openbsd/src/lib/libcrypto/ocsp, branch libressl-v3.4.1

openbsd/src/lib/libcrypto/ocsp, branch libressl-v3.4.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.4.1 2020-10-09T17:19:35+00:00 Fix leak or double free with OCSP_request_add0_id() 2020-10-09T17:19:35+00:00 tb 2020-10-09T17:19:35+00:00 urn:sha1:fefcf488fdade8b93e6ee8a514efcb3705e952ff On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed). The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function. Found while reviewing an upcoming diff by beck. ok jsing spelling; from miod 2018-11-25T19:48:43+00:00 jmc 2018-11-25T19:48:43+00:00 urn:sha1:8fcaf3cb5e1976aaefb39c150b74c79abe2337bf Add const to two arguments of OCSP_cert_to_id() 2018-08-24T20:03:21+00:00 tb 2018-08-24T20:03:21+00:00 urn:sha1:e630d1afcc58ea539abeff9301f86c030be16af5 tested in a bulk by sthen ok jsing wrap an overlong line 2018-05-14T23:47:10+00:00 tb 2018-05-14T23:47:10+00:00 urn:sha1:1694bcb4aae1bd5c1cf7be6fab1ad4eb49167a47 Add const qualifier to the path and url{,s} parameters of 2018-05-13T10:42:03+00:00 tb 2018-05-13T10:42:03+00:00 urn:sha1:deae85f1f8dc89a0dd06e5359e6bdeba054cb37a OCSP_crlID_new(3), OCSP_parse_url(3), OCSP_sendreq_bio(3), OCSP_sendreq_new(3), and OCSP_url_svcloc_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff) Add const qualifier to the X509_NAME *, ASN1_BIT_STRING *, and 2018-05-13T10:30:52+00:00 tb 2018-05-13T10:30:52+00:00 urn:sha1:fc0aba9917e00098e2c512fa5a6f10592381bdaa ASN1_INTEGER * arguments of OCSP_cert_id_new(3). tested in a bulk build by sthen ok jsing (as part of a larger diff) Add const qualifier to the ASN1_OBJECT * argument of: 2018-05-13T10:28:04+00:00 tb 2018-05-13T10:28:04+00:00 urn:sha1:1aae5537aedefe0d620aa744050f1fda2d611880 OCSP_REQUEST_get_ext_by_OBJ(3), OCSP_ONEREQ_ext_by_OBJ(3) OCSP_BASICRESP_get_ext_by_OBJ(3), OCSP_SINGLERESP_get_ext_by_OBJ(3) tested in a bulk build by sthen ok jsing (as part of a larger diff) Provide OCSP_SINGLERESP_get0_id(). 2018-03-17T14:44:34+00:00 jsing 2018-03-17T14:44:34+00:00 urn:sha1:bc672f529368905a937bd4d1ace5d0a63ebd6632 Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Expand ASN1_ITEM_rptr macros - no change in preprocessor output. 2016-12-30T16:19:24+00:00 jsing 2016-12-30T16:19:24+00:00 urn:sha1:35dfd9080d99d680c91e6b62428638e8f9582ad8