Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
f43c292
deps: update V8 to 9.3.345.16
targos Aug 30, 2021
2170346
build: reset embedder string to "-node.0"
targos Aug 30, 2021
3ce6f72
deps: V8: un-cherry-pick bd019bd
refack Mar 27, 2019
10ba1cb
deps: V8: patch register-arm64.h
refack May 22, 2019
54f4f1a
deps: V8: forward declaration of `Rtl*FunctionTable`
refack May 22, 2019
068824d
deps: make v8.h compatible with VS2015
joaocgreis Nov 1, 2019
b83cab7
deps: fix V8 build issue with inline methods
gengjiawen Oct 14, 2020
cd9b03e
deps: silence irrelevant V8 warnings
targos Jan 30, 2021
d9d0104
deps: silence irrelevant V8 warning
targos May 1, 2021
3e1053e
deps: V8: cherry-pick 81814ed44574
Aug 9, 2021
0140fac
deps: V8: cherry-pick 00bb1a77c03e
RaisinTen Aug 21, 2021
92d83d1
deps: make V8 9.3 abi-compatible with 9.0
targos Aug 30, 2021
7470db0
deps: restore minimum ICU version to 68
targos Jul 20, 2021
9f105c7
tools: update V8 gypfiles for 9.3
targos Jun 12, 2021
beca890
build: adapt v8_pch.h to V8 9.3
targos Jun 20, 2021
105bff9
test: adapt test-v8-flags to V8 9.3
targos Jun 20, 2021
644b25e
test: adapt test-util-inspect to V8 9.3
targos Jul 3, 2021
549d717
test: adapt test-fs-read to V8 9.3
targos Jul 17, 2021
79ce096
src: remove extra semicolons outside fns
codebytere Aug 18, 2021
71659fd
deps: add corepack
arcanis Sep 28, 2020
3b1ce93
worker: add brand checks for detached MessageEvent accessors
jasnell Aug 15, 2021
cfbe906
events: add brand checks for detached accessors
jasnell Aug 15, 2021
a4b8c13
events: protect property defs against prototype polution
jasnell Aug 16, 2021
20cf470
crypto: fix JWK RSA-PSS SubtleCrypto.exportKey
panva Aug 21, 2021
d33ab96
cluster: fix comment regarding child_process file
yashLadha Jul 8, 2021
bc236a6
meta: update .mailmap to remove duplicate AUTHORS entry for addaleax
Trott Aug 25, 2021
20da0a5
module: support pattern trailers
guybedford Aug 2, 2021
4e7212c
test: update error message keywords
leeight Aug 21, 2021
4b5bbec
deps: upgrade openssl sources to OpenSSL_1_1_1l+quic
richardlau Aug 24, 2021
9270684
deps: update archs files for OpenSSL-1.1.1l+quic
richardlau Aug 24, 2021
16271d2
worker: remove file extension check
Ayase-252 Aug 17, 2021
4861505
doc: move ERR_WORKER_UNSPPORTED_EXTENSION to legacy
Ayase-252 Aug 17, 2021
00529b0
test: add test to verify other extension can be loaded by worker
Ayase-252 Aug 17, 2021
d059a51
doc: update maintaining openssl guide
richardlau Aug 25, 2021
4ac703c
doc: add Mesteery to triagers
Mesteery Aug 25, 2021
1dd9158
crypto: fix rsa-pss one-shot sign/verify error handling
panva Aug 20, 2021
259e0cf
meta: add mailmap entry for branisha
Trott Aug 26, 2021
e25dc8e
deps: upgrade npm to 7.21.1
npm-robot Aug 26, 2021
007e285
test: use error code mapping in place of raw errno
RaisinTen May 13, 2021
3a8f77a
doc: document JavaScript tool for benchmark comparison
targos Aug 21, 2021
34c627e
crypto: add RSA-PSS params to asymmetricKeyDetails
tniessen Aug 23, 2021
112af69
fs: add docs and tests for `AsyncIterable` support in `fh.writeFile`
aduh95 Aug 21, 2021
8b68f8e
doc: add VoltrexMaster to triagers
VoltrexKeyva Aug 27, 2021
bc2b73e
doc: add FrankQiu to a triager
iam-frankqiu Aug 28, 2021
8ea4bef
doc: add docs for duplex.allowHalfOpen property
pimterry Jun 23, 2021
0ff88f3
build: update token used for pull requests
Trott Aug 27, 2021
afdb665
build: fix find-inactive-collaborators workflow token
Trott Aug 27, 2021
9eb4a70
doc: move reference to OpenSSL flags SSL_OP_*
tniessen Aug 29, 2021
3588f07
meta: add mailmap entry for Ethan-Arrowood
Trott Aug 29, 2021
29c4b07
doc: update WASI example to use import.meta.url
guybedford Aug 28, 2021
ca9b781
test: use `assert.match` instead of `regexp.test`
targos Aug 29, 2021
2343c39
async_hooks: use resource stack for AsyncLocalStorage run
Aug 26, 2021
953f2e9
doc: add nodejs/tweet issue creation to sec. doc
danbev Aug 30, 2021
fc01dd9
doc: add missing changes to generateKeyPair(Sync)
tniessen Aug 31, 2021
5851994
crypto: fix regression in RSA-PSS keygen
tniessen Aug 29, 2021
9763561
tools: update gyp-next to v0.10.0
targos Aug 30, 2021
c49b0c0
build: add support for Visual Studio 2022
targos Aug 24, 2021
e783453
build: add windows-2022 to GitHub test matrix
targos Aug 24, 2021
d43b555
doc: remove danbev from TSC member list
danbev Sep 2, 2021
0095182
Revert "build: add windows-2022 to GitHub test matrix"
targos Sep 3, 2021
402071b
meta: remove duplicate AUTHORS entry for NigelKibodeaux
Trott Sep 1, 2021
7857e9c
doc: add descriptions about when `options.mode` is ignored
rayw000 Aug 25, 2021
879dc46
src: remove usage of AllocatedBuffer from src/node_buffer.cc
RaisinTen Aug 30, 2021
d92bd9a
tools: add support for import assertions in linter
aduh95 Aug 28, 2021
9e782eb
doc: remove {C,Dec}ompressionStream documentation
lpinca Aug 26, 2021
cb44781
stream: add stream.compose
ronag Jun 18, 2021
b7c0d64
2021-09-07, Version 16.9.0 (Current)
targos Sep 6, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
deps: upgrade openssl sources to OpenSSL_1_1_1l+quic
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1l+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: #39867
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
  • Loading branch information
richardlau authored and targos committed Sep 6, 2021
commit 4b5bbec6cc1f52a5327276a84267b765cc78b516
65 changes: 65 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,71 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1k and 1.1.1l [24 Aug 2021]

*) Fixed an SM2 Decryption Buffer Overflow.

In order to decrypt SM2 encrypted data an application is expected to call the
API function EVP_PKEY_decrypt(). Typically an application will call this
function twice. The first time, on entry, the "out" parameter can be NULL and,
on exit, the "outlen" parameter is populated with the buffer size required to
hold the decrypted plaintext. The application can then allocate a sufficiently
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
value for the "out" parameter.

A bug in the implementation of the SM2 decryption code means that the
calculation of the buffer size required to hold the plaintext returned by the
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
called by the application a second time with a buffer that is too small.

A malicious attacker who is able present SM2 content for decryption to an
application could cause attacker chosen data to overflow the buffer by up to a
maximum of 62 bytes altering the contents of other data held after the
buffer, possibly changing application behaviour or causing the application to
crash. The location of the buffer is application dependent but is typically
heap allocated.
(CVE-2021-3711)
[Matt Caswell]

*) Fixed various read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
structure which contains a buffer holding the string data and a field holding
the buffer length. This contrasts with normal C strings which are repesented as
a buffer for the string data which is terminated with a NUL (0) byte.

Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
own "d2i" functions (and other similar parsing functions) as well as any string
whose value has been set with the ASN1_STRING_set() function will additionally
NUL terminate the byte array in the ASN1_STRING structure.

However, it is possible for applications to directly construct valid ASN1_STRING
structures which do not NUL terminate the byte array by directly setting the
"data" and "length" fields in the ASN1_STRING array. This can also happen by
using the ASN1_STRING_set0() function.

Numerous OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.

The same thing can also occur during name constraints processing of certificates
(for example if a certificate has been directly constructed by the application
instead of loading it via the OpenSSL parsing functions, and the certificate
contains non NUL terminated ASN1_STRING structures). It can also occur in the
X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.

If a malicious actor can cause an application to directly construct an
ASN1_STRING and then process it through one of the affected OpenSSL functions
then this issue could be hit. This might result in a crash (causing a Denial of
Service attack). It could also result in the disclosure of private memory
contents (such as private keys, or sensitive plaintext).
(CVE-2021-3712)
[Matt Caswell]

Changes between 1.1.1j and 1.1.1k [25 Mar 2021]

*) Fixed a problem with verifying a certificate chain when using the
Expand Down
7 changes: 7 additions & 0 deletions deps/openssl/openssl/Configurations/10-main.conf
Original file line number Diff line number Diff line change
Expand Up @@ -754,6 +754,13 @@ my %targets = (
multilib => "64",
},

# riscv64 below refers to contemporary RISCV Architecture
# specifications,
"linux64-riscv64" => {
inherit_from => [ "linux-generic64"],
perlasm_scheme => "linux64",
},

#### IA-32 targets...
#### These two targets are a bit aged and are to be used on older Linux
#### machines where gcc doesn't understand -m32 and -m64
Expand Down
84 changes: 52 additions & 32 deletions deps/openssl/openssl/Configurations/15-android.conf
Original file line number Diff line number Diff line change
Expand Up @@ -29,18 +29,18 @@
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
# $ndk/platforms is traditional "all-inclusive" NDK, while
# $ndk/AndroidVersion.txt is so-called standalone toolchain
# tailored for specific target down to API level.
die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
my $ndk_src_props = "$ndk/source.properties";
my $is_ndk = -f $ndk_src_props;
if ($is_ndk == $is_standalone_toolchain) {
die "\$ANDROID_NDK_HOME=$ndk is invalid";
}
$ndk = canonpath($ndk);

my $ndkver = undef;

if (open my $fh, "<$ndk/source.properties") {
if (open my $fh, "<$ndk_src_props") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
Expand All @@ -59,7 +59,7 @@
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif (-f "$ndk/AndroidVersion.txt") {
} elsif ($is_standalone_toolchain) {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
Expand All @@ -72,17 +72,31 @@
}
}

# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
if (-d "$ndk/platforms") {
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);

$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
} elsif ($api eq "*") {
# r22 Removed platforms dir, use this JSON file
my $path = "$ndk/meta/platforms.json";
open my $fh, $path or die "Could not open '$path' $!";
while (<$fh>) {
if (/"max": (\d+),/) {
$api = $1;
last;
}
}
close $fh;
}
die "Could not get default API Level" if ($api eq "*");
}
die "no sysroot=$sysroot" if (!-d $sysroot);
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);

my $triarch = $triplet{$arch};
my $cflags;
Expand All @@ -95,17 +109,21 @@
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
if (length $sysroot) {
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
} else {
$user{CC} = "$tridefault$api-clang";
}
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif (-f "$ndk/AndroidVersion.txt") { #"standalone toolchain"
} elsif ($is_standalone_toolchain) {
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
Expand All @@ -127,19 +145,21 @@
$user{CROSS_COMPILE} = "$triarch-";
}

if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
if (length $sysroot) {
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
}

$sysroot =~ s|^$ndk/||;
$android_ndk = {
cflags => "$cflags --sysroot=\$($ndk_var)/$sysroot",
cflags => $cflags . $sysroot,
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
Expand Down
1 change: 0 additions & 1 deletion deps/openssl/openssl/Configurations/unix-Makefile.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -523,7 +523,6 @@ clean: libclean
$(RM) -r test/test-runs
$(RM) openssl.pc libcrypto.pc libssl.pc
-$(RM) `find . -type l \! -name '.*' -print`
$(RM) $(TARFILE)

distclean: clean
$(RM) configdata.pm
Expand Down
26 changes: 13 additions & 13 deletions deps/openssl/openssl/Configurations/windows-makefile.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -324,15 +324,15 @@ build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
@{- output_off() if $disabled{makedepend}; "" -}
@{- output_off() if $disabled{makedepend}; "\@rem" -}
@$(ECHO) "Warning: consider configuring with no-makedepend, because if"
@$(ECHO) " target system doesn't have $(PERL),"
@$(ECHO) " then make will fail..."
@{- output_on() if $disabled{makedepend}; "" -}
@{- output_on() if $disabled{makedepend}; "\@rem" -}

test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@{- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "\@rem" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
Expand All @@ -341,17 +341,17 @@ test: tests
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
@{- output_on() if !$disabled{tests}; "\@rem" -}

list-tests:
@{- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "\@rem" -}
@set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
@{- output_on() if !$disabled{tests}; "\@rem" -}

install: install_sw install_ssldirs install_docs

Expand All @@ -362,7 +362,7 @@ libclean:
-del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb

clean: libclean
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED_MANDATORY)
Expand All @@ -378,9 +378,9 @@ distclean: clean
-del /Q /F makefile

depend:
@ {- output_off() if $disabled{makedepend}; "" -}
@ {- output_off() if $disabled{makedepend}; "\@rem" -}
@ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC"
@ {- output_on() if $disabled{makedepend}; "" -}
@ {- output_on() if $disabled{makedepend}; "\@rem" -}

# Install helper targets #############################################

Expand Down Expand Up @@ -413,10 +413,10 @@ install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
Expand Down
5 changes: 5 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]

o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)

Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]

o Fixed a problem with verifying a certificate chain when using the
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README-OpenSSL.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

OpenSSL 1.1.1k 25 Mar 2021
OpenSSL 1.1.1l 24 Aug 2021

Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Expand Down
18 changes: 10 additions & 8 deletions deps/openssl/openssl/apps/crl2p7.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -120,19 +120,20 @@ int crl2pkcs7_main(int argc, char **argv)

if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;

if (crl != NULL) {
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}

if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
if (certflst != NULL) {
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;

if (certflst != NULL)
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
Expand All @@ -141,6 +142,7 @@ int crl2pkcs7_main(int argc, char **argv)
goto end;
}
}
}

out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/apps/enc.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -81,7 +81,7 @@ const OPTIONS enc_options[] = {
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
Expand Down
Loading