X509_print fixes #19963
Closed
X509_print fixes #19963
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead.
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well.
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect.
t8m
added
branch: master
|
Would it be possible to add a testcase? Or is it too big effort in comparison to the fix itself? |
Might be a bit much, but I guess that a test for the second patch (Fix X509_REQ_print_ex bug) could be added to test that trying to print an X509_REQ with an invalid name doesn't silently discard the failure. The other two are basically no-ops post compilation. |
|
@t8m So, after looking more closely at the implementation of
I took a quick look at the test framework, but I didn't notice any way to easily simulate malloc failures. Is there some standardized wrapper provided for doing this? If not, I don't think that there is an easy way to write a test that verifies the problem and shows that the 2nd commit in this series fixes it. I'm fine with dropping the "Fix X509_REQ_print_ex bug" commit from the series, if its unfeasible without a testcase. The function has been in use as is for a long time without complaint, and only affects the operation when the unrecommended XN_FLAG_COMPAT flag is used. |
t8m
added
tests: exempted
t8m
approved these changes
Jan 10, 2023
t8m
removed
the
approval: otc review pending
tmshort
requested changes
Jan 13, 2023
|
This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
|
This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago |
|
This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
|
This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago |
|
This PR is in a state where it requires action by @openssl/committers but the last update was 92 days ago |
|
This PR is in a state where it requires action by @openssl/committers but the last update was 123 days ago |
|
This PR is in a state where it requires action by @openssl/committers but the last update was 154 days ago |
|
This PR is in a state where it requires action by @openssl/committers but the last update was 185 days ago |
tmshort
approved these changes
Oct 22, 2023
tmshort
removed
the
approval: review pending
tmshort
added
the
approval: done
openssl-machine
added
approval: ready to merge
|
This pull request is ready to merge |
|
This may need a rebase. |
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit da2dd3b)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit 2b5e028)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit 2126ca3)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963)
|
Pushed to master/3.2/3.1/3.0. Thanks. |
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit da2dd3b)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit 2b5e028)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit 2126ca3)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit da2dd3b)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit 2b5e028)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 26, 2023
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #19963) (cherry picked from commit 2126ca3)
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 4, 2023
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 4, 2023
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 4, 2023
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 4, 2023
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) (cherry picked from commit da2dd3b51ddd69aae0fd840c0d23afa954c24ded) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 4, 2023
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) (cherry picked from commit 2b5e028a2f70de216458a5140bcf4ec3d9236eeb) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 4, 2023
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) (cherry picked from commit 2126ca3dba3907f49b232442c06db1cae8bee0c3) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 7, 2023
The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) (cherry picked from commit da2dd3b51ddd69aae0fd840c0d23afa954c24ded) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 7, 2023
Similar to the bug fixed in 02db735 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) (cherry picked from commit 2b5e028a2f70de216458a5140bcf4ec3d9236eeb) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Nov 7, 2023
Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl/openssl#19963) (cherry picked from commit 2126ca3dba3907f49b232442c06db1cae8bee0c3) Signed-off-by: fly2x <fly2x@hitls.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some minor fixes to
X509_print_ex()andX509_REQ_print_ex()around the handling ofnmflagsand use ofX509_NAME_print_ex().