CVS: cvs.openbsd.org: src

2022-04-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/04/28 09:42:10

Modified files:
usr.bin/openssl: pkcs12.c 

Log message:
Fix comparison in openssl(1) pkcs12

comment from tb@



CVS: cvs.openbsd.org: src

2022-04-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/04/28 09:29:10

Modified files:
usr.bin/openssl: pkcs12.c 

Log message:
Compare pointer value with NULL in openssl(1) pkcs12

ok tb@



CVS: cvs.openbsd.org: src

2022-04-10 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/04/10 06:42:33

Modified files:
lib/libcrypto/asn1: a_object.c 

Log message:
Set ASN1_OBJECT_FLAG_DYNAMIC_DATA flag with t2i_ASN1_OBJECT_internal

'flags' should have ASN1_OBJECT_FLAG_DYNAMIC_DATA bit to free 'data'
by ASN1_OBJECT_free as c2i_ASN1_OBJECT_cbs does.

ok jsing@ tb@



CVS: cvs.openbsd.org: www

2022-04-09 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:www
Changes by: inogu...@cvs.openbsd.org2022/04/09 03:56:34

Modified files:
.  : 71.html 

Log message:
Added LibreSSL

- Mostly from 3.5.0 ChangeLog.
- Added 3.5.1 release notes, DSA and EC private key infinite loop fix.
- Added ASAN CI enablement for portable improvements.

ok bcook@



CVS: cvs.openbsd.org: src

2022-03-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/28 05:02:49

Modified files:
usr.bin/openssl: pkcs12.c 

Log message:
Change internal functions to static in openssl(1) pkcs12

ok tb@



CVS: cvs.openbsd.org: src

2022-03-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/28 04:56:26

Modified files:
usr.bin/openssl: pkcs12.c 

Log message:
Remove unused function cert_load in openssl(1) pkcs12

ok tb@



CVS: cvs.openbsd.org: src

2022-03-26 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/26 18:37:10

Modified files:
usr.bin/openssl: ts.c 

Log message:
Check EVP_Digest* functions return value in openssl(1) ts

Move up md_ctx and add EVP_MD_CTX_free under the 'err:' label.
CID 149810

comment and ok jsing@



CVS: cvs.openbsd.org: src

2022-03-24 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/24 08:07:08

Modified files:
usr.bin/openssl: ts.c 

Log message:
Check function return value



CVS: cvs.openbsd.org: src

2022-03-24 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/24 07:47:55

Modified files:
usr.bin/openssl: ts.c 

Log message:
Compare pointer value with NULL



CVS: cvs.openbsd.org: src

2022-03-24 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/24 06:00:17

Modified files:
usr.bin/openssl: ts.c 

Log message:
Wrap long lines



CVS: cvs.openbsd.org: src

2022-03-24 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/24 05:40:07

Modified files:
usr.bin/openssl: ts.c 

Log message:
Remove space between asterisk and variable name



CVS: cvs.openbsd.org: src

2022-03-24 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/24 05:27:45

Modified files:
usr.bin/openssl: ts.c 

Log message:
Convert openssl(1) ts option handling

Apply new option handling to openssl(1) ts, and there is no functional
changes here.
usage strings are comes from manual page.

comments and ok jsing@



CVS: cvs.openbsd.org: src

2022-01-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/28 19:03:19

Modified files:
lib/libtls : tls_signer.c 

Log message:
Add limits.h for INT_MAX in tls_signer.c

ok jsing@ tb@



CVS: cvs.openbsd.org: src

2022-01-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/28 06:14:48

Modified files:
lib/libssl : ssl_cert.c 

Log message:
Error check for sk_push in libssl

CID 118976 118979

ok tb@



CVS: cvs.openbsd.org: src

2022-01-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/28 06:11:56

Modified files:
lib/libssl : d1_srtp.c 

Log message:
Error check for sk_push in libssl

CID 24838

comment and ok tb@



CVS: cvs.openbsd.org: src

2022-01-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/21 17:45:17

Modified files:
lib/libcrypto/modes: cbc128.c 

Log message:
Use memmove instead of memcpy for overlapping memory

CID 251047 251094

OK beck@ jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/21 17:43:41

Modified files:
lib/libcrypto/aes: aes_ige.c 

Log message:
Use memmove instead of memcpy for overlapping memory

CID 250936 251103

OK beck@ jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/21 17:36:46

Modified files:
lib/libcrypto/x509: x509_vfy.c 

Log message:
X509_GET_PUBKEY(3) return value check in libcrypto

CID 345116

ok beck@ tb@



CVS: cvs.openbsd.org: src

2022-01-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/21 17:34:48

Modified files:
lib/libcrypto/x509: x509_req.c 

Log message:
X509_GET_PUBKEY(3) return value check in libcrypto

CID 25131

ok beck@ tb@

suggest using X509_REQ_get0_pubkey() and remove the EVP_PKEY_free() from tb@



CVS: cvs.openbsd.org: src

2022-01-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/21 17:33:02

Modified files:
lib/libcrypto/ocsp: ocsp_vfy.c 

Log message:
X509_GET_PUBKEY(3) return value check in libcrypto

ok beck@ tb@

suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@



CVS: cvs.openbsd.org: src

2022-01-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/21 17:31:23

Modified files:
lib/libcrypto/ocsp: ocsp_lib.c 

Log message:
X509_GET_PUBKEY(3) return value check in libcrypto

ok beck@ tb@



CVS: cvs.openbsd.org: src

2022-01-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/21 17:29:59

Modified files:
lib/libcrypto/ct: ct_sct.c 

Log message:
X509_GET_PUBKEY(3) return value check in libcrypto

ok beck@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:31:37

Modified files:
lib/libcrypto/evp: e_rc2.c 

Log message:
Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:22:48

Modified files:
lib/libcrypto/evp: e_rc2.c 

Log message:
Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:18:49

Modified files:
lib/libcrypto/pkcs12: p12_init.c 

Log message:
Add check for OBJ_nid2obj return value

input from tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:15:39

Modified files:
lib/libcrypto/pkcs12: p12_init.c 

Log message:
Add check for ASN1_INTEGER_set

CID 24893

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:12:14

Modified files:
lib/libcrypto/sm2: sm2_sign.c 

Log message:
Fix check for BN_mod_inverse_ct return value

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:11:17

Modified files:
lib/libcrypto/rsa: rsa_gen.c 

Log message:
Fix check for BN_mod_inverse_ct return value

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:10:11

Modified files:
lib/libcrypto/rsa: rsa_eay.c 

Log message:
Add check for BN_sub return value

CID 24839

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:08:12

Modified files:
lib/libcrypto/rsa: rsa_chk.c 

Log message:
Fix check for BN_mod_inverse_ct return value

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:06:24

Modified files:
lib/libcrypto/evp: p_lib.c 

Log message:
Add check for BIO_indent return value

CID 24778

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:03:49

Modified files:
lib/libcrypto/ecdsa: ecs_ossl.c 

Log message:
Fix check for BN_mod_inverse_ct return value

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:02:45

Modified files:
lib/libcrypto/ec: ecp_smpl.c 

Log message:
Fix check for BN_mod_inverse_ct return value

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 04:00:34

Modified files:
lib/libcrypto/dh: dh_ameth.c 

Log message:
Add check for BIO_indent return value

CID 24812

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 03:58:35

Modified files:
lib/libcrypto/cms: cms_enc.c 

Log message:
Add check for EVP_CIPHER_CTX_set_key_length return value

It returns 1 on success and 0 for failure, never negative value.

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 03:56:22

Modified files:
lib/libcrypto/bn: bn_x931p.c 

Log message:
Add and fix check for BN functions return value

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 03:53:33

Modified files:
lib/libcrypto/bn: bn_print.c 

Log message:
Add check for BN functions return value

CID 21665 24835

comment from jsing@ and tb@
ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/20 03:49:56

Modified files:
lib/libcrypto/asn1: asn1_par.c 

Log message:
Add check for BIO_indent return value

CID 24869

ok jsing@ millert@ tb@



CVS: cvs.openbsd.org: src

2022-01-19 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/19 06:47:44

Modified files:
lib/libcrypto/cms: cms_pwri.c 

Log message:
Check return value from EVP_CIPHER_CTX_new in cms_pwri.c

CID 345137

ok jsing@ tb@



CVS: cvs.openbsd.org: src

2022-01-19 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/19 04:10:55

Modified files:
lib/libtls : tls_server.c 

Log message:
Check function return value in libtls

EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I choose to
return -1.
SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback.

This also could fix Coverity CID 345319.

ok jsing@ tb@



CVS: cvs.openbsd.org: src

2022-01-15 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/16 00:12:28

Modified files:
usr.bin/openssl: smime.c 

Log message:
Avoid memory leak in error path with openssl(1) smime

CID 345316

ok tb@



CVS: cvs.openbsd.org: src

2022-01-15 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/16 00:11:49

Modified files:
usr.bin/openssl: cms.c 

Log message:
Avoid memory leak in error path with openssl(1) cms

CID 345314 345320

ok tb@



CVS: cvs.openbsd.org: src

2022-01-14 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/14 19:46:12

Modified files:
regress/lib/libcrypto/free: freenull.c.head 

Log message:
Add ct.h and x509_vfy.h



CVS: cvs.openbsd.org: src

2022-01-14 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/14 16:55:46

Modified files:
lib/libcrypto/asn1: asn1_par.c 

Log message:
Avoid buffer overflow in asn1_parse2

asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.

Reported by oss-fuzz 43633 and 43648(later)

ok tb@



CVS: cvs.openbsd.org: src

2022-01-11 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/11 09:06:49

Modified files:
usr.bin/openssl: smime.c 

Log message:
Wrap long lines



CVS: cvs.openbsd.org: src

2022-01-11 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/11 08:45:00

Modified files:
usr.bin/openssl: smime.c 

Log message:
Check function return value



CVS: cvs.openbsd.org: src

2022-01-11 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/11 08:05:58

Modified files:
usr.bin/openssl: smime.c 

Log message:
Suppress warning



CVS: cvs.openbsd.org: src

2022-01-11 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/11 08:02:34

Modified files:
usr.bin/openssl: smime.c 

Log message:
Compare pointer variable with NULL



CVS: cvs.openbsd.org: src

2022-01-11 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/11 07:35:14

Modified files:
usr.bin/openssl: smime.c 

Log message:
Remove space between '*' and pointer variable.



CVS: cvs.openbsd.org: src

2022-01-11 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/11 07:23:05

Modified files:
usr.bin/openssl: smime.c 

Log message:
Convert openssl(1) smime option handling

Apply new option handling to openssl(1) smime and no functional changes.

input and ok jsing@



CVS: cvs.openbsd.org: src

2022-01-07 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/07 23:05:39

Modified files:
usr.bin/openssl: cms.c 

Log message:
Indicate current default cipher



CVS: cvs.openbsd.org: src

2022-01-06 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/06 05:54:51

Modified files:
usr.bin/openssl: cms.c 

Log message:
Free memory before assign to avoid leak

CID 313263 313301 313322



CVS: cvs.openbsd.org: src

2022-01-06 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/06 04:46:05

Modified files:
usr.bin/openssl: cms.c 

Log message:
Free memory if error occurred



CVS: cvs.openbsd.org: src

2022-01-06 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/06 04:37:29

Modified files:
usr.bin/openssl: cms.c 

Log message:
Remove NULL check before free



CVS: cvs.openbsd.org: src

2022-01-05 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/05 06:41:12

Modified files:
usr.bin/openssl: cms.c 

Log message:
Wrap long lines and add some braces



CVS: cvs.openbsd.org: src

2022-01-05 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/05 05:51:49

Modified files:
usr.bin/openssl: cms.c 

Log message:
Check function return value



CVS: cvs.openbsd.org: src

2022-01-05 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/05 04:38:19

Modified files:
usr.bin/openssl: cms.c 

Log message:
Checking pointer variable with NULL



CVS: cvs.openbsd.org: src

2022-01-05 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/05 03:33:36

Modified files:
usr.bin/openssl: cms.c 

Log message:
Use calloc instead of malloc

suggested by tb@



CVS: cvs.openbsd.org: src

2022-01-05 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/05 03:29:08

Modified files:
usr.bin/openssl: cms.c 

Log message:
Check NULL first and unindent the rest of the code

suggested by tb@



CVS: cvs.openbsd.org: src

2022-01-05 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/01/05 03:01:39

Modified files:
usr.bin/openssl: cms.c 

Log message:
Convert openssl(1) cms option handling

Just applying new option handling and no functional changes.
Referred to verify.c and using 'verify_shared_options'.

ok and comments from jsing@ and tb@



CVS: cvs.openbsd.org: src

2021-09-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/20 04:45:01

Modified files:
regress/usr.bin/openssl: appstest.sh 

Log message:
Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.



CVS: cvs.openbsd.org: src

2021-09-14 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/14 17:07:18

Modified files:
lib/libssl : ssl.h 

Log message:
Avoid typedef redefinition

"typedef struct ssl_st SSL;" is defined in ossl_typ.h.
This reverts part of r1.204.

ok tb@



CVS: cvs.openbsd.org: src

2021-09-04 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/04 22:05:14

Modified files:
usr.bin/openssl: ca.c 

Log message:
Remove unused variable tmptm in do_body of openssl(1) ca



CVS: cvs.openbsd.org: src

2021-09-04 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/04 19:55:54

Modified files:
usr.bin/openssl: ca.c openssl.1 

Log message:
Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@



CVS: cvs.openbsd.org: src

2021-09-04 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/04 19:49:42

Modified files:
usr.bin/openssl: ca.c 

Log message:
Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@



CVS: cvs.openbsd.org: src

2021-09-04 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/04 19:33:19

Modified files:
usr.bin/openssl: ca.c 

Log message:
Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@



CVS: cvs.openbsd.org: src

2021-09-02 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/02 05:37:44

Modified files:
usr.bin/openssl: ca.c 

Log message:
Use defined constants



CVS: cvs.openbsd.org: src

2021-09-02 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/02 05:30:15

Modified files:
usr.bin/openssl: apps.h 

Log message:
Add DB_TYPE_SUSP



CVS: cvs.openbsd.org: src

2021-09-02 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/09/02 05:07:56

Modified files:
usr.bin/openssl: ca.c 

Log message:
Move subject check process after the subject edit process

Referred to OpenSSL commit 2cedf794 and arranged for our codebase.

ok tb@



CVS: cvs.openbsd.org: src

2021-08-30 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/30 06:25:54

Modified files:
usr.bin/openssl: ca.c 

Log message:
Clean up end of do_body in openssl(1) ca

suggested from tb@



CVS: cvs.openbsd.org: src

2021-08-30 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/30 06:12:11

Modified files:
usr.bin/openssl: ca.c 

Log message:
Remove NULL check before free in openssl(1) ca

ok tb@



CVS: cvs.openbsd.org: src

2021-08-27 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/27 23:30:09

Modified files:
usr.bin/openssl: ca.c 

Log message:
Check X509_get_notAfter return value in openssl(1) ca.c



CVS: cvs.openbsd.org: src

2021-08-27 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/27 23:14:30

Modified files:
usr.bin/openssl: ca.c 

Log message:
Use strndup instead of malloc, memcpy and NULL termination in openssl(1) ca.c

suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().



CVS: cvs.openbsd.org: src

2021-08-27 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/27 22:02:21

Modified files:
usr.bin/openssl: ca.c 

Log message:
Remove ASN1_TIME_new and use NULL for X509_gmtime_adj, free tmptm in err path

comments from tb@



CVS: cvs.openbsd.org: src

2021-08-27 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/27 20:40:17

Modified files:
usr.bin/openssl: ca.c 

Log message:
Unwrap lines in openssl(1) ca.c

suggested from tb@



CVS: cvs.openbsd.org: src

2021-08-27 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/27 20:24:10

Modified files:
usr.bin/openssl: ca.c 

Log message:
Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@



CVS: cvs.openbsd.org: src

2021-08-27 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/08/27 20:11:18

Modified files:
usr.bin/openssl: ca.c 

Log message:
Checking the return value in openssl(1) ca.c

Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.

ok and comments from tb@



CVS: cvs.openbsd.org: src

2021-07-24 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/07/24 07:21:04

Modified files:
usr.bin/openssl: ca.c 

Log message:
Compare strcmp and strcasecmp return value with zero



CVS: cvs.openbsd.org: src

2021-07-20 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/07/20 06:04:53

Modified files:
usr.bin/openssl: ca.c 

Log message:
Check pointer variable if it is NULL in ca.c

missed with r1.32



CVS: cvs.openbsd.org: src

2021-07-15 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/07/15 06:41:49

Modified files:
usr.bin/openssl: ca.c 

Log message:
Wrap over 80 long lines in ca.c



CVS: cvs.openbsd.org: src

2021-07-15 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/07/15 05:43:27

Modified files:
usr.bin/openssl: ca.c 

Log message:
Explicitly check pointer variable if it is NULL or not in ca.c



CVS: cvs.openbsd.org: src

2021-07-15 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/07/15 04:26:44

Modified files:
usr.bin/openssl: ca.c 

Log message:
Remove space between '*' and pointer variable in ca.c



CVS: cvs.openbsd.org: src

2021-07-15 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/07/15 04:15:22

Modified files:
usr.bin/openssl: ca.c 

Log message:
Use 'serial' rather than 'ser' in ca.c

input from jsing@



CVS: cvs.openbsd.org: src

2021-07-15 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/07/15 03:56:32

Modified files:
usr.bin/openssl: ca.c 

Log message:
Convert openssl(1) ca option handling

New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".

I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not

comments and ok from jsing@



CVS: cvs.openbsd.org: src

2021-06-21 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/06/21 07:29:05

Modified files:
regress/usr.bin/openssl: appstest.sh 

Log message:
Add GnuTLS interoperability test in appstest.sh



CVS: cvs.openbsd.org: src

2021-06-08 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/06/08 05:19:39

Modified files:
lib/libcrypto  : generate_pkgconfig.sh 
lib/libssl : generate_pkgconfig.sh 

Log message:
Fix pkg-config .pc files with LibreSSL

In libssl.pc, Libs: should not have '-lcrypto', and Requires.private:
should have it as 'libcrypto'.
openssl.pc does not need Libs: and Cflags:, but should have Requires:.

OK millert@



CVS: cvs.openbsd.org: src

2021-05-19 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/05/19 04:12:56

Modified files:
lib/libcrypto/objects: obj_xref.txt 

Log message:
Adjust libcrypto obj_xref.txt to obj_xref.h

To generate current obj_xref.h, third item of lines
id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001.

obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time,
and these third item were coded different value each other.

This adjusts obj_xref.txt to current obj_xref.h.

ok tb@



CVS: cvs.openbsd.org: src

2021-05-14 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/05/14 04:50:55

Modified files:
lib/libcrypto/objects: objxref.pl 

Log message:
Improve libcrypto obj_xref.h generator

Modify objxref.pl to output $OpenBSD$ header and
__BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS .

ok and comment from tb@



CVS: cvs.openbsd.org: src

2021-05-12 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/05/12 04:39:14

Modified files:
regress/usr.bin/openssl: appstest.sh 

Log message:
Modify cms test in appstest.sh to work with ec cert/key



CVS: cvs.openbsd.org: src

2021-05-12 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/05/12 04:24:39

Modified files:
lib/libcrypto/objects: obj_xref.h obj_xref.txt 

Log message:
Add obj_xref for ECDH schemes in RFC 5753

Found missing sigoid_srt record in crypto/objects/obj_xref.h, and
this causes error while executing openssl cms -encrypt with EC key/cert.
Added required definitions to obj_xref.txt and obj_xref.h.

Issue reported by Theodore Wynnychenko (tmw  uchicago.edu) on misc.

ok tb@



CVS: cvs.openbsd.org: src

2021-05-03 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/05/03 17:44:05

Modified files:
regress/lib/libssl/dtls: dtlstest.c 

Log message:
Use limits.h instead of sys/limits.h in dtlstest.c for portable

discussed and input from jsing@



CVS: cvs.openbsd.org: src

2021-05-03 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/05/03 17:42:04

Modified files:
regress/lib/libssl/unit: Makefile ssl_get_shared_ciphers.c 

Log message:
Modify regress ssl_get_shared_ciphers for portable

- Split out the intermediate path (../certs/) to Makefile
- Change 'shutdown' to 'shutdown_all'

ok tb@



CVS: cvs.openbsd.org: src

2021-04-27 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/04/27 04:13:04

Modified files:
regress/usr.bin/openssl: appstest.sh 

Log message:
Add DTLS test in appstest.sh



CVS: cvs.openbsd.org: src

2021-04-23 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/04/23 18:10:43

Modified files:
regress/usr.bin/openssl: appstest.sh 

Log message:
Remove "-4" option treatment and use it always on s_server test in appstest.sh



CVS: cvs.openbsd.org: src

2021-04-07 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/04/07 04:44:03

Modified files:
usr.bin/openssl: x509.c 

Log message:
Check function return value in openssl(1) x509.c

input from bcook@, ok and comments from tb@



CVS: cvs.openbsd.org: src

2021-04-07 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/04/07 04:29:58

Modified files:
usr.bin/openssl: x509.c 

Log message:
Avoid leak in error path

ok and input from tb@



CVS: cvs.openbsd.org: src

2021-04-02 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/04/02 04:19:20

Modified files:
usr.bin/openssl: s_cb.c 

Log message:
Show DTLS1.2 message with openssl(1) s_server and s_client

ok jsing@ tb@



CVS: cvs.openbsd.org: src

2021-04-01 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/04/01 04:47:38

Modified files:
usr.bin/openssl: x509.c 

Log message:
Compare the pointer variable explicitly with NULL in if condition



CVS: cvs.openbsd.org: src

2021-03-28 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/03/28 06:38:52

Modified files:
usr.bin/openssl: apps.h 

Log message:
Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@



CVS: cvs.openbsd.org: src

2021-03-26 Thread Inoguchi Kinichiro
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2021/03/26 07:46:25

Modified files:
usr.bin/openssl: x509.c 

Log message:
Sort header files and wrap long lines in x509.c



  1   2   3   >