[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via c84f7c4c22828574885916479885ede6b32ba473 (commit) from 5a05c0d05233051f7af736e4f906b99f42212526 (commit) - Log - commit c84f7c4c22828574885916479885ede6b32ba473 Author: Dmitry Belyavskiy Date: Mon Sep 20 16:35:10 2021 +0200 Avoid double-free on unsuccessful getting PRNG seeding Fixes #16631 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16636) (cherry picked from commit 52dcc011191ad1a40fd52ae92ef009309deaca52) --- Summary of changes: providers/implementations/rands/seed_src.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/providers/implementations/rands/seed_src.c b/providers/implementations/rands/seed_src.c index 173c99ce17..7a4b780bb4 100644 --- a/providers/implementations/rands/seed_src.c +++ b/providers/implementations/rands/seed_src.c @@ -201,10 +201,11 @@ static size_t seed_get_seed(void *vseed, unsigned char **pout, ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; } -*pout = p; if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance, - adin, adin_len) != 0) + adin, adin_len) != 0) { +*pout = p; return bytes_needed; +} OPENSSL_secure_clear_free(p, bytes_needed); return 0; }
[openssl] master update
The branch master has been updated via 52dcc011191ad1a40fd52ae92ef009309deaca52 (commit) from 6923d261b819cdd5d9e0a72337da6d6a92cef2a2 (commit) - Log - commit 52dcc011191ad1a40fd52ae92ef009309deaca52 Author: Dmitry Belyavskiy Date: Mon Sep 20 16:35:10 2021 +0200 Avoid double-free on unsuccessful getting PRNG seeding Fixes #16631 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16636) --- Summary of changes: providers/implementations/rands/seed_src.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/providers/implementations/rands/seed_src.c b/providers/implementations/rands/seed_src.c index 173c99ce17..7a4b780bb4 100644 --- a/providers/implementations/rands/seed_src.c +++ b/providers/implementations/rands/seed_src.c @@ -201,10 +201,11 @@ static size_t seed_get_seed(void *vseed, unsigned char **pout, ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; } -*pout = p; if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance, - adin, adin_len) != 0) + adin, adin_len) != 0) { +*pout = p; return bytes_needed; +} OPENSSL_secure_clear_free(p, bytes_needed); return 0; }
[openssl] master update
The branch master has been updated via 6923d261b819cdd5d9e0a72337da6d6a92cef2a2 (commit) via 537976defe0775c016b9dbb36406bee1e96d0edb (commit) via 7e399f03829aad161b52b9c433b8d349c5922739 (commit) via 7a27bdbdce3d6d6548d5878a30aecc989fcab574 (commit) via 86cfd132ffc4f6198cc640a29c293850c0a59914 (commit) from dc18f036f161e1e49e1d001046716c77d1699e70 (commit) - Log - commit 6923d261b819cdd5d9e0a72337da6d6a92cef2a2 Author: Dmitry Belyavskiy Date: Fri Sep 17 17:49:39 2021 +0200 Update the default value for the -nameopt option - documentation Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16583) commit 537976defe0775c016b9dbb36406bee1e96d0edb Author: Dmitry Belyavskiy Date: Fri Sep 17 17:47:55 2021 +0200 NEWS and CHANGES are updated about switching to utf8 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16583) commit 7e399f03829aad161b52b9c433b8d349c5922739 Author: Dmitry Belyavskiy Date: Mon Sep 13 19:24:24 2021 +0200 Tests adjustments for default output change Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16583) commit 7a27bdbdce3d6d6548d5878a30aecc989fcab574 Author: Dmitry Belyavskiy Date: Thu Sep 16 17:47:47 2021 +0200 Update gost-engine to match new default nameopt Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16583) commit 86cfd132ffc4f6198cc640a29c293850c0a59914 Author: Dmitry Belyavskiy Date: Sat Sep 11 13:56:28 2021 +0200 Use -nameopt utf8 by default Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16583) --- Summary of changes: CHANGES.md | 5 - NEWS.md | 5 +++-- apps/lib/apps.c | 2 +- doc/man1/openssl-namedisplay-options.pod | 2 +- gost-engine | 2 +- test/recipes/25-test_rusext.t| 6 +- test/recipes/80-test_pkcs12.t| 2 +- 7 files changed, 16 insertions(+), 8 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 58dffb15ef..c9d3825eec 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,7 +24,10 @@ OpenSSL 3.1 ### Changes between 3.0 and 3.1 [xx XXX ] - * + * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings + by default. + + *Dmitry Belyavskiy* OpenSSL 3.0 --- diff --git a/NEWS.md b/NEWS.md index 7cf0d8a7b7..720cec7330 100644 --- a/NEWS.md +++ b/NEWS.md @@ -21,12 +21,13 @@ OpenSSL 3.1 ### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development] - * + * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings + by default. OpenSSL 3.0 --- -### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] +### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 * Enhanced 'openssl list' with many new options. * Added migration guide to man7. diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 43c01401e8..6fe99422b9 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -197,7 +197,7 @@ int set_nameopt(const char *arg) unsigned long get_nameopt(void) { -return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; +return (nmflag_set) ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT; } void dump_cert_text(BIO *out, X509 *x) diff --git a/doc/man1/openssl-namedisplay-options.pod b/doc/man1/openssl-namedisplay-options.pod index ff6ed1f4b4..a12f4dbf66 100644 --- a/doc/man1/openssl-namedisplay-options.pod +++ b/doc/man1/openssl-namedisplay-options.pod @@ -18,7 +18,7 @@ displayed. This is specified by using the B<-nameopt> option, which takes a comma-separated list of options from the following set. An option may be preceded by a minus sign, C<->, to turn it off. -The default value is C. +The default value is C. The first four are the most commonly used. =head1 OPTIONS diff --git a/gost-engine b/gost-engine index 62583fb222..9869058423 16 --- a/gost-engine +++ b/gost-engine @@ -1 +1 @@ -Subproject commit 62583fb222ec89ff4f6aa3d18b91ed3e64ed5cea +Subproject commit 986905842330e4a54e61334eb508fe3147c43e38 diff --git a/test/recipes/25-test_rusext.t b/test/recipes/25-test_rusext.t index 05727f9d04..6c02ed1ba2 100644 --- a/test/recipes/25-test_rusext.t +++ b/test/recipes/25-test_rusext.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_rusext"); -plan tests => 5; +plan tests => 7; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); my $pem = srctop_file("test/certs", "grfc.pem"); @@ -31,3 +31,7 @@
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 5a05c0d05233051f7af736e4f906b99f42212526 (commit) from 8f3bcfdfddf8b670439150d9ce6b2aec5df6c036 (commit) - Log - commit 5a05c0d05233051f7af736e4f906b99f42212526 Author: Richard Levitte Date: Sun Sep 19 11:05:35 2021 +0200 Fix util/mkpod2html.pl to call pod2html with absolute paths It turns out that on VMS, pod2html only recognises VMS directory specifications if they contain a device name, which is accomplished by making them absolute. Otherwise, a VMS build that includes building the document HTML files ends up with an error like this: $ perl [---.downloads.openssl-3_0-snap-20210916.util]mkpod2html.pl -i [---.downloads.openssl-3_0-snap-20210916.doc.man1]CA.pl.pod -o [.DOC.HTML.MAN1]CA.PL.HTML -t "CA.pl" -r "[---.downloads.openssl-3_0-snap-20210916.doc]" [---.downloads.openssl-3_0-snap-20210916.util]mkpod2html.pl: error changing to directory -/-/-/downloads/openssl-3_0-snap-20210916/doc/: no such file or directory %SYSTEM-F-ABORT, abort Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16626) (cherry picked from commit dc18f036f161e1e49e1d001046716c77d1699e70) --- Summary of changes: util/mkpod2html.pl | 9 + 1 file changed, 9 insertions(+) diff --git a/util/mkpod2html.pl b/util/mkpod2html.pl index 2df4b22b41..ea1164d597 100755 --- a/util/mkpod2html.pl +++ b/util/mkpod2html.pl @@ -12,6 +12,7 @@ use warnings; use lib "."; use Getopt::Std; use Pod::Html; +use File::Spec::Functions qw(:DEFAULT rel2abs); # Options. our($opt_i);# -i INFILE @@ -25,6 +26,14 @@ die "-o flag missing" unless $opt_o; die "-t flag missing" unless $opt_t; die "-r flag missing" unless $opt_r; +# We originally used realpath() here, but the Windows implementation appears +# to require that the directory or file exist to be able to process the input, +# so we use rel2abs() instead, which only processes the string without +# looking further. +$opt_i = rel2abs($opt_i) or die "Can't convert to real path: $!"; +$opt_o = rel2abs($opt_o) or die "Can't convert to real path: $!"; +$opt_r = rel2abs($opt_r) or die "Can't convert to real path: $!"; + pod2html "--infile=$opt_i", "--outfile=$opt_o",
[openssl] master update
The branch master has been updated via dc18f036f161e1e49e1d001046716c77d1699e70 (commit) from 08d8c2d87ec782e95c28ff795e096c2f6f590d63 (commit) - Log - commit dc18f036f161e1e49e1d001046716c77d1699e70 Author: Richard Levitte Date: Sun Sep 19 11:05:35 2021 +0200 Fix util/mkpod2html.pl to call pod2html with absolute paths It turns out that on VMS, pod2html only recognises VMS directory specifications if they contain a device name, which is accomplished by making them absolute. Otherwise, a VMS build that includes building the document HTML files ends up with an error like this: $ perl [---.downloads.openssl-3_0-snap-20210916.util]mkpod2html.pl -i [---.downloads.openssl-3_0-snap-20210916.doc.man1]CA.pl.pod -o [.DOC.HTML.MAN1]CA.PL.HTML -t "CA.pl" -r "[---.downloads.openssl-3_0-snap-20210916.doc]" [---.downloads.openssl-3_0-snap-20210916.util]mkpod2html.pl: error changing to directory -/-/-/downloads/openssl-3_0-snap-20210916/doc/: no such file or directory %SYSTEM-F-ABORT, abort Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16626) --- Summary of changes: util/mkpod2html.pl | 9 + 1 file changed, 9 insertions(+) diff --git a/util/mkpod2html.pl b/util/mkpod2html.pl index 2df4b22b41..ea1164d597 100755 --- a/util/mkpod2html.pl +++ b/util/mkpod2html.pl @@ -12,6 +12,7 @@ use warnings; use lib "."; use Getopt::Std; use Pod::Html; +use File::Spec::Functions qw(:DEFAULT rel2abs); # Options. our($opt_i);# -i INFILE @@ -25,6 +26,14 @@ die "-o flag missing" unless $opt_o; die "-t flag missing" unless $opt_t; die "-r flag missing" unless $opt_r; +# We originally used realpath() here, but the Windows implementation appears +# to require that the directory or file exist to be able to process the input, +# so we use rel2abs() instead, which only processes the string without +# looking further. +$opt_i = rel2abs($opt_i) or die "Can't convert to real path: $!"; +$opt_o = rel2abs($opt_o) or die "Can't convert to real path: $!"; +$opt_r = rel2abs($opt_r) or die "Can't convert to real path: $!"; + pod2html "--infile=$opt_i", "--outfile=$opt_o",
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 8f3bcfdfddf8b670439150d9ce6b2aec5df6c036 (commit) from 56b8f434c7da35b4de16603faad4170eb1d80710 (commit) - Log - commit 8f3bcfdfddf8b670439150d9ce6b2aec5df6c036 Author: Pauli Date: Mon Sep 20 09:54:10 2021 +1000 ci: add copyright header to CI scripts There is quite a bit of creative effort in these and even more trouble- shooting effort. I.e. they are non-trivial from a copyright perspective. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16628) (cherry picked from commit 08d8c2d87ec782e95c28ff795e096c2f6f590d63) --- Summary of changes: .github/workflows/ci.yml| 7 +++ .github/workflows/compiler-zoo.yml | 7 +++ .github/workflows/coveralls.yml | 7 +++ .github/workflows/cross-compiles.yml| 7 +++ .github/workflows/fips-checksums.yml| 7 +++ .github/workflows/fips-label.yml| 7 +++ .github/workflows/fuzz-checker.yml | 7 +++ .github/workflows/main.yml | 7 +++ .github/workflows/run-checker-ci.yml| 7 +++ .github/workflows/run-checker-daily.yml | 7 +++ .github/workflows/run-checker-merge.yml | 7 +++ .github/workflows/windows.yml | 7 +++ 12 files changed, 84 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 601ba5f6b1..c7a344c529 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: GitHub CI on: [pull_request, push] diff --git a/.github/workflows/compiler-zoo.yml b/.github/workflows/compiler-zoo.yml index 29a9097343..55d108543f 100644 --- a/.github/workflows/compiler-zoo.yml +++ b/.github/workflows/compiler-zoo.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: Compiler Zoo CI on: [push] diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 45e9e8e62e..3392edda4a 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: Coverage #Run once a day diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index 576a9d3b18..ebfc13c626 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: Cross Compile on: [pull_request, push] diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index d8aea44786..78351981d5 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: FIPS Checksums on: [pull_request] diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml index eb87f200f5..c241801b9e 100644 --- a/.github/workflows/fips-label.yml +++ b/.github/workflows/fips-label.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: FIPS Changed Label on: workflow_run: diff --git
[openssl] master update
The branch master has been updated via 08d8c2d87ec782e95c28ff795e096c2f6f590d63 (commit) from d270a6c9ea9f240f653a98c7eb0a5c2134a5d63a (commit) - Log - commit 08d8c2d87ec782e95c28ff795e096c2f6f590d63 Author: Pauli Date: Mon Sep 20 09:54:10 2021 +1000 ci: add copyright header to CI scripts There is quite a bit of creative effort in these and even more trouble- shooting effort. I.e. they are non-trivial from a copyright perspective. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16628) --- Summary of changes: .github/workflows/ci.yml| 7 +++ .github/workflows/compiler-zoo.yml | 7 +++ .github/workflows/coveralls.yml | 7 +++ .github/workflows/cross-compiles.yml| 7 +++ .github/workflows/fips-checksums.yml| 7 +++ .github/workflows/fips-label.yml| 7 +++ .github/workflows/fuzz-checker.yml | 7 +++ .github/workflows/main.yml | 7 +++ .github/workflows/run-checker-ci.yml| 7 +++ .github/workflows/run-checker-daily.yml | 7 +++ .github/workflows/run-checker-merge.yml | 7 +++ .github/workflows/windows.yml | 7 +++ 12 files changed, 84 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 601ba5f6b1..c7a344c529 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: GitHub CI on: [pull_request, push] diff --git a/.github/workflows/compiler-zoo.yml b/.github/workflows/compiler-zoo.yml index 29a9097343..55d108543f 100644 --- a/.github/workflows/compiler-zoo.yml +++ b/.github/workflows/compiler-zoo.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: Compiler Zoo CI on: [push] diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 45e9e8e62e..3392edda4a 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: Coverage #Run once a day diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index 576a9d3b18..ebfc13c626 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: Cross Compile on: [pull_request, push] diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index d8aea44786..78351981d5 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: FIPS Checksums on: [pull_request] diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml index eb87f200f5..c241801b9e 100644 --- a/.github/workflows/fips-label.yml +++ b/.github/workflows/fips-label.yml @@ -1,3 +1,10 @@ +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + name: FIPS Changed Label on: workflow_run: diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index