
*propq,
if (ret == NULL)
goto err;
+/* Init the reference counting before any call to SSL_CTX_free */
+ret->references = 1;
+ret->lock = CRYPTO_THREAD_lock_new();
+if (ret->lock == NULL) {
+ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+OPENSSL_free(ret);
+return NULL;
+}
+
ret->libctx = libctx;
if (propq != NULL) {
ret->propq = OPENSSL_strdup(propq);
@@ -3196,13 +3205,6 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char
*propq,
ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
/* We take the system default. */
ret->session_timeout = meth->get_timeout();
-ret->references = 1;
-ret->lock = CRYPTO_THREAD_lock_new();
-if (ret->lock == NULL) {
-ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
-OPENSSL_free(ret);
-return NULL;
-}
ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
ret->verify_mode = SSL_VERIFY_NONE;
if ((ret->cert = ssl_cert_new()) == NULL)
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 6682083fa51fb94b95afd68b2b57f7609d9e41e7 (commit) from 7c65179ad95d0f6f598ee82e763fce2567fe5802 (commit) - Log - commit 6682083fa51fb94b95afd68b2b57f7609d9e41e7 Author: Hubert Kario Date: Fri Apr 30 16:41:17 2021 +0200 man: s_server: fix typo in -alpn option description Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/15098) --- Summary of changes: doc/man1/s_server.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 9fdac49190..aa6c19d31f 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -701,7 +701,7 @@ disabling the ephemeral DH cipher suites. =item B<-alpn val>, B<-nextprotoneg val> -These flags enable the Enable the Application-Layer Protocol Negotiation +These flags enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the IETF standard and replaces NPN. The B list is a comma-separated list of supported protocol
[openssl] master update
The branch master has been updated via dd28d1c4d305574e5feacb0f3fee21192b9ccf2f (commit) from f4407385f58242dcc6ae95a60c2a3dc8782bee42 (commit) - Log - commit dd28d1c4d305574e5feacb0f3fee21192b9ccf2f Author: Hubert Kario Date: Fri Apr 30 16:45:47 2021 +0200 man: s_server: fix text repetition in -alpn description Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/15099) --- Summary of changes: doc/man1/openssl-s_server.pod.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 55227d9080..243ab8b3e0 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -672,7 +672,7 @@ disabling the ephemeral DH cipher suites. =item B<-alpn> I, B<-nextprotoneg> I -These flags enable the Enable the Application-Layer Protocol Negotiation +These flags enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the IETF standard and replaces NPN. The I list is a comma-separated list of supported protocol
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-sock
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: d77ba503a2 Adjust ssl_test_new for SHA1 security level 8ce390e139 Adjust sslapitest for SHA1 security level fdf312709a Adjust dtlstest for SHA1 security level 0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0". c404e4fab3 Add test case for openssl crl -noout -hash output 872b7979c7 crl: noout is not an output item 3b9e47695f CHANGES: document the FIPS provider configuration and installation f2ea01d9f1 README-FIPS: document the installation of the FIPS provider b2d8c7b6a3 Configure: disable fips mode by default afa0a13c1a Configure: sort the disablables alphabetically d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows 18da9fc31f Configure/Makefile: install the fips provider if it was configured 4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it 5b68918185 Configure/Makefile: separate install of the FIPS module c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation 59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol. 2395ad8079 test: never run fipsinstall if the tests are not enabled. 3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output 2e535eb50a Configuration: rework how dependency making is handled 0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative e9b30d9f50 Test a Finished message at the wrong time results in unexpected message f42e68dc47 Defer Finished MAC handling until after state transition 460d2fbcd7 Store the list of activated providers in the libctx 2d5695016d Properly protect access to the provider flag_activated field 98369ef25f Add a threading test for loading/unloading providers 4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms 176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts 1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage 624359374b Skip test_fipsload when fips is disabled. 50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test cdf63a3736 Add X509 version constants. d97adfda28 memleaktest with MSVC's AddressSanitizer 67ea4beb94 OPENSSL_sk functions are effectively already documented 5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer() e1491a2f15 Add testing for updated cipher IV 8365652287 Use "canonical" names when matching the output of the commands 680dbd16dc Skip GOST engine tests in out of tree builds eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby c0a79e9836 Rename some globals, add ossl prefix. e6760e3e84 Add system guessing for linux64-riscv64 target e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT. 1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse 94471ccfda add verbosity for pyca job a938f0045e re-add pyca/cryptography testing a09fb26ba9 add wycheproof submodule f2561fa566 updated pyca/cryptography submodule version 3e4981dd59 Avoid #include with inline function on C++Builder c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). 990aa405db Doc updates for DH/DSA examples f1ffaaeece Fixes related to separation of DH and DHX types 6c9bc258d2 Add type_name member to provided methods and use it d21224f1ad Documentation fix for openssl-verify certificates
[openssl] master update
The branch master has been updated
via f4407385f58242dcc6ae95a60c2a3dc8782bee42 (commit)
from c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd (commit)
- Log -
commit f4407385f58242dcc6ae95a60c2a3dc8782bee42
Author: Rich Salz
Date: Sat May 1 13:11:49 2021 +0200
APPS: Document the core of the opt_ API
Reviewed-by: Tomas Mraz
Reviewed-by: David von Oheimb
(Merged from https://github.com/openssl/openssl/pull/14995)
---
Summary of changes:
apps/include/fmt.h| 3 +-
apps/include/opt.h| 3 -
apps/lib/opt.c| 6 +-
doc/internal/man3/OPTIONS.pod | 301 ++
4 files changed, 306 insertions(+), 7 deletions(-)
create mode 100644 doc/internal/man3/OPTIONS.pod
diff --git a/apps/include/fmt.h b/apps/include/fmt.h
index c9edd4707e..f235899bf8 100644
--- a/apps/include/fmt.h
+++ b/apps/include/fmt.h
@@ -17,7 +17,8 @@
#ifndef OSSL_APPS_FMT_H
#define OSSL_APPS_FMT_H
-/* On some platforms, it's important to distinguish between text and binary
+/*
+ * On some platforms, it's important to distinguish between text and binary
* files. On some, there might even be specific file formats for different
* contents. The FORMAT_xxx macros are meant to express an intent with the
* file being read or created.
diff --git a/apps/include/opt.h b/apps/include/opt.h
index f9ac5accae..f22e9af05e 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -349,7 +349,6 @@ char *opt_init(int ac, char **av, const OPTIONS * o);
int opt_next(void);
void opt_begin(void);
int opt_format(const char *s, unsigned long flags, int *result);
-const char *format2str(int format);
int opt_int(const char *arg, int *result);
int opt_int_arg(void);
int opt_ulong(const char *arg, unsigned long *result);
@@ -381,8 +380,6 @@ int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
int opt_provider(int i);
void opt_help(const OPTIONS * list);
-void opt_print(const OPTIONS * opt, int doingparams, int width);
-int opt_format_error(const char *s, unsigned long flags);
void print_format_error(int format, unsigned long flags);
int opt_isdir(const char *name);
int opt_printf_stderr(const char *fmt, ...);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 83ae28cdc1..a6b6f7ce4f 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -227,7 +227,7 @@ static OPT_PAIR formats[] = {
};
/* Print an error message about a failed format parse. */
-int opt_format_error(const char *s, unsigned long flags)
+static int opt_format_error(const char *s, unsigned long flags)
{
OPT_PAIR *ap;
@@ -325,7 +325,7 @@ int opt_format(const char *s, unsigned long flags, int
*result)
}
/* Return string representing the given format. */
-const char *format2str(int format)
+static const char *format2str(int format)
{
switch (format) {
default:
@@ -973,7 +973,7 @@ static const char *valtype2param(const OPTIONS *o)
return "parm";
}
-void opt_print(const OPTIONS *o, int doingparams, int width)
+static void opt_print(const OPTIONS *o, int doingparams, int width)
{
const char* help;
char start[80 + 1];
diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod
new file mode 100644
index 00..3c0fcdaf80
--- /dev/null
+++ b/doc/internal/man3/OPTIONS.pod
@@ -0,0 +1,301 @@
+=pod
+
+=head1 NAME
+
+OPTIONS, OPT_PAIR,
+opt_progname, opt_appname, opt_getprog, opt_init, opt_format,
+opt_int, opt_long, opt_imax, opt_umax, opt_ulong, opt_pair,
+opt_string, opt_cipher, opt_md, opt_next, opt_arg, opt_flag, opt_unknown,
+opt_num_rest, opt_rest, opt_help, opt_isdir
+- Option parsing for commands and tests
+
+=head1 SYNOPSIS
+
+ #include "opt.h"
+
+ typedef struct { ... } OPTIONS;
+ typedef struct { ... } OPT_PAIR;
+
+ char *opt_progname(const char *argv0);
+ char *opt_appname(const char *arg0);
+ char *opt_getprog(void);
+ char *opt_init(int argc, char **argv, const OPTIONS *o);
+
+ int opt_next(void);
+ void opt_help(const OPTIONS *list);
+ char *opt_arg(void);
+ char *opt_flag(void);
+ char *opt_unknown(void);
+ int opt_cipher(const char *name, EVP_CIPHER **cipherp);
+ int opt_md(const char *name, EVP_MD **mdp);
+
+ int opt_int(const char *value, int *result);
+ int opt_long(const char *value, long *result);
+ int opt_imax(const char *value, intmax_t *result);
+ int opt_umax(const char *value, uintmax_t *result);
+ int opt_ulong(const char *value, unsigned long *result);
+
+ int opt_isdir(const char *name);
+
+ int opt_format(const char *s, unsigned long flags, int *result);
+ int opt_string(const char *name, const char **options);
+ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result);
+
+ int opt_num_rest(void);
+ char **opt_rest(void);
+
+=head1 DESCRIPTION
+
+The functions on this page provide a common set of option-parsing for
+the OpenSSL command
[openssl] master update
The branch master has been updated
via c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd (commit)
from 39da32729401110572da1782c80bef39c6f3f64b (commit)
- Log -
commit c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd
Author: Dmitry Belyavskiy
Date: Fri Apr 30 11:27:19 2021 +0200
Use OCSP-specific error code for clarity
Fixes #12735
Reviewed-by: Tomas Mraz
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/x)
---
Summary of changes:
crypto/err/openssl.txt | 1 +
include/openssl/sslerr.h | 1 +
ssl/ssl_err.c| 2 ++
ssl/statem/statem_clnt.c | 3 ++-
4 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 517ebc0a01..d3e29a5553 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1409,6 +1409,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
SSL_R_NULL_SSL_CTX:195:null ssl ctx
SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:305:ocsp callback failure
SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
old session compression algorithm not returned
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 7fea8a87b7..30d843cf2d 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -203,6 +203,7 @@
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
# define SSL_R_NULL_SSL_METHOD_PASSED 196
+# define SSL_R_OCSP_CALLBACK_FAILURE 305
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
# define SSL_R_OVERFLOW_ERROR 237
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 357cfc7d94..347b263d69 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -312,6 +312,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
"null ssl method passed"},
+{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+"ocsp callback failure"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
"old session cipher not returned"},
{ERR_PACK(ERR_LIB_SSL, 0,
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 2178be95bd..dab4d1c4bc 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2699,7 +2699,8 @@ int tls_process_initial_server_flight(SSL *s)
return 0;
}
if (ret < 0) {
-SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_R_OCSP_CALLBACK_FAILURE);
return 0;
}
}
