diff options
Diffstat (limited to '')
| -rw-r--r-- | patches/libcrypto_2.diff | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/patches/libcrypto_2.diff b/patches/libcrypto_2.diff new file mode 100644 index 0000000..8bc2b0a --- /dev/null +++ b/patches/libcrypto_2.diff | |||
| @@ -0,0 +1,59 @@ | |||
| 1 | commit 5dd3c162296b91c3ec61aec1ad52a10fdde8d142 | ||
| 2 | Author: claudio <> | ||
| 3 | Date: Wed Oct 6 08:29:41 2021 +0000 | ||
| 4 | |||
| 5 | X509_STORE_CTX_init() allows the store to be NULL on init. Add checks | ||
| 6 | for a NULL ctx->ctx in the lookup functions using X509_STORE_CTX. | ||
| 7 | This affects X509_STORE_get1_certs(), X509_STORE_get1_crls(), | ||
| 8 | X509_STORE_CTX_get1_issuer() and X509_STORE_get_by_subject(). | ||
| 9 | With this X509_verify_cert() no longer crashes with a NULL store. | ||
| 10 | With and OK tb@ | ||
| 11 | |||
| 12 | diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c | ||
| 13 | index f21103c700..315eddf612 100644 | ||
| 14 | --- a/src/lib/libcrypto/x509/x509_lu.c | ||
| 15 | +++ b/src/lib/libcrypto/x509/x509_lu.c | ||
| 16 | @@ -1,4 +1,4 @@ | ||
| 17 | -/* $OpenBSD: x509_lu.c,v 1.30 2018/08/24 19:21:09 tb Exp $ */ | ||
| 18 | +/* $OpenBSD: x509_lu.c,v 1.31 2021/10/06 08:29:41 claudio Exp $ */ | ||
| 19 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 20 | * All rights reserved. | ||
| 21 | * | ||
| 22 | @@ -312,6 +312,9 @@ X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, | ||
| 23 | X509_OBJECT stmp, *tmp; | ||
| 24 | int i, j; | ||
| 25 | |||
| 26 | + if (ctx == NULL) | ||
| 27 | + return 0; | ||
| 28 | + | ||
| 29 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||
| 30 | tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); | ||
| 31 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | ||
| 32 | @@ -561,6 +564,8 @@ X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) | ||
| 33 | X509 *x; | ||
| 34 | X509_OBJECT *obj; | ||
| 35 | |||
| 36 | + if (ctx->ctx == NULL) | ||
| 37 | + return NULL; | ||
| 38 | sk = sk_X509_new_null(); | ||
| 39 | if (sk == NULL) | ||
| 40 | return NULL; | ||
| 41 | @@ -610,6 +615,8 @@ X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) | ||
| 42 | X509_CRL *x; | ||
| 43 | X509_OBJECT *obj, xobj; | ||
| 44 | |||
| 45 | + if (ctx->ctx == NULL) | ||
| 46 | + return NULL; | ||
| 47 | sk = sk_X509_CRL_new_null(); | ||
| 48 | if (sk == NULL) | ||
| 49 | return NULL; | ||
| 50 | @@ -718,6 +725,9 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | ||
| 51 | } | ||
| 52 | X509_OBJECT_free_contents(&obj); | ||
| 53 | |||
| 54 | + if (ctx->ctx == NULL) | ||
| 55 | + return 0; | ||
| 56 | + | ||
| 57 | /* Else find index of first cert accepted by 'check_issued' */ | ||
| 58 | ret = 0; | ||
| 59 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||