root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix safestack issues in ess.h 

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
This commit is contained in:
Matt Caswell 2020-09-03 16:01:51 +01:00
parent 0b28254015
commit 1e14bca233
6 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -29,6 +29,7 @@
/include/openssl/configuration.h /include/openssl/configuration.h
/include/openssl/crmf.h /include/openssl/crmf.h
/include/openssl/ct.h /include/openssl/ct.h
/include/openssl/ess.h
/include/openssl/fipskey.h /include/openssl/fipskey.h
/include/openssl/ocsp.h /include/openssl/ocsp.h
/include/openssl/opensslv.h /include/openssl/opensslv.h

2
build.info
View File

@ -20,6 +20,7 @@ DEPEND[]=include/openssl/asn1.h \
include/openssl/configuration.h \ include/openssl/configuration.h \
include/openssl/crmf.h \ include/openssl/crmf.h \
include/openssl/ct.h \ include/openssl/ct.h \
include/openssl/ess.h \
include/openssl/fipskey.h \ include/openssl/fipskey.h \
include/openssl/opensslv.h \ include/openssl/opensslv.h \
include/openssl/ocsp.h \ include/openssl/ocsp.h \
@ -40,6 +41,7 @@ GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in
GENERATE[include/openssl/ess.h]=include/openssl/ess.h.in
GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in
GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in

3
crypto/cms/cms_ess.c
View File

@ -20,9 +20,6 @@
#include "crypto/x509.h" #include "crypto/x509.h"
#include "cms_local.h" #include "cms_local.h"
DEFINE_STACK_OF(ESS_CERT_ID)
DEFINE_STACK_OF(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
/* ESS services */ /* ESS services */

3
crypto/ess/ess_lib.c
View File

@ -14,9 +14,6 @@
#include "crypto/ess.h" #include "crypto/ess.h"
#include "crypto/x509.h" #include "crypto/x509.h"
DEFINE_STACK_OF(ESS_CERT_ID)
DEFINE_STACK_OF(ESS_CERT_ID_V2)
static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
X509 *cert, int issuer_needed); X509 *cert, int issuer_needed);

3
crypto/ts/ts_rsp_verify.c
View File

@ -15,9 +15,6 @@
#include "ts_local.h" #include "ts_local.h"
#include "crypto/ess.h" #include "crypto/ess.h"
DEFINE_STACK_OF(ESS_CERT_ID)
DEFINE_STACK_OF(ESS_CERT_ID_V2)
static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
X509 *signer, STACK_OF(X509) **chain); X509 *signer, STACK_OF(X509) **chain);
static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,

16
include/openssl/ess.h → include/openssl/ess.h.in
View File

@ -1,4 +1,6 @@
/* /*
* {- join("\n * ", @autowarntext) -}
*
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
@ -7,6 +9,10 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
{-
use OpenSSL::stackhash qw(generate_stack_macros);
-}
#ifndef OPENSSL_ESS_H #ifndef OPENSSL_ESS_H
# define OPENSSL_ESS_H # define OPENSSL_ESS_H
@ -24,12 +30,18 @@ typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
typedef struct ESS_cert_id ESS_CERT_ID; typedef struct ESS_cert_id ESS_CERT_ID;
typedef struct ESS_signing_cert ESS_SIGNING_CERT; typedef struct ESS_signing_cert ESS_SIGNING_CERT;
DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID) {-
generate_stack_macros("ESS_CERT_ID");
-}
typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID_V2) {-
generate_stack_macros("ESS_CERT_ID_V2");
-}
DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL) DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL)