Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upstream 111q merge #377

Merged
merged 384 commits into from
Jul 6, 2022
Merged

upstream 111q merge #377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
384 commits
Select commit Hold shift + click to select a range
ea26844
make update (adds a new function code)
levitte Jul 9, 2021
5b71c67
Avoid "excessive message size" for session tickets
mattcaswell Jun 23, 2021
474cd19
BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given
ueno Jul 8, 2021
b46a26b
Avoid empty lines in nmake rule bodies
levitte Jul 12, 2021
657f3d0
apps: Use the first detected address family if IPv6 is not available
ueno Jul 14, 2021
9766408
Don't reset the packet pointer in ssl3_setup_read_buffer
mattcaswell Jul 13, 2021
c9d782d
Disallow SSL_key_update() if there are writes pending
mattcaswell Jul 13, 2021
c5b2c07
Fix some minor record layer issues
mattcaswell Jul 15, 2021
d9d838d
Fix a read buffer overrun in X509_aux_print().
ischwarze Jul 18, 2021
ba4c89a
DSA/RSA_print(): Fix potential memory leak
t8m Jul 21, 2021
5b31b9d
[doc/man3] documentation: BN_cmp manpage updates
bbbrumley Aug 4, 2021
8b169d4
Revert "make update (adds a new function code)"
t8m Aug 13, 2021
eacd2fe
Revert "Fix test/asn1_encode_test.c to handle encoding/decoding failure"
t8m Aug 13, 2021
d845964
Revert "Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN"
t8m Aug 13, 2021
331c4b5
Revert "ASN.1: Refuse to encode to DER if non-optional items are miss…
t8m Aug 13, 2021
33e8f03
Revert "TEST: Check that i2d refuses to encode non-optional items wit…
t8m Aug 13, 2021
75a4f26
Fix potential double-free
tmshort Aug 13, 2021
32f7f60
s390x: AES OFB/CFB: Maintain running IV from cipher context
ifranzki Aug 11, 2021
bc8c362
Test EVP Cipher updating the context's IV
ifranzki Aug 11, 2021
9d86884
pkcs12: check for zero length digest to avoid division by zero
paulidale Aug 17, 2021
c10d86c
[github-ci] Sync ci.yml workflow with master
romen Aug 6, 2021
d9fdb3a
[github-ci] Import windows.yml workflow from master
romen Aug 6, 2021
048c061
[github-ci] Import cross-compiles.yml workflow from master
romen Aug 6, 2021
4c038f5
[github-ci] Import run-checker workflows from master
romen Aug 6, 2021
4c7b49d
[github-ci] Import run-checker daily workflow from master
romen Aug 6, 2021
aa23aa7
[github-ci][cross-compiles.yml] Disable sparcv9
romen Aug 7, 2021
7952f04
[github-ci][ci.yml] Disable krb5 external tests
romen Aug 7, 2021
6398f97
[github-ci][ci.yml] Disable pyca external tests
romen Aug 7, 2021
ce5b8f1
[github-ci][run-checker-ci.yml] Disable no-tls1_3 tests
romen Aug 7, 2021
854b6fa
[github-ci][ci.yml] Disable memory sanitizer build
romen Aug 7, 2021
9e12ea3
[github-ci][run-checker-merge.yml] Disable ubsan build
romen Aug 7, 2021
a7ce0c0
[github-ci] Add comment about our approach to GitHub Actions CI
paulidale Aug 17, 2021
e22819f
Revert "[github-ci][cross-compiles.yml] Disable sparcv9"
romen Aug 18, 2021
4f850d7
sparc: fix cross compile build
paulidale May 31, 2021
174ba80
Fix i2v_GENERAL_NAME to not assume NUL terminated strings
mattcaswell Aug 18, 2021
5f54e57
Fix POLICYINFO printing to not assume NUL terminated strings
mattcaswell Aug 18, 2021
2344695
Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminate…
mattcaswell Aug 18, 2021
8393de4
Fix the name constraints code to not assume NUL terminated strings
mattcaswell Aug 18, 2021
4de6692
Fix test code to not assume NUL terminated strings
mattcaswell Aug 18, 2021
bb4d2ed
Fix append_ia5 function to not assume NUL terminated strings
mattcaswell Aug 18, 2021
2d0e5d4
Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
mattcaswell Aug 19, 2021
94d23fc
Fix EC_GROUP_new_from_ecparameters to check the base length
mattcaswell Aug 19, 2021
d9bfd68
Allow fuzz builds to detect string overruns
mattcaswell Aug 19, 2021
8c74c9d
Fix the error handling in i2v_AUTHORITY_KEYID
mattcaswell Aug 20, 2021
59f5e75
Correctly calculate the length of SM2 plaintext given the ciphertext
mattcaswell Aug 13, 2021
733fa41
Extend tests for SM2 decryption
mattcaswell Aug 13, 2021
515ac8b
Check the plaintext buffer is large enough when decrypting SM2
mattcaswell Aug 13, 2021
4f8ce5b
Updates to CHANGES and NEWS for the new release
mattcaswell Aug 24, 2021
6f2a7ab
Update copyright year
mattcaswell Aug 24, 2021
4e5d507
Run make update
mattcaswell Aug 24, 2021
fb047eb
Prepare for 1.1.1l release
mattcaswell Aug 24, 2021
a2056b0
Prepare for 1.1.1m-dev
mattcaswell Aug 24, 2021
801abbe
Fix the array size of dtlsseq in tls1_enc
bernd-edlinger Aug 23, 2021
cf2b1d6
Avoid using undefined value in generate_stateless_cookie_callback
bernd-edlinger Aug 23, 2021
18622c7
Fix some strict gcc-12 warnings
bernd-edlinger Aug 22, 2021
7a1a915
apps/ciphers: Fix wrong return value when using -convert parameter
uudiin Aug 23, 2021
5d91c74
Check for null-pointer dereference in dh_cms_set_peerkey
bernd-edlinger Aug 23, 2021
15d1ddd
ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
zhaozg Aug 18, 2021
96ac8f1
Darwin platform allows to build on releases before Yosemite/ios 8.
devnexen Aug 24, 2021
58e1e39
cms: fix memleaks in cms_env.c
zhaozg Aug 24, 2021
e93a82d
Fix instances of pointer addition with the NULL pointer
bernd-edlinger Aug 25, 2021
876b7e9
Fix enable-asan with C++ buildtest
bernd-edlinger Aug 26, 2021
dc3520b
Fix the "Out of memory" EVP KDF scrypt test
bernd-edlinger Aug 27, 2021
0888183
Ensure that _GNU_SOURCE is defined for bss_dgram.c
Dani-Hub Aug 27, 2021
f661c76
Fix no-tls1_3 tests
bernd-edlinger Aug 27, 2021
3d97638
Add tests for i2d_TYPE_fp and d2i_TYPE_fp
romen Jul 15, 2020
45487db
Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
romen Jul 15, 2020
f397efb
[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
romen Jul 16, 2020
a997244
Use applink to fix windows tests
bernd-edlinger Aug 20, 2021
5f9c384
Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
t8m Aug 27, 2021
35cefdc
ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
t8m Aug 27, 2021
1f8e367
Openssl fails to compile on Debian with kfreebsd kernels
ellert Aug 31, 2021
9e72d1a
doc: document the rsa_oaep_md: pkeyopt
paulidale Aug 31, 2021
5d9be38
Prioritise DANE TLSA issuer certs over peer certs
Aug 30, 2021
0912604
Test for DANE cross cert fix
Aug 30, 2021
ed96022
test/ec_internal_test: link with libapps.a too
levitte Sep 6, 2021
2e5cdbc
VMS: Compensate for compiler type incompatibility
levitte Sep 6, 2021
61ac534
DOCS: Update the page for 'openssl passwd' to not duplicate some info
levitte Sep 7, 2021
2753b6f
VMS: Fix misspelt type
levitte Sep 8, 2021
9e44ffc
Fix nc_email to check ASN1 strings with NULL byte in the middle
Sep 7, 2021
2f3b120
MacOS prior to 10.12 does not support random API correctly
lprimak Sep 11, 2021
97a1fb5
Clarify what SSL_get_session() does on the server side in TLSv1.3
mattcaswell Sep 11, 2021
5402f96
Correct the documentation for SSL_set_num_tickets()
mattcaswell Sep 11, 2021
5cd84a9
ssl: Correct filename in README
uudiin Sep 26, 2021
b9b45aa
Add sm2 encryption test case from GM/T 0003.5-2012
Sep 6, 2021
c23abef
doc/man3/SSL_set_fd.pod: add note about Windows compiler warning
mspncp Sep 28, 2021
1be120a
Fix a NPD bug in engines/e_dasync.c
bernd-edlinger Sep 30, 2021
2fd9c43
Fix a memory leak in the afalg engine
bernd-edlinger Oct 4, 2021
503eb0e
Fix some possible memory leaks in EVP_CipherInit_ex
bernd-edlinger Oct 6, 2021
14357a5
Fix double-free in e_dasync.c
bernd-edlinger Oct 5, 2021
a653e03
Bindhost/bindport should be freed
beldmit Oct 7, 2021
f5ed4f0
New extensions can be sent in a certificate request
mattcaswell Sep 20, 2021
993ae6d
Extend custom extension testing
mattcaswell Sep 20, 2021
6b0f7a6
Fix test/recipes/01-test_symbol_presence.t to allow for stripped libr…
levitte Oct 13, 2021
bf07844
Fix test/recipes/01-test_symbol_presence.t to disregard version info
levitte Oct 14, 2021
2f8b804
test/ssl_old_test.c: Fix potential leak
PeiweiHu Oct 12, 2021
3ce10cc
Ensure pkey_set_type handles ENGINE references correctly
mattcaswell Oct 15, 2021
69211b0
Add tests for ENGINE problems
mattcaswell Oct 15, 2021
851abe7
Fix some documentation errors related to return values
PeiweiHu Oct 9, 2021
b28d41a
Fix BIO_get_md_ctx return value check
PeiweiHu Oct 9, 2021
0ad7578
Fix the s_server psk_server_cb for use in DTLS
mattcaswell Oct 14, 2021
95fd012
Fix no-cmac
mattcaswell Oct 22, 2021
c03fa13
Fix a gcc 11.2.0 warning
mattcaswell Oct 22, 2021
886e685
speed: range check the argument given to -multi for 1.1.1
paulidale Oct 26, 2021
afbea17
check the return value of BN_new() and BN_dup()
x2018 Nov 1, 2021
bdaf55d
Fix a memory leak in tls_parse_stoc_key_share
bernd-edlinger Nov 3, 2021
80e52bb
Fix a memory leak in ssl_create_cipher_list
bernd-edlinger Nov 3, 2021
45838e5
Fix: invoking x509_name_cannon improperly
PeiweiHu Nov 5, 2021
ce287b7
Reset the rwstate before calling ASYNC_start_job()
mattcaswell Nov 11, 2021
4204cd6
free the Post-Handshake Auth digest when there is an error saving the…
x2018 Oct 27, 2021
c28bcc5
evp: fix EVP_PKEY_get0_EC_KEY when EC_KEY is SM2
zhaozg Nov 12, 2021
9b06ebb
Avoid loading of a dynamic engine twice
bernd-edlinger Nov 19, 2021
79ef187
ERR: Add a missing common reason string
levitte Nov 19, 2021
6d022b0
Add a test case for duplicate engine loading
bernd-edlinger Nov 19, 2021
6052078
DOC: Add a few previously documented functions
levitte Nov 21, 2021
19706a3
Fix detection of ARMv7 and ARM64 CPU features on FreeBSD
allanjude Nov 19, 2021
fd0fd72
Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs
mattcaswell Nov 23, 2021
5f42292
doc: fix macro name
paulidale Nov 24, 2021
791bfd9
BIO_push.pod: fix confusing text and add details on corner cases
DDvO Nov 19, 2021
37dc4f9
Fix speed, use OPENSSL_free instead of free
Nov 25, 2021
162bd56
TEST: Enable and fix test_bn2padded() in test/bntest.c
levitte Nov 25, 2021
76eb12a
No EtM for GOST ciphers
beldmit Nov 29, 2021
f623a68
Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE
DDvO Sep 27, 2021
54c3583
BIO_f_ssl.pod: Make clear where an SSL BIOs are expected as an argument
DDvO Sep 30, 2021
b1553c8
Fix documentation for tlsext_ticket_key
mattcaswell Dec 6, 2021
7a045a4
OBJ_nid2obj.pod: Replace remaining 'B<' by 'I<' were appropriate
DDvO Dec 7, 2021
ca607d6
Fix a deadlock in OBJ_NAME_add
bernd-edlinger Dec 8, 2021
f560b4c
CI: Replace windows-2016 with windows-2022
t8m Dec 6, 2021
8b35838
Fix faulty detail in BN_rand() manual
levitte Nov 25, 2021
e9e7265
Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets
bernd-edlinger Dec 11, 2021
4f281f0
Add some CHANGES entries for 1.1.1m
levitte Dec 14, 2021
defe51c
Update copyright year
mattcaswell Dec 14, 2021
b82cf49
Update NEWS for 1.1.1m
levitte Dec 14, 2021
ac3cef2
Prepare for 1.1.1m release
mattcaswell Dec 14, 2021
e9dc49c
Prepare for 1.1.1n-dev
mattcaswell Dec 14, 2021
f2f7cff
Fix the null pointer dereference
KanPlus Dec 17, 2021
8a5dbc1
Fix Configure variable spill
roussosalex Dec 20, 2021
5da141f
document additional stack push error code
baentsch Dec 24, 2021
c680b3f
Ensure s_client sends SNI data when used with -proxy
mattcaswell Dec 9, 2021
e5050aa
Add support for BSD-riscv64 target
pkubaj Dec 18, 2021
4623700
OBJ_obj2txt(): fix off-by-one documentation of the result
DDvO Dec 3, 2021
692520a
Update troublesome copyright years of auto-generated files to 2022
DDvO Jan 3, 2022
dd05385
apps/passwd.c: free before error exiting
PeiweiHu Jan 4, 2022
52d9a1d
close_console: Always unlock as the lock is always held
t8m Dec 28, 2021
f494213
Fix password_callback to handle short passwords
bernd-edlinger Jan 7, 2022
5e7098e
Remove unsafe call to OPENSSL_cpuid_setup
bernd-edlinger Jan 11, 2022
93dd7ab
Fix a leak in EVP_DigestInit_ex()
mattcaswell Dec 10, 2021
4c5c2a5
Add a test for a custom digest created via EVP_MD_meth_new()
mattcaswell Dec 29, 2021
0b13bd0
lhash: Avoid 32 bit right shift of a 32 bit value
t8m Jan 25, 2022
588702d
Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose
mattcaswell Dec 30, 2021
aaa5837
Add a test for X509_STORE_CTX_set_purpose()
mattcaswell Dec 30, 2021
7349bf1
Document purpose and trust setting functions
mattcaswell Jan 13, 2022
b728ac9
Fix builds with DJGPP
jmgdjgpp Feb 1, 2022
624f858
Don't link test/ec_internal_test with libapps.a
levitte Feb 4, 2022
191c9e6
Correct return type for BIO_ptr_ctrl
Thomas1664 Jan 20, 2022
8aa3536
scrypt: increase memory usage beyond limit
paulidale Feb 1, 2022
38ac441
Prevent crash with engine using different openssl runtime
bernd-edlinger Nov 22, 2021
0418e99
Check for presence of 3.x openssl runtime
bernd-edlinger Jan 16, 2022
999cce6
crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
JiangJias Feb 21, 2022
2d7afbd
Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.
faramir-dev Feb 21, 2022
8845aeb
Fix NULL pointer dereference for BN_mod_exp2_mont
hlandau Mar 1, 2022
30b6e24
VMS: move copy_argc to its own module and make it an aux source
levitte Mar 3, 2019
b6b7e6f
[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
romen Feb 22, 2022
cabebaf
[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLE…
romen Feb 22, 2022
4bb3476
[ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3
romen Feb 23, 2022
d360208
Document bug in openssl cms -binary
hlandau Mar 4, 2022
c02fff5
Avoid potential memory leak
beldmit Mar 7, 2022
3aeed22
Set protocol in init_client()
tmshort Mar 8, 2022
add8c29
Fix issue where OBJ_nid2obj doesn't always raise an error
hlandau Mar 3, 2022
655e06a
DOC: TLS compression is disabled by default
tmshort Mar 9, 2022
568c44e
Fix OPENSSL_ENGINES in Configurations/descrip.mms.tmpl
levitte Mar 10, 2022
84a9f7e
Make ossltest engine use in test/recipes/20-test_dgst.t platform agno…
levitte Mar 10, 2022
3118eb6
Fix possible infinite loop in BN_mod_sqrt()
t8m Feb 28, 2022
b5fcb7e
Add documentation of BN_mod_sqrt()
t8m Feb 28, 2022
3ef5c30
Add a negative testcase for BN_mod_sqrt
t8m Feb 28, 2022
f22896a
Update CHANGES/NEWS for new release
mattcaswell Mar 14, 2022
0c5bc96
Update copyright year
mattcaswell Mar 15, 2022
d82e959
Prepare for 1.1.1n release
mattcaswell Mar 15, 2022
60f3fa7
Prepare for 1.1.1o-dev
mattcaswell Mar 15, 2022
0a9bb44
Check password length only when verify is enabled.
faramir-dev Mar 16, 2022
d6bf4a2
eng_dyn: Avoid spurious errors when checking for 3.x engine
t8m Mar 16, 2022
0d9f48d
print SSL session, fix build warnings on OpenBSD.
devnexen Mar 16, 2022
2f1c425
Fix coverity 1498607: uninitialised value
paulidale Mar 16, 2022
cd2471c
Fix Coverity 1498611 & 1498608: uninitialised read
paulidale Mar 16, 2022
ad24941
Fix Coverity 1201763 uninitialised pointer read
paulidale Mar 16, 2022
eed53b9
Fix integer overflow in evp_EncryptDecryptUpdate
hlandau Mar 11, 2022
00e5603
Fix Coverity 1498612: integer overflow
paulidale Mar 16, 2022
04a768f
s390x: Hide internal cpuid symbol and function
juergenchrist Mar 23, 2022
79dbd85
ticket_lifetime_hint may exceed 1 week in TLSv1.3
tmshort Mar 23, 2022
739d2bd
Fix: ticket_lifetime_hint may exceed 1 week in TLSv1.3
tmshort Mar 25, 2022
fb67978
tls_process_server_hello: Disallow repeated HRR
t8m Mar 22, 2022
f29ec65
Test processing of a duplicated HRR
t8m Mar 22, 2022
3e8f70c
Fix usage of SSLfatal
mattcaswell Mar 30, 2022
93ac3b8
Fix failure to check result of bn_rshift_fixed_top
hlandau Apr 4, 2022
fdc4646
err: fix crash in ERR_load_strings() when configured with no-err
mspncp Mar 28, 2022
2b66175
err: fix indentation of preprocessor directive
mspncp Mar 28, 2022
c1c7004
err: get rid of err_free_strings_int()
mspncp Mar 29, 2022
a1d3ecd
Fix -no-tls1_2 in tests
tmshort Apr 1, 2022
6e73a0a
Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION
bernd-edlinger Apr 12, 2022
564a8d4
Fix an assertion in the DTLS server code
bernd-edlinger Apr 11, 2022
91db522
x509: use actual issuer name if a CA is used
faramir-dev Apr 18, 2022
25f4bf0
Revert "[github-ci][ci.yml] Disable pyca external tests"
romen Aug 17, 2021
2cf2202
[github-ci] Sync pyca workflow with master
romen Apr 26, 2022
982fad3
add wycheproof submodule
reaperhulk Apr 24, 2021
e5fd172
c_rehash: Do not use shell to invoke openssl
t8m Apr 26, 2022
76eb96b
Add additional keys to release key fingerprints
t8m Apr 22, 2022
58d24ad
Update CHANGES and NEWS for new release
mattcaswell Apr 26, 2022
b5b3755
Update copyright year
mattcaswell May 3, 2022
ca2e078
Prepare for 1.1.1o release
mattcaswell May 3, 2022
988c7b2
Prepare for 1.1.1p-dev
mattcaswell May 3, 2022
ec1b4bf
(1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
hlandau Apr 27, 2022
ac2d4cb
1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
allanjude Nov 19, 2021
bd16488
Do not send an empty supported groups extension
t8m Apr 29, 2022
c7d6c08
Add test for empty supported-groups extension
t8m Apr 29, 2022
6ef91d8
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
basavesh Apr 5, 2022
e04ba88
s_serve: Report an error if init-connection fails without an attempt …
faramir-dev May 10, 2022
03ba56f
Backport some fuzzing data files from master
bernd-edlinger May 19, 2022
17519e2
Backport a missing bug-fix from master
bernd-edlinger May 19, 2022
8e60f41
Fix a crash in asn1_item_embed_new
bernd-edlinger May 20, 2022
8e1ece2
Fix a memory leak in ec_key_simple_oct2priv
bernd-edlinger May 20, 2022
e4b84b7
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
bernd-edlinger May 20, 2022
59b8eca
Fix a memory leak in X509_issuer_and_serial_hash
bernd-edlinger May 21, 2022
4a28f84
Fix a crash in ssl_security_cert_chain
bernd-edlinger May 22, 2022
8754fa5
Fix a memory leak in crl_set_issuers
bernd-edlinger May 21, 2022
73db5d8
Update expired SCT certificates
t8m Jun 1, 2022
b7ce611
ct_test.c: Update the epoch time
t8m Jun 1, 2022
3bd9765
Fix strict client chain check with TLS-1.3
t8m Mar 29, 2022
ab7d056
Update further expiring certificates that affect tests
t8m Jun 2, 2022
8f07881
Fix a crash in X509v3_asid_subset()
mattcaswell Jun 9, 2022
0ed27fb
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
t8m Jun 9, 2022
8438d3a
Add an extra reduction step to RSAZ mod_exp implementations
t8m Jun 9, 2022
20af01d
Fix documentation of BIO_FLAGS_BASE64_NO_NL
frasertweedale Jun 15, 2022
9639817
Fix file operations in c_rehash.
faramir-dev May 29, 2022
51e0652
Update CHANGES and NEWS for new release
mattcaswell Jun 20, 2022
a3fc812
Update copyright year
mattcaswell Jun 21, 2022
8aaca20
Prepare for 1.1.1p release
mattcaswell Jun 21, 2022
7f77ecd
Prepare for 1.1.1q-dev
mattcaswell Jun 21, 2022
6c8879c
Fix a memory leak in EC_GROUP_new_from_ecparameters
bernd-edlinger Jun 22, 2022
8825732
SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const S…
olszomal Jun 17, 2022
4c1cf6d
Fix compile issues in test/v3ext.c with no-rfc3779
bernd-edlinger Jun 17, 2022
a1d80ed
Fix range_should_be_prefix() to actually return the correct result
mattcaswell Jun 10, 2022
7a05fcb
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
x2018 Jun 20, 2022
6495cab
Fix bn_gcd code to check return value when calling BN_one()
slontis Jul 1, 2022
9199256
Fix AES OCB encrypt/decrypt for x86 AES-NI
achernya Jun 16, 2022
9131afd
AES OCB test vectors
achernya Jun 16, 2022
78ba51a
Update CHANGES and NEWS for upcoming release 1.1.1q
levitte Jul 5, 2022
95a17c0
Update copyright year
levitte Jul 5, 2022
29708a5
Prepare for 1.1.1q release
levitte Jul 5, 2022
978ce49
OpenSSL 1.1.1q merge
baentsch Jul 5, 2022
86061e2
add include for memcmp
baentsch Jul 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 13 additions & 0 deletions CHANGES
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1p and 1.1.1q [5 Jul 2022]

*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.

Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]

Changes between 1.1.1o and 1.1.1p [21 Jun 2022]

*) In addition to the c_rehash shell command injection identified in
Expand Down
5 changes: 5 additions & 0 deletions NEWS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]

o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
(CVE-2022-2097)

Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]

o Fixed additional bugs in the c_rehash script which was not properly
Expand Down
2 changes: 1 addition & 1 deletion README
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

OpenSSL 1.1.1p 21 Jun 2022
OpenSSL 1.1.1q 5 Jul 2022

Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Expand Down
6 changes: 3 additions & 3 deletions crypto/aes/asm/aesni-x86.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -2027,7 +2027,7 @@ sub aesni_generate6
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
&jb (&label("grandloop"));
&jbe (&label("grandloop"));

&set_label("short");
&add ($len,16*6);
Expand Down Expand Up @@ -2453,7 +2453,7 @@ sub aesni_generate6
&pxor ($rndkey1,$inout5);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
&jb (&label("grandloop"));
&jbe (&label("grandloop"));

&set_label("short");
&add ($len,16*6);
Expand Down
8 changes: 5 additions & 3 deletions crypto/bn/bn_gcd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
if (R == NULL)
goto err;

BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
Expand Down Expand Up @@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
if (R == NULL)
goto err;

BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
Expand Down
4 changes: 2 additions & 2 deletions crypto/ec/ec_asn1.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -794,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
}

/* extract the order */
if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
Expand All @@ -811,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
if (params->cofactor == NULL) {
BN_free(b);
b = NULL;
} else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
} else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
Expand Down
16 changes: 13 additions & 3 deletions crypto/x509v3/v3_addr.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand All @@ -13,6 +13,8 @@

#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>

#include "internal/cryptlib.h"
#include <openssl/conf.h>
Expand Down Expand Up @@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min,
unsigned char mask;
int i, j;

if (memcmp(min, max, length) <= 0)
return -1;
/*
* It is the responsibility of the caller to confirm min <= max. We don't
* use ossl_assert() here since we have no way of signalling an error from
* this function - so we just use a plain assert instead.
*/
assert(memcmp(min, max, length) <= 0);

for (i = 0; i < length && min[i] == max[i]; i++) ;
for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
if (i < j)
Expand Down Expand Up @@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result,
IPAddressOrRange *aor;
int i, prefixlen;

if (memcmp(min, max, length) > 0)
return 0;

if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
return make_addressPrefix(result, min, prefixlen);

Expand Down
2 changes: 2 additions & 0 deletions crypto/x509v3/v3_sxnet.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
if (tmp == NULL)
return 0;
BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
OPENSSL_free(tmp);
ASN1_STRING_print(out, id->user);
Expand Down
6 changes: 3 additions & 3 deletions doc/man3/SSL_get_current_cipher.pod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection

#include <openssl/ssl.h>

SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);

const char *SSL_get_cipher_name(const SSL *s);
const char *SSL_get_cipher(const SSL *s);
Expand Down Expand Up @@ -61,7 +61,7 @@ L<ssl(7)>, L<SSL_CIPHER_get_name(3)>

=head1 COPYRIGHT

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
Expand Down
4 changes: 2 additions & 2 deletions include/openssl/opensslv.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1010110fL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1p 21 Jun 2022, Open Quantum Safe 2022-06 dev"
# define OPENSSL_VERSION_NUMBER 0x1010111fL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q 5 Jul 2022, Open Quantum Safe 2022-07 dev"

/*-
* The macros below are to be used for shared library (.so, .dll, ...)
Expand Down
52 changes: 51 additions & 1 deletion test/recipes/30-test_evp_data/evpciph.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -1188,6 +1188,56 @@ Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B21
Operation = DECRYPT
Result = CIPHERFINAL_ERROR

#Test vectors generated to validate aesni_ocb_encrypt on x86
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000000000001020304050607
Tag = C14DFF7D62A13C4A3422456207453190
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333

Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000000000001020304050607
Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204

Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000000000001020304050607
Tag = 41970D13737B7BD1B5FBF49ED4412CA5
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91

Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000000000001020304050607
Tag = BE0228651ED4E48A11BDED68D953F3A0
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F

Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000000000001020304050607
Tag = 17BC6E10B16E5FDC52836E7D589518C7
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B

Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000000000001020304050607
Tag = E84AAC18666116990A3A37B3A5FC55BD
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED

Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000000000001020304050607
Tag = 3E5EA7EE064FE83B313E28D411E91EAD
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C

Title = AES XTS test vectors from IEEE Std 1619-2007

# Using the same key twice for encryption is always banned.
Expand Down
116 changes: 116 additions & 0 deletions test/v3ext.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,10 @@
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include "internal/nelem.h"

#include "testutil.h"
#include <string.h>

static const char *infile;

Expand All @@ -37,6 +39,7 @@ static int test_pathlen(void)
return ret;
}

#ifndef OPENSSL_NO_RFC3779
static int test_asid(void)
{
ASN1_INTEGER *val1 = NULL, *val2 = NULL;
Expand Down Expand Up @@ -114,12 +117,125 @@ static int test_asid(void)
return testresult;
}

static struct ip_ranges_st {
const unsigned int afi;
const char *ip1;
const char *ip2;
int rorp;
} ranges[] = {
{ IANA_AFI_IPV4, "192.168.0.0", "192.168.0.1", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV4, "192.168.0.0", "192.168.0.2", IPAddressOrRange_addressRange},
{ IANA_AFI_IPV4, "192.168.0.0", "192.168.0.3", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV4, "192.168.0.0", "192.168.0.254", IPAddressOrRange_addressRange},
{ IANA_AFI_IPV4, "192.168.0.0", "192.168.0.255", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV4, "192.168.0.1", "192.168.0.255", IPAddressOrRange_addressRange},
{ IANA_AFI_IPV4, "192.168.0.1", "192.168.0.1", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV4, "192.168.0.0", "192.168.255.255", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV4, "192.168.1.0", "192.168.255.255", IPAddressOrRange_addressRange},
{ IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::1", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::2", IPAddressOrRange_addressRange},
{ IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::3", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::fffe", IPAddressOrRange_addressRange},
{ IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::ffff", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::ffff", IPAddressOrRange_addressRange},
{ IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::1", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV6, "2001:0db8::0:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressPrefix},
{ IANA_AFI_IPV6, "2001:0db8::1:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressRange}
};

static int check_addr(IPAddrBlocks *addr, int type)
{
IPAddressFamily *fam;
IPAddressOrRange *aorr;

if (!TEST_int_eq(sk_IPAddressFamily_num(addr), 1))
return 0;

fam = sk_IPAddressFamily_value(addr, 0);
if (!TEST_ptr(fam))
return 0;

if (!TEST_int_eq(fam->ipAddressChoice->type, IPAddressChoice_addressesOrRanges))
return 0;

if (!TEST_int_eq(sk_IPAddressOrRange_num(fam->ipAddressChoice->u.addressesOrRanges), 1))
return 0;

aorr = sk_IPAddressOrRange_value(fam->ipAddressChoice->u.addressesOrRanges, 0);
if (!TEST_ptr(aorr))
return 0;

if (!TEST_int_eq(aorr->type, type))
return 0;

return 1;
}

static int test_addr_ranges(void)
{
IPAddrBlocks *addr = NULL;
ASN1_OCTET_STRING *ip1 = NULL, *ip2 = NULL;
size_t i;
int testresult = 0;

for (i = 0; i < OSSL_NELEM(ranges); i++) {
addr = sk_IPAddressFamily_new_null();
if (!TEST_ptr(addr))
goto end;
/*
* Has the side effect of installing the comparison function onto the
* stack.
*/
if (!TEST_true(X509v3_addr_canonize(addr)))
goto end;

ip1 = a2i_IPADDRESS(ranges[i].ip1);
if (!TEST_ptr(ip1))
goto end;
if (!TEST_true(ip1->length == 4 || ip1->length == 16))
goto end;
ip2 = a2i_IPADDRESS(ranges[i].ip2);
if (!TEST_ptr(ip2))
goto end;
if (!TEST_int_eq(ip2->length, ip1->length))
goto end;
if (!TEST_true(memcmp(ip1->data, ip2->data, ip1->length) <= 0))
goto end;

if (!TEST_true(X509v3_addr_add_range(addr, ranges[i].afi, NULL, ip1->data, ip2->data)))
goto end;

if (!TEST_true(X509v3_addr_is_canonical(addr)))
goto end;

if (!check_addr(addr, ranges[i].rorp))
goto end;

sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
addr = NULL;
ASN1_OCTET_STRING_free(ip1);
ASN1_OCTET_STRING_free(ip2);
ip1 = ip2 = NULL;
}

testresult = 1;
end:
sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
ASN1_OCTET_STRING_free(ip1);
ASN1_OCTET_STRING_free(ip2);
return testresult;
}
#endif /* OPENSSL_NO_RFC3779 */

int setup_tests(void)
{
if (!TEST_ptr(infile = test_get_argument(0)))
return 0;

ADD_TEST(test_pathlen);
#ifndef OPENSSL_NO_RFC3779
ADD_TEST(test_asid);
ADD_TEST(test_addr_ranges);
#endif /* OPENSSL_NO_RFC3779 */
return 1;
}