• R/O
  • HTTP
  • SSH
  • HTTPS

コミット

タグ
未設定

よく使われているワード(クリックで追加)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

TLS/SSL and crypto library


コミットメタ情報

リビジョンe74e562f1c518839cc9b63aafd4af6644e01d9ca (tree)
日時2020-09-13 19:11:20
作者Matt Caswell <matt@open...>
コミッターMatt Caswell

ログメッセージ

Fix safestack issues in conf.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

変更サマリ

差分

--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@
2727 /include/openssl/bio.h
2828 /include/openssl/cmp.h
2929 /include/openssl/cms.h
30+/include/openssl/conf.h
3031 /include/openssl/configuration.h
3132 /include/openssl/crmf.h
3233 /include/openssl/ct.h
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -34,8 +34,6 @@
3434 #include "apps.h"
3535 #include "progs.h"
3636
37-DEFINE_STACK_OF(CONF_VALUE)
38-
3937 #ifndef W_OK
4038 # define F_OK 0
4139 # define W_OK 2
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -62,7 +62,6 @@ static int WIN32_rename(const char *from, const char *to);
6262 #define PASS_SOURCE_SIZE_MAX 4
6363
6464 DEFINE_STACK_OF(CONF)
65-DEFINE_STACK_OF(CONF_VALUE)
6665
6766 typedef struct {
6867 const char *name;
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -33,8 +33,6 @@
3333 #include <openssl/bn.h>
3434 #include <openssl/x509v3.h>
3535
36-DEFINE_STACK_OF(CONF_VALUE)
37-
3836 #if defined(__TANDEM)
3937 # if defined(OPENSSL_TANDEM_FLOSS)
4038 # include <floss.h(floss_fork)>
--- a/apps/req.c
+++ b/apps/req.c
@@ -35,8 +35,6 @@
3535 # include <openssl/dsa.h>
3636 #endif
3737
38-DEFINE_STACK_OF(CONF_VALUE)
39-
4038 #define BITS "default_bits"
4139 #define KEYFILE "default_keyfile"
4240 #define PROMPT "prompt"
--- a/build.info
+++ b/build.info
@@ -18,6 +18,7 @@ DEPEND[]=include/openssl/asn1.h \
1818 include/openssl/bio.h \
1919 include/openssl/cmp.h \
2020 include/openssl/cms.h \
21+ include/openssl/conf.h \
2122 include/openssl/configuration.h \
2223 include/openssl/crmf.h \
2324 include/openssl/ct.h \
@@ -40,6 +41,7 @@ GENERATE[include/openssl/asn1t.h]=include/openssl/asn1t.h.in
4041 GENERATE[include/openssl/bio.h]=include/openssl/bio.h.in
4142 GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
4243 GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
44+GENERATE[include/openssl/conf.h]=include/openssl/conf.h.in
4345 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
4446 GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
4547 GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -23,8 +23,6 @@
2323
2424 #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
2525
26-DEFINE_STACK_OF(CONF_VALUE)
27-
2826 #define ASN1_FLAG_EXP_MAX 20
2927 /* Maximum number of nested sequences */
3028 #define ASN1_GEN_SEQ_MAX_DEPTH 50
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -16,8 +16,6 @@
1616 #include "crypto/asn1.h"
1717 #include "crypto/objects.h"
1818
19-DEFINE_STACK_OF(CONF_VALUE)
20-
2119 /* Simple ASN1 OID module: add all objects in a given section */
2220
2321 static int do_create(const char *value, const char *name);
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
@@ -13,7 +13,6 @@
1313 #include <openssl/conf.h>
1414 #include <openssl/x509v3.h>
1515
16-DEFINE_STACK_OF(CONF_VALUE)
1716 /* Multi string module: add table entries from a given section */
1817
1918 static int do_tcreate(const char *value, const char *name);
--- a/crypto/cmp/cmp_http.c
+++ b/crypto/cmp/cmp_http.c
@@ -28,8 +28,6 @@
2828 #include <openssl/cmp.h>
2929 #include <openssl/err.h>
3030
31-DEFINE_STACK_OF(CONF_VALUE)
32-
3331 /*
3432 * Send the PKIMessage req and on success return the response, else NULL.
3533 * Any previous error queue entries will likely be removed by ERR_clear_error().
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -16,8 +16,6 @@
1616 #include <openssl/conf.h>
1717 #include <openssl/conf_api.h>
1818
19-DEFINE_STACK_OF(CONF_VALUE)
20-
2119 static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
2220 static void value_free_stack_doall(CONF_VALUE *a);
2321
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -21,7 +21,6 @@
2121 #include <openssl/trace.h>
2222 #include <openssl/engine.h>
2323
24-DEFINE_STACK_OF(CONF_VALUE)
2524 DEFINE_STACK_OF(CONF_MODULE)
2625 DEFINE_STACK_OF(CONF_IMODULE)
2726
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@@ -14,8 +14,6 @@
1414 #include "internal/sslconf.h"
1515 #include "conf_local.h"
1616
17-DEFINE_STACK_OF(CONF_VALUE)
18-
1917 /*
2018 * SSL library configuration module placeholder. We load it here but defer
2119 * all decisions about its contents to libssl.
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -14,8 +14,6 @@
1414 #include <openssl/conf.h>
1515 #include <openssl/trace.h>
1616
17-DEFINE_STACK_OF(CONF_VALUE)
18-
1917 /* ENGINE config module */
2018
2119 static const char *skip_dot(const char *name)
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -16,8 +16,6 @@
1616 #include <openssl/trace.h>
1717 #include "crypto/evp.h"
1818
19-DEFINE_STACK_OF(CONF_VALUE)
20-
2119 /* Algorithm configuration module. */
2220
2321 static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -25,8 +25,6 @@
2525
2626 #include "http_local.h"
2727
28-DEFINE_STACK_OF(CONF_VALUE)
29-
3028 #define HTTP_PREFIX "HTTP/"
3129 #define HTTP_VERSION_PATT "1." /* allow 1.x */
3230 #define HTTP_VERSION_STR_LEN 3
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -15,7 +15,6 @@
1515 #include "internal/provider.h"
1616
1717 DEFINE_STACK_OF(OSSL_PROVIDER)
18-DEFINE_STACK_OF(CONF_VALUE)
1918
2019 /* PROVIDER config module */
2120
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -18,8 +18,6 @@
1818 #include <openssl/engine.h>
1919 #include <openssl/ts.h>
2020
21-DEFINE_STACK_OF(CONF_VALUE)
22-
2321 /* Macro definitions for the configuration file. */
2422 #define BASE_SECTION "tsa"
2523 #define ENV_DEFAULT_TSA "default_tsa"
--- a/crypto/ts/ts_rsp_print.c
+++ b/crypto/ts/ts_rsp_print.c
@@ -15,8 +15,6 @@
1515 #include <openssl/ts.h>
1616 #include "ts_local.h"
1717
18-DEFINE_STACK_OF(CONF_VALUE)
19-
2018 struct status_map_st {
2119 int bit;
2220 const char *text;
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@@ -26,8 +26,6 @@
2626
2727 #ifndef OPENSSL_NO_RFC3779
2828
29-DEFINE_STACK_OF(CONF_VALUE)
30-
3129 /*
3230 * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
3331 */
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -15,8 +15,6 @@
1515 #include <openssl/x509v3.h>
1616 #include "ext_dat.h"
1717
18-DEFINE_STACK_OF(CONF_VALUE)
19-
2018 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
2119 AUTHORITY_KEYID *akeyid,
2220 STACK_OF(CONF_VALUE)
--- a/crypto/x509/v3_alt.c
+++ b/crypto/x509/v3_alt.c
@@ -14,8 +14,6 @@
1414 #include <openssl/bio.h>
1515 #include "ext_dat.h"
1616
17-DEFINE_STACK_OF(CONF_VALUE)
18-
1917 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
2018 X509V3_CTX *ctx,
2119 STACK_OF(CONF_VALUE) *nval);
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -56,8 +56,6 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
5656 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
5757 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
5858
59-DEFINE_STACK_OF(CONF_VALUE)
60-
6159 /*
6260 * i2r method for an ASIdentifierChoice.
6361 */
--- a/crypto/x509/v3_bcons.c
+++ b/crypto/x509/v3_bcons.c
@@ -16,8 +16,6 @@
1616 #include "ext_dat.h"
1717 #include "x509_local.h"
1818
19-DEFINE_STACK_OF(CONF_VALUE)
20-
2119 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
2220 BASIC_CONSTRAINTS *bcons,
2321 STACK_OF(CONF_VALUE)
--- a/crypto/x509/v3_bitst.c
+++ b/crypto/x509/v3_bitst.c
@@ -13,8 +13,6 @@
1313 #include <openssl/x509v3.h>
1414 #include "ext_dat.h"
1515
16-DEFINE_STACK_OF(CONF_VALUE)
17-
1816 static BIT_STRING_BITNAME ns_cert_type_table[] = {
1917 {0, "SSL Client", "client"},
2018 {1, "SSL Server", "server"},
--- a/crypto/x509/v3_conf.c
+++ b/crypto/x509/v3_conf.c
@@ -17,8 +17,6 @@
1717 #include "crypto/x509.h"
1818 #include <openssl/x509v3.h>
1919
20-DEFINE_STACK_OF(CONF_VALUE)
21-
2220 static int v3_check_critical(const char **value);
2321 static int v3_check_generic(const char **value);
2422 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -18,8 +18,6 @@
1818 #include "pcy_local.h"
1919 #include "ext_dat.h"
2020
21-DEFINE_STACK_OF(CONF_VALUE)
22-
2321 /* Certificate policies extension support: this one is a bit complex... */
2422
2523 static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -18,8 +18,6 @@
1818 #include "ext_dat.h"
1919 #include "x509_local.h"
2020
21-DEFINE_STACK_OF(CONF_VALUE)
22-
2321 static void *v2i_crld(const X509V3_EXT_METHOD *method,
2422 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
2523 static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
--- a/crypto/x509/v3_extku.c
+++ b/crypto/x509/v3_extku.c
@@ -14,8 +14,6 @@
1414 #include <openssl/x509v3.h>
1515 #include "ext_dat.h"
1616
17-DEFINE_STACK_OF(CONF_VALUE)
18-
1917 static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
2018 X509V3_CTX *ctx,
2119 STACK_OF(CONF_VALUE) *nval);
--- a/crypto/x509/v3_info.c
+++ b/crypto/x509/v3_info.c
@@ -15,8 +15,6 @@
1515 #include <openssl/x509v3.h>
1616 #include "ext_dat.h"
1717
18-DEFINE_STACK_OF(CONF_VALUE)
19-
2018 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
2119 *method, AUTHORITY_INFO_ACCESS
2220 *ainfo, STACK_OF(CONF_VALUE)
--- a/crypto/x509/v3_ist.c
+++ b/crypto/x509/v3_ist.c
@@ -15,8 +15,6 @@
1515 #include <openssl/x509v3.h>
1616 #include "ext_dat.h"
1717
18-DEFINE_STACK_OF(CONF_VALUE)
19-
2018 /*
2119 * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
2220 * This extention is required to obtain the status of a qualified certificate at Russian Federation.
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -20,8 +20,6 @@
2020 #include "crypto/punycode.h"
2121 #include "ext_dat.h"
2222
23-DEFINE_STACK_OF(CONF_VALUE)
24-
2523 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
2624 X509V3_CTX *ctx,
2725 STACK_OF(CONF_VALUE) *nval);
--- a/crypto/x509/v3_pci.c
+++ b/crypto/x509/v3_pci.c
@@ -49,8 +49,6 @@
4949 #include <openssl/x509v3.h>
5050 #include "ext_dat.h"
5151
52-DEFINE_STACK_OF(CONF_VALUE)
53-
5452 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
5553 BIO *out, int indent);
5654 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
--- a/crypto/x509/v3_pcons.c
+++ b/crypto/x509/v3_pcons.c
@@ -15,8 +15,6 @@
1515 #include <openssl/x509v3.h>
1616 #include "ext_dat.h"
1717
18-DEFINE_STACK_OF(CONF_VALUE)
19-
2018 static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
2119 *method, void *bcons, STACK_OF(CONF_VALUE)
2220 *extlist);
--- a/crypto/x509/v3_pmaps.c
+++ b/crypto/x509/v3_pmaps.c
@@ -14,8 +14,6 @@
1414 #include <openssl/x509v3.h>
1515 #include "ext_dat.h"
1616
17-DEFINE_STACK_OF(CONF_VALUE)
18-
1917 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
2018 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
2119 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.c
@@ -14,8 +14,6 @@
1414 #include <openssl/conf.h>
1515 #include <openssl/x509v3.h>
1616
17-DEFINE_STACK_OF(CONF_VALUE)
18-
1917 /* Extension printing routines */
2018
2119 static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -15,8 +15,6 @@
1515 #include <openssl/x509v3.h>
1616 #include "ext_dat.h"
1717
18-DEFINE_STACK_OF(CONF_VALUE)
19-
2018 /* Support for Thawte strong extranet extension */
2119
2220 #define SXNET_TEST
--- a/crypto/x509/v3_tlsf.c
+++ b/crypto/x509/v3_tlsf.c
@@ -16,8 +16,6 @@
1616 #include "ext_dat.h"
1717 #include "x509_local.h"
1818
19-DEFINE_STACK_OF(CONF_VALUE)
20-
2119 static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
2220 TLS_FEATURE *tls_feature,
2321 STACK_OF(CONF_VALUE) *ext_list);
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -21,8 +21,6 @@
2121 #include "ext_dat.h"
2222 #include "x509_local.h"
2323
24-DEFINE_STACK_OF(CONF_VALUE)
25-
2624 static char *strip_spaces(char *name);
2725 static int sk_strcmp(const char *const *a, const char *const *b);
2826 static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name,
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h.in
@@ -1,4 +1,6 @@
11 /*
2+ * {- join("\n * ", @autowarntext) -}
3+ *
24 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
35 *
46 * Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -7,6 +9,10 @@
79 * https://www.openssl.org/source/license.html
810 */
911
12+{-
13+use OpenSSL::stackhash qw(generate_stack_macros);
14+-}
15+
1016 #ifndef OPENSSL_CONF_H
1117 # define OPENSSL_CONF_H
1218 # pragma once
@@ -33,7 +39,9 @@ typedef struct {
3339 char *value;
3440 } CONF_VALUE;
3541
36-DEFINE_OR_DECLARE_STACK_OF(CONF_VALUE)
42+{-
43+ generate_stack_macros("CONF_VALUE");
44+-}
3745
3846 DEFINE_LHASH_OF(CONF_VALUE);
3947
--- a/test/confdump.c
+++ b/test/confdump.c
@@ -14,8 +14,6 @@
1414 #include <openssl/safestack.h>
1515 #include <openssl/err.h>
1616
17-DEFINE_STACK_OF(CONF_VALUE)
18-
1917 static STACK_OF(OPENSSL_CSTRING) *section_names = NULL;
2018
2119 static void collect_section_name(CONF_VALUE *v)
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -15,8 +15,6 @@
1515
1616 #include "testutil.h"
1717
18-DEFINE_STACK_OF(CONF_VALUE)
19-
2018 static const ASN1_ITEM *x509_it = NULL;
2119 static X509 *x509 = NULL;
2220 #define SERVER "mock.server"
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -20,8 +20,6 @@
2020 # define strcasecmp _stricmp
2121 #endif
2222
23-DEFINE_STACK_OF(CONF_VALUE)
24-
2523 static const int default_app_data_size = 256;
2624 /* Default set to be as small as possible to exercise fragmentation. */
2725 static const int default_max_fragment_size = 512;