Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Drxeg_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH0ZFEmdBXD7dJi7wMDRUrrCjSFn4xc36KCegjOgiIpKuSR7q-2FJjM3GCB3jjStvN7wcRCQvJdRHfkKQWF3y2jCotZEV8IlOAuWTm5m-2F0-2FkU9brLL7zbANUrdIPMK4Xkqn1gDHB1SLtsC-2Fz-2Fkq50xOHBRJ6n81YaoIBtTnlFshttpOlY-2F34rnJ06MiNhb80U-2BKw-3D Build ID: 439525 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 413ffdd1b6b6345f1b8891d1865fa090bcde5957 (commit) from 66d422c5738b74c6bd9d8b34e219eb98b6fcd60a (commit) - Log - commit 413ffdd1b6b6345f1b8891d1865fa090bcde5957 Author: Jiasheng Jiang Date: Thu Feb 17 17:47:00 2022 +0800 test/crltest.c: Add check for glue2bio As the glue2bio() could return NULL pointer if fails, it should be better to check the return value in order to avoid the use of NULL pointer. Signed-off-by: Jiasheng Jiang Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17718) (cherry picked from commit 18cb1740cc0fd11940836fa2fcaf6d3634c00e90) --- Summary of changes: test/crltest.c | 24 ++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/test/crltest.c b/test/crltest.c index 5d255d368a..f258c75efe 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -200,9 +200,16 @@ static BIO *glue2bio(const char **pem, char **out) */ static X509_CRL *CRL_from_strings(const char **pem) { +X509_CRL *crl; char *p; BIO *b = glue2bio(pem, &p); -X509_CRL *crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); + +if (b == NULL) { +OPENSSL_free(p); +return NULL; +} + +crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); OPENSSL_free(p); BIO_free(b); @@ -214,9 +221,16 @@ static X509_CRL *CRL_from_strings(const char **pem) */ static X509 *X509_from_strings(const char **pem) { +X509 *x; char *p; BIO *b = glue2bio(pem, &p); -X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL); + +if (b == NULL) { +OPENSSL_free(p); +return NULL; +} + +x = PEM_read_bio_X509(b, NULL, NULL, NULL); OPENSSL_free(p); BIO_free(b); @@ -363,6 +377,12 @@ static int test_reuse_crl(void) char *p; BIO *b = glue2bio(kRevokedCRL, &p); +if (b == NULL) { +OPENSSL_free(p); +X509_CRL_free(reused_crl); +return 0; +} + reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); OPENSSL_free(p);
[openssl] master update
The branch master has been updated via 18cb1740cc0fd11940836fa2fcaf6d3634c00e90 (commit) from cf21d1c62dcd92be624ea0fb8a86d91e4fbeed93 (commit) - Log - commit 18cb1740cc0fd11940836fa2fcaf6d3634c00e90 Author: Jiasheng Jiang Date: Thu Feb 17 17:47:00 2022 +0800 test/crltest.c: Add check for glue2bio As the glue2bio() could return NULL pointer if fails, it should be better to check the return value in order to avoid the use of NULL pointer. Signed-off-by: Jiasheng Jiang Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17718) --- Summary of changes: test/crltest.c | 24 ++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/test/crltest.c b/test/crltest.c index 3b76f4f0ae..2c0a8153c6 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -200,9 +200,16 @@ static BIO *glue2bio(const char **pem, char **out) */ static X509_CRL *CRL_from_strings(const char **pem) { +X509_CRL *crl; char *p; BIO *b = glue2bio(pem, &p); -X509_CRL *crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); + +if (b == NULL) { +OPENSSL_free(p); +return NULL; +} + +crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); OPENSSL_free(p); BIO_free(b); @@ -214,9 +221,16 @@ static X509_CRL *CRL_from_strings(const char **pem) */ static X509 *X509_from_strings(const char **pem) { +X509 *x; char *p; BIO *b = glue2bio(pem, &p); -X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL); + +if (b == NULL) { +OPENSSL_free(p); +return NULL; +} + +x = PEM_read_bio_X509(b, NULL, NULL, NULL); OPENSSL_free(p); BIO_free(b); @@ -363,6 +377,12 @@ static int test_reuse_crl(void) char *p; BIO *b = glue2bio(kRevokedCRL, &p); +if (b == NULL) { +OPENSSL_free(p); +X509_CRL_free(reused_crl); +return 0; +} + reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); OPENSSL_free(p);
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 66d422c5738b74c6bd9d8b34e219eb98b6fcd60a (commit) from e19edf7361b952674135b8500144df6afec18319 (commit) - Log - commit 66d422c5738b74c6bd9d8b34e219eb98b6fcd60a Author: Jiasheng Jiang Date: Fri Feb 18 10:13:08 2022 +0800 bio_enc.c: add check for BIO_new_mem_buf Since the memory allocation may fail, the BIO_new_mem_buf() may return NULL pointer. Therefore, it should be better to check it and return error if fails. Signed-off-by: Jiasheng Jiang Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17730) (cherry picked from commit cf21d1c62dcd92be624ea0fb8a86d91e4fbeed93) --- Summary of changes: test/bio_enc_test.c | 52 +--- 1 file changed, 37 insertions(+), 15 deletions(-) diff --git a/test/bio_enc_test.c b/test/bio_enc_test.c index b383cdce1c..d3f914b656 100644 --- a/test/bio_enc_test.c +++ b/test/bio_enc_test.c @@ -38,7 +38,7 @@ static const unsigned char IV[] = { static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, const unsigned char* iv) { -BIO *b; +BIO *b, *mem; static unsigned char inp[BUF_SIZE] = { 0 }; unsigned char out[BUF_SIZE], ref[BUF_SIZE]; int i, lref, len; @@ -54,8 +54,11 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, if (!TEST_ptr(b)) return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) -return 0; -BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); +goto err; +mem = BIO_new_mem_buf(inp, DATA_SIZE); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); lref = BIO_read(b, ref, sizeof(ref)); BIO_free_all(b); @@ -66,16 +69,19 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { TEST_info("Split encrypt failed @ operation %d", i); -return 0; +goto err; } -BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); +mem = BIO_new_mem_buf(inp, DATA_SIZE); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Encrypt overstep check failed @ operation %d", i); -return 0; +goto err; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); @@ -95,9 +101,12 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { TEST_info("Small chunk encrypt failed @ operation %d", i); -return 0; +goto err; } -BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); +mem = BIO_new_mem_buf(inp, DATA_SIZE); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); memset(out, 0, sizeof(out)); for (len = 0; (delta = BIO_read(b, out + len, i)); ) { len += delta; @@ -117,9 +126,12 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, if (!TEST_ptr(b)) return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) -return 0; +goto err; /* Use original reference output as input */ -BIO_push(b, BIO_new_mem_buf(ref, lref)); +mem = BIO_new_mem_buf(ref, lref); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); (void)BIO_flush(b); memset(out, 0, sizeof(out)); len = BIO_read(b, out, sizeof(out)); @@ -135,16 +147,19 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) { TEST_info("Split decrypt failed @ operation %d", i); -return 0; +goto err; } -BIO_push(b, BIO_new_mem_buf(ref, lref)); +mem = BIO_new_mem_buf(ref, lref); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Decrypt overstep check failed @ operation %d", i); -return 0; +goto err; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); @@ -164,9 +179,12 @@ static int
[openssl] master update
The branch master has been updated via cf21d1c62dcd92be624ea0fb8a86d91e4fbeed93 (commit) from cbb6f4dbf0ce42b4cc4385d7b95236710504068d (commit) - Log - commit cf21d1c62dcd92be624ea0fb8a86d91e4fbeed93 Author: Jiasheng Jiang Date: Fri Feb 18 10:13:08 2022 +0800 bio_enc.c: add check for BIO_new_mem_buf Since the memory allocation may fail, the BIO_new_mem_buf() may return NULL pointer. Therefore, it should be better to check it and return error if fails. Signed-off-by: Jiasheng Jiang Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17730) --- Summary of changes: test/bio_enc_test.c | 52 +--- 1 file changed, 37 insertions(+), 15 deletions(-) diff --git a/test/bio_enc_test.c b/test/bio_enc_test.c index 0b95fae1cd..ffc69d00bf 100644 --- a/test/bio_enc_test.c +++ b/test/bio_enc_test.c @@ -38,7 +38,7 @@ static const unsigned char IV[] = { static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, const unsigned char* iv) { -BIO *b; +BIO *b, *mem; static unsigned char inp[BUF_SIZE] = { 0 }; unsigned char out[BUF_SIZE], ref[BUF_SIZE]; int i, lref, len; @@ -54,8 +54,11 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, if (!TEST_ptr(b)) return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) -return 0; -BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); +goto err; +mem = BIO_new_mem_buf(inp, DATA_SIZE); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); lref = BIO_read(b, ref, sizeof(ref)); BIO_free_all(b); @@ -66,16 +69,19 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { TEST_info("Split encrypt failed @ operation %d", i); -return 0; +goto err; } -BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); +mem = BIO_new_mem_buf(inp, DATA_SIZE); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Encrypt overstep check failed @ operation %d", i); -return 0; +goto err; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); @@ -95,9 +101,12 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { TEST_info("Small chunk encrypt failed @ operation %d", i); -return 0; +goto err; } -BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); +mem = BIO_new_mem_buf(inp, DATA_SIZE); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); memset(out, 0, sizeof(out)); for (len = 0; (delta = BIO_read(b, out + len, i)); ) { len += delta; @@ -117,9 +126,12 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, if (!TEST_ptr(b)) return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) -return 0; +goto err; /* Use original reference output as input */ -BIO_push(b, BIO_new_mem_buf(ref, lref)); +mem = BIO_new_mem_buf(ref, lref); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); (void)BIO_flush(b); memset(out, 0, sizeof(out)); len = BIO_read(b, out, sizeof(out)); @@ -135,16 +147,19 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) { TEST_info("Split decrypt failed @ operation %d", i); -return 0; +goto err; } -BIO_push(b, BIO_new_mem_buf(ref, lref)); +mem = BIO_new_mem_buf(ref, lref); +if (!TEST_ptr(mem)) +goto err; +BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Decrypt overstep check failed @ operation %d", i); -return 0; +goto err; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); @@ -164,9 +179,12 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, re
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via e19edf7361b952674135b8500144df6afec18319 (commit) from 6f4a98ce2157aca169709c80ea579e80e39011b6 (commit) - Log - commit e19edf7361b952674135b8500144df6afec18319 Author: Carlo Teubner <435950+c4...@users.noreply.github.com> Date: Fri Feb 18 10:00:52 2022 + X509_VERIFY_PARAM_set_flags.pod: fix typos CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17731) (cherry picked from commit cbb6f4dbf0ce42b4cc4385d7b95236710504068d) --- Summary of changes: doc/man3/X509_VERIFY_PARAM_set_flags.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 1213627be7..55bdf877b3 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -249,8 +249,8 @@ certificate. An error occurs if a suitable CRL cannot be found. B enables CRL checking for the entire certificate chain. -B disabled critical extension checking. By default -any unhandled critical extensions in certificates or (if checked) CRLs results +B disables critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs result in a fatal error. If this flag is set unhandled critical extensions are ignored. B setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are
[openssl] master update
The branch master has been updated via cbb6f4dbf0ce42b4cc4385d7b95236710504068d (commit) from 632e8be2b570959dc3781c6956171e7e49f1aa58 (commit) - Log - commit cbb6f4dbf0ce42b4cc4385d7b95236710504068d Author: Carlo Teubner <435950+c4...@users.noreply.github.com> Date: Fri Feb 18 10:00:52 2022 + X509_VERIFY_PARAM_set_flags.pod: fix typos CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17731) --- Summary of changes: doc/man3/X509_VERIFY_PARAM_set_flags.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 4437b93fd6..62ef00bc33 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -249,8 +249,8 @@ certificate. An error occurs if a suitable CRL cannot be found. B enables CRL checking for the entire certificate chain. -B disabled critical extension checking. By default -any unhandled critical extensions in certificates or (if checked) CRLs results +B disables critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs result in a fatal error. If this flag is set unhandled critical extensions are ignored. B setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are
[openssl] master update
The branch master has been updated via 632e8be2b570959dc3781c6956171e7e49f1aa58 (commit) from 42659159f4d4a8c16a0e9b089d40a5831b60cbb6 (commit) - Log - commit 632e8be2b570959dc3781c6956171e7e49f1aa58 Author: Raul Ferrando Date: Tue Feb 15 16:02:41 2022 +0100 Add -quiet option to pkcs7 for -print_certs Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17708) --- Summary of changes: apps/pkcs7.c | 13 + doc/man1/openssl-pkcs7.pod.in | 6 ++ test/recipes/25-test_pkcs7.t | 15 ++- .../grfc.pem => recipes/25-test_pkcs7_data/grfc.out} | 1 + 4 files changed, 30 insertions(+), 5 deletions(-) copy test/{certs/grfc.pem => recipes/25-test_pkcs7_data/grfc.out} (99%) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index ac2dec152a..a95ea25377 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -23,8 +23,8 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT, -OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE, -OPT_PROV_ENUM +OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_QUIET, +OPT_ENGINE, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS pkcs7_options[] = { @@ -46,6 +46,8 @@ const OPTIONS pkcs7_options[] = { {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"}, {"print_certs", OPT_PRINT_CERTS, '-', "Print_certs print any certs or crl in the input"}, +{"quiet", OPT_QUIET, '-', + "When used with -print_certs, it produces a cleaner output"}, OPT_PROV_OPTIONS, {NULL} @@ -58,7 +60,7 @@ int pkcs7_main(int argc, char **argv) BIO *in = NULL, *out = NULL; int informat = FORMAT_PEM, outformat = FORMAT_PEM; char *infile = NULL, *outfile = NULL, *prog; -int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1; +int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, quiet = 0, ret = 1; OPTION_CHOICE o; OSSL_LIB_CTX *libctx = app_get0_libctx(); @@ -100,6 +102,9 @@ int pkcs7_main(int argc, char **argv) case OPT_PRINT_CERTS: print_certs = 1; break; +case OPT_QUIET: +quiet = 1; +break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; @@ -171,7 +176,7 @@ int pkcs7_main(int argc, char **argv) x = sk_X509_value(certs, i); if (text) X509_print(out, x); -else +else if (!quiet) dump_cert_text(out, x); if (!noout) diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in index efd772d1d4..eeb5c356f0 100644 --- a/doc/man1/openssl-pkcs7.pod.in +++ b/doc/man1/openssl-pkcs7.pod.in @@ -19,6 +19,7 @@ B B [B<-out> I] [B<-print>] [B<-print_certs>] +[B<-quiet>] [B<-text>] [B<-noout>] {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} @@ -63,6 +64,11 @@ Print out the full PKCS7 object. Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. +=item B<-quiet> + +When used with -print_certs, prints out just the PEM-encoded +certificates without any other output. + =item B<-text> Prints out certificate details in full rather than just subject and diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t index 37cd43dc6b..2905fe8fe0 100644 --- a/test/recipes/25-test_pkcs7.t +++ b/test/recipes/25-test_pkcs7.t @@ -15,10 +15,15 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_pkcs7"); -plan tests => 3; +plan tests => 6; require_ok(srctop_file('test','recipes','tconversion.pl')); +my @path = qw(test certs); +my $pemfile = "grfc.pem"; +my $p7file = "grfc.p7b"; +my $out = "grfc.out"; + subtest 'pkcs7 conversions -- pkcs7' => sub { tconversion( -type => 'p7', -in => srctop_file("test", "testp7.pem"), -args => ["pkcs7"] ); @@ -27,3 +32,11 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub { tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"), -args => ["pkcs7"] ); }; +ok(run(app(["openssl", "crl2pkcs7", "-nocrl", +"-certfile", srctop_file(@path, $pemfile), +"-out", $p7file]))); +ok(run(app(["openssl", "pkcs7", "-print_certs", "-quiet", +"-in", $p7file, +"-out", $out]))); +is(cmp_text($out, srctop_file('test', 'recipes', '25-test_pkcs7_data', 'grfc.out')), +0, 'Comparing output'); \ No newline at end of file diff --git a/test/certs/grfc.pem b/test/recipes/25-test_pkcs7_data/grfc.out similarity index 99% copy from test/certs/g
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 6f4a98ce2157aca169709c80ea579e80e39011b6 (commit) from 06c20d437ba2554da33a47b9e62b1da5559a38f7 (commit) - Log - commit 6f4a98ce2157aca169709c80ea579e80e39011b6 Author: Matt Caswell Date: Tue Feb 22 11:49:04 2022 + Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num() This macro and function were deprecated in the documentation but not in the source. Following an OTC vote the deprecation has been removed from the documentation. See https://github.com/openssl/technical-policies/issues/26 Fixes #17517 Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17750) (cherry picked from commit 42659159f4d4a8c16a0e9b089d40a5831b60cbb6) --- Summary of changes: doc/man3/OpenSSL_version.pod | 52 +--- util/other.syms | 2 +- 2 files changed, 21 insertions(+), 33 deletions(-) diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index 034bd718fe..a0a9021431 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -38,8 +38,6 @@ OpenSSL_version_num, OPENSSL_info const char *OPENSSL_info(int t); -Deprecated: - /* from openssl/opensslv.h */ #define OPENSSL_VERSION_NUMBER 0xL @@ -81,6 +79,25 @@ version for the headers in use is at least at the given pre-requisite major header version number (B.B) is greater than or equal to B.B. +B is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where: + +=over 4 + +=item M + +is the number from B, in hexadecimal notation + +=item NN + +is the number from B, in hexadecimal notation + +=item PP + +is the number from B, in hexadecimal notation + +=back + =head2 Functions OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), @@ -198,35 +215,6 @@ For x86 the string looks like C. For an unknown I, NULL is returned. -=head1 BACKWARD COMPATIBILITY - -For compatibility, some older macros and functions are retained or -synthesised. -They are all considered deprecated. - -=head2 Macros - -B is a combination of the major, minor and -patch version into a single integer 0xMNN00PP0L, where: - -=over 4 - -=item M - -is the number from B, in hexadecimal notation - -=item NN - -is the number from B, in hexadecimal notation - -=item PP - -is the number from B, in hexadecimal notation - -=back - -=head2 Functions - OpenSSL_version_num() returns the value of B. =head1 RETURN VALUES @@ -248,7 +236,7 @@ L =head1 HISTORY The macros and functions described here were added in OpenSSL 3.0, -with the exception of the L ones. +except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num(). =head1 COPYRIGHT diff --git a/util/other.syms b/util/other.syms index 1ebffd1d26..0c0d147b33 100644 --- a/util/other.syms +++ b/util/other.syms @@ -362,7 +362,7 @@ OPENSSL_MSTRdefine OPENSSL_MSTR_HELPER define OPENSSL_VERSION_MAJOR define OPENSSL_VERSION_MINOR define -OPENSSL_VERSION_NUMBER define deprecated 3.0.0 +OPENSSL_VERSION_NUMBER define OPENSSL_VERSION_PATCH define OPENSSL_VERSION_PRE_RELEASE define OPENSSL_VERSION_PREREQ define
[openssl] master update
The branch master has been updated via 42659159f4d4a8c16a0e9b089d40a5831b60cbb6 (commit) from 0bc2fda3d3b76bd07243aef3eb7f824da3820b2d (commit) - Log - commit 42659159f4d4a8c16a0e9b089d40a5831b60cbb6 Author: Matt Caswell Date: Tue Feb 22 11:49:04 2022 + Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num() This macro and function were deprecated in the documentation but not in the source. Following an OTC vote the deprecation has been removed from the documentation. See https://github.com/openssl/technical-policies/issues/26 Fixes #17517 Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17750) --- Summary of changes: doc/man3/OpenSSL_version.pod | 52 +--- util/other.syms | 2 +- 2 files changed, 21 insertions(+), 33 deletions(-) diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index 034bd718fe..a0a9021431 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -38,8 +38,6 @@ OpenSSL_version_num, OPENSSL_info const char *OPENSSL_info(int t); -Deprecated: - /* from openssl/opensslv.h */ #define OPENSSL_VERSION_NUMBER 0xL @@ -81,6 +79,25 @@ version for the headers in use is at least at the given pre-requisite major header version number (B.B) is greater than or equal to B.B. +B is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where: + +=over 4 + +=item M + +is the number from B, in hexadecimal notation + +=item NN + +is the number from B, in hexadecimal notation + +=item PP + +is the number from B, in hexadecimal notation + +=back + =head2 Functions OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), @@ -198,35 +215,6 @@ For x86 the string looks like C. For an unknown I, NULL is returned. -=head1 BACKWARD COMPATIBILITY - -For compatibility, some older macros and functions are retained or -synthesised. -They are all considered deprecated. - -=head2 Macros - -B is a combination of the major, minor and -patch version into a single integer 0xMNN00PP0L, where: - -=over 4 - -=item M - -is the number from B, in hexadecimal notation - -=item NN - -is the number from B, in hexadecimal notation - -=item PP - -is the number from B, in hexadecimal notation - -=back - -=head2 Functions - OpenSSL_version_num() returns the value of B. =head1 RETURN VALUES @@ -248,7 +236,7 @@ L =head1 HISTORY The macros and functions described here were added in OpenSSL 3.0, -with the exception of the L ones. +except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num(). =head1 COPYRIGHT diff --git a/util/other.syms b/util/other.syms index ae675b78f4..974fe62f6a 100644 --- a/util/other.syms +++ b/util/other.syms @@ -362,7 +362,7 @@ OPENSSL_MSTRdefine OPENSSL_MSTR_HELPER define OPENSSL_VERSION_MAJOR define OPENSSL_VERSION_MINOR define -OPENSSL_VERSION_NUMBER define deprecated 3.0.0 +OPENSSL_VERSION_NUMBER define OPENSSL_VERSION_PATCH define OPENSSL_VERSION_PRE_RELEASE define OPENSSL_VERSION_PREREQ define
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 06c20d437ba2554da33a47b9e62b1da5559a38f7 (commit) from 9c1973e1c57d7de4d57f10545b3e9c921b34df23 (commit) - Log - commit 06c20d437ba2554da33a47b9e62b1da5559a38f7 Author: msa42 Date: Mon Feb 21 18:23:34 2022 + doc: Fix KDF example for scrypt CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17745) (cherry picked from commit 0bc2fda3d3b76bd07243aef3eb7f824da3820b2d) --- Summary of changes: doc/man1/openssl-kdf.pod.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in index 2880d1ff9d..548f69c707 100644 --- a/doc/man1/openssl-kdf.pod.in +++ b/doc/man1/openssl-kdf.pod.in @@ -166,7 +166,7 @@ Use PBKDF2 to create a hex-encoded derived key from a password and salt: Use scrypt to create a hex-encoded derived key from a password and salt: openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \ --kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \ +-kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 \ -kdfopt maxmem_bytes:10485760 SCRYPT =head1 NOTES
[openssl] master update
The branch master has been updated via 0bc2fda3d3b76bd07243aef3eb7f824da3820b2d (commit) from 7e1eda483ec9ead36c05066b45ecad618475544c (commit) - Log - commit 0bc2fda3d3b76bd07243aef3eb7f824da3820b2d Author: msa42 Date: Mon Feb 21 18:23:34 2022 + doc: Fix KDF example for scrypt CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17745) --- Summary of changes: doc/man1/openssl-kdf.pod.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in index 2880d1ff9d..548f69c707 100644 --- a/doc/man1/openssl-kdf.pod.in +++ b/doc/man1/openssl-kdf.pod.in @@ -166,7 +166,7 @@ Use PBKDF2 to create a hex-encoded derived key from a password and salt: Use scrypt to create a hex-encoded derived key from a password and salt: openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \ --kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \ +-kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 \ -kdfopt maxmem_bytes:10485760 SCRYPT =head1 NOTES
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 9c1973e1c57d7de4d57f10545b3e9c921b34df23 (commit) from 0ec286a62840c2a0de4b7a1b5063ace3338a925f (commit) - Log - commit 9c1973e1c57d7de4d57f10545b3e9c921b34df23 Author: Matt Caswell Date: Wed Feb 23 11:16:07 2022 + Fix a failure in sslapitest The SNI test in test_cert_cb_int() was always failing because it used SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the correct libctx. PR #17739 amended the test to check the return value from SSL_CTX_new() which made the failure obvious. Fixes #17757 Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17758) (cherry picked from commit 7e1eda483ec9ead36c05066b45ecad618475544c) --- Summary of changes: test/sslapitest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index b2f3471548..de2eeec3e8 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -8075,7 +8075,7 @@ static int test_cert_cb_int(int prot, int tst) cert_cb_cnt = 0; if (tst == 2) { -snictx = SSL_CTX_new(TLS_server_method()); +snictx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); if (!TEST_ptr(snictx)) goto end; }
[openssl] master update
The branch master has been updated via 7e1eda483ec9ead36c05066b45ecad618475544c (commit) from 8d215738a05350baa583c47a2c52371d9cff3197 (commit) - Log - commit 7e1eda483ec9ead36c05066b45ecad618475544c Author: Matt Caswell Date: Wed Feb 23 11:16:07 2022 + Fix a failure in sslapitest The SNI test in test_cert_cb_int() was always failing because it used SSL_CTX_new() instead of SSL_CTX_new_ex() and was therefore not using the correct libctx. PR #17739 amended the test to check the return value from SSL_CTX_new() which made the failure obvious. Fixes #17757 Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17758) --- Summary of changes: test/sslapitest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 8ba5d8125c..0c6a5e14c1 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -8091,7 +8091,7 @@ static int test_cert_cb_int(int prot, int tst) cert_cb_cnt = 0; if (tst == 2) { -snictx = SSL_CTX_new(TLS_server_method()); +snictx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); if (!TEST_ptr(snictx)) goto end; }